rails_base 0.51.0

data/app/services/rails_base/email_change.rb

@@ -0,0 +1,20 @@
+class RailsBase::EmailChange < RailsBase::ServiceBase
+
+  delegate :email, to: :context
+  delegate :last_name, to: :context
+  delegate :user, to: :context
+
+  def call
+    context.original_email = user.email
+    user.update_attribute(:email, email)
+    context.new_email = email
+    log(level: :info, msg: "Changed #{user.id} email from: #{context.original_email} to #{email}")
+  rescue StandardError
+    context.fail!(message: 'Unable to update email address. Likely that this email is already taken')
+  end
+
+  def validate!
+    raise "Expected email to be a String. Received #{email.class}" unless email.is_a? String
+    raise "Expected user to be a User. Received #{user.class}" unless user.is_a? User
+  end
+end

data/app/services/rails_base/encryption.rb

@@ -0,0 +1,87 @@
+require 'securerandom'
+
+class RailsBase::Encryption
+  SECRET_NAME = 'encryption_service_verifier'
+  extend RailsBase::ServiceLogging
+
+  class << self
+    # for service_logging class override
+    def class_name
+      name
+    end
+    # token = Encryption.encode(value: 'testing Encryption', purpose: :login)
+    def encode(value:, purpose:, expires_in: nil, expires_at: nil, url_safe: false)
+      # expires_in = 5.minutes if purpose==:user_id_ajax
+      params = {}
+      params[:purpose] = purpose if purpose
+
+      params[:expires_at] = expires_at if expires_at
+
+      # expires_in takes precedence
+      if expires_in
+        params[:expires_in] = expires_in
+        params.delete :expires_at if expires_at
+      end
+
+      raise "expires_at && expires_in are both nil" if expires_in.nil? && expires_at.nil?
+
+      log(level: :info, msg: "Encoding [#{value}] with params #{params}")
+      token = verifier.generate(value, params)
+      token = CGI.escape(token) if url_safe
+      token
+    end
+
+    # decoded = Encryption.decode(value: token, purpose: :login)
+    def decode(value:, purpose:, url_safe: false)
+      value = CGI.unescape(value) if url_safe
+      params = {}
+      params[:purpose] = purpose if purpose
+      log(level: :info, msg: "Decoding [#{value}] with params #{params}")
+      # TODO: matt-taylor
+      # Check if the message is valid and untampered with
+      # https://api.rubyonrails.org/classes/ActiveSupport/MessageVerifier.html#method-i-valid_message-3F
+      decoded = verifier.verified(value, params)
+      if decoded.nil?
+        log(level: :warn, msg: "Failed to decode value: value: #{value}, purpose: #{purpose}")
+      end
+      decoded
+    end
+
+    # Encryption.rotate_secret
+    def rotate_secret
+      if old_secret
+        verifier(force: true).rotate(old_secret)
+      else
+        verifier(force: true)
+      end
+      log(level: :info, msg: "Rotating secret for Encryption")
+    end
+
+    private
+
+    def verifier(force: false)
+      if force
+        @verifier = ActiveSupport::MessageVerifier.new(next_secret, digest: 'SHA512')
+      end
+      @verifier ||= ActiveSupport::MessageVerifier.new(current_secret, digest: 'SHA512')
+    end
+
+    def old_secret
+      Secret.get_secret_range(name: SECRET_NAME)&.first&.secret
+    end
+
+    def current_secret
+      Secret.get_current_secret(name: SECRET_NAME)&.secret || next_secret
+    end
+
+    def next_secret
+      secret = Secret.update(name: SECRET_NAME, secret: generate_secret)
+
+      secret.secret
+    end
+
+    def generate_secret
+      SecureRandom.hex[0..16]
+    end
+  end
+end

data/app/services/rails_base/name_change.rb

@@ -0,0 +1,71 @@
+require 'velocity_limiter'
+
+class RailsBase::NameChange < RailsBase::ServiceBase
+	include VelocityLimiter
+	include RailsBase::UserFieldValidators
+	include ActionView::Helpers::DateHelper
+
+	delegate :first_name, to: :context
+	delegate :last_name, to: :context
+	delegate :current_user, to: :context
+	delegate :admin_user_id, to: :context
+
+	def call
+		if admin_user_id
+			log(level: :warn, msg: "ADMIN CHANGE: initiated by user:#{admin_user_id}")
+		else
+			velocity = velocity_limit_reached?
+			if velocity[:reached]
+				context.fail!(message: velocity[:msg])
+			end
+		end
+
+		original_name = current_user.full_name
+
+		name_validation = validate_full_name?(first_name: first_name, last_name: last_name)
+
+		unless name_validation[:status]
+			errors = name_validation[:errors].values.join('</br>')
+			context.fail!(message: errors)
+		end
+
+		log(level: :info, msg: "Modifying [#{current_user.id}] first name: #{current_user.first_name} -> #{first_name}}")
+		log(level: :info, msg: "Modifying [#{current_user.id}] last name: #{current_user.last_name} -> #{last_name}}")
+
+		if !current_user.update(first_name: first_name, last_name: last_name)
+			context.fail!(message: "Unable to update name. Please try again later")
+		end
+		context.original_name = original_name
+		context.name_change = current_user.reload.full_name
+
+		return if admin_user_id
+
+		RailsBase::EmailVerificationMailer.event(
+			user: current_user,
+			event: "Succesfull name change",
+			msg: "We changed the name on your account from #{original_name} to #{context.name_change}."
+		).deliver_me
+	end
+
+	def velocity_max_in_frame
+		1.hour
+	end
+
+	def velocity_max
+		5
+	end
+
+	def velocity_frame
+		5.hours
+	end
+
+	def cache_key
+		"us.name_change.#{current_user.id}"
+	end
+
+	def validate!
+		raise "Expected first_name to be a String. Received #{first_name.class}" unless first_name.is_a? String
+		raise "Expected last_name to be a String. Received #{last_name.class}" unless last_name.is_a? String
+		raise "Expected current_user to be a User. Received #{current_user.class}" unless current_user.is_a? User
+	end
+end

data/app/services/rails_base/service_base.rb

@@ -0,0 +1,65 @@
+require 'interactor'
+
+class RailsBase::ServiceBase
+	include Interactor
+  include RailsBase::ServiceLogging
+
+  def self.inherited(subclass)
+	  # Add the base logging to the subclass.
+	  # Since this is done at inheritence time it should always be the first and last hook to run.
+    subclass.around(:service_base_logging)
+	  subclass.around(:internal_validate)
+	end
+
+  def validate!
+    # overload from child
+  end
+
+  def internal_validate(interactor)
+    # call validate that is overidden from child
+    begin
+      validate!
+    rescue StandardError => e
+      log(level: :error, msg: "Error during validation. #{e.message}")
+      raise
+    end
+
+    # call interactor
+    interactor.call
+  end
+
+	def service_base_logging(interactor)
+	  beginning_time = Process.clock_gettime(Process::CLOCK_MONOTONIC)
+
+    # Pre processing stats
+    log(level: :info, msg: 'Start')
+
+    # Run the job!
+    interactor.call
+
+    # Set status for use in ensure block
+    status = :complete
+
+  # Capture Interactor::Failure for logging purposes, then reraise
+  rescue ::Interactor::Failure
+    # set status for use in ensure block
+    status = :failure
+
+    # Reraise to let the core Interactor handle this
+    raise
+  # Capture exception explicitly to try to logging purposes. Then reraise.
+  rescue ::Exception => e # rubocop:disable Lint/RescueException
+    # set status for use in ensure block
+    status = :error
+
+    # Log error
+    log(level: :error, msg: "Error #{e.class.name}")
+
+    raise
+  ensure
+    # Always log how long it took along with a status
+    finished_time = Process.clock_gettime(Process::CLOCK_MONOTONIC)
+    elapsed = ((finished_time - beginning_time) * 10).round
+    log(level: :info, msg: "Finished with [#{status}]...elapsed #{elapsed}s")
+  end
+end

data/app/services/rails_base/service_logging.rb

@@ -0,0 +1,23 @@
+module RailsBase::ServiceLogging
+	def log(level:, msg:)
+	  altered_message = "#{log_prefix}: #{msg}"
+	  logger.public_send(level, altered_message)
+	end
+
+	def logger
+		con_logger = defined?(context) ? context.loger : nil
+	  @logger ||= con_logger || Rails.logger
+	end
+
+	def log_prefix
+	  "[#{class_name}-#{service_id}]"
+	end
+
+	def class_name
+		self.class.name
+	end
+
+	def service_id
+	  @service_id ||= SecureRandom.alphanumeric(10)
+	end
+end

data/app/views/layouts/rails_base/application.html.erb

@@ -0,0 +1,185 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <% if user_signed_in? %>
+    <title><%= RailsBase.config.app.web_name_logged_in(current_user) %></title>
+    <% else %>
+    <title><%= RailsBase.config.app.web_name_logged_out %></title>
+    <% end %>
+    <% unless defined?(@error_page) %>
+    <%= csrf_meta_tags %>
+    <%= csp_meta_tag %>
+
+    <% # dont load turbolinks twice when we render error pages %>
+    <% # casues Uncaught Error: rails-ujs has already been loaded! %>
+    <%= javascript_include_tag 'rails_base/application', 'data-turbolinks-track': 'reload' %>
+    <% end %>
+
+    <%= stylesheet_link_tag    'rails_base/application', media: 'all', 'data-turbolinks-track': 'reload' %>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <link href="https://cdn.jsdelivr.net/gh/gitbrent/bootstrap4-toggle@3.6.1/css/bootstrap4-toggle.min.css" rel="stylesheet">
+    <script src="https://cdn.jsdelivr.net/gh/gitbrent/bootstrap4-toggle@3.6.1/js/bootstrap4-toggle.min.js"></script>
+    <script src="https://unpkg.com/sticky-table-headers"></script>
+
+    <%=
+    if RailsBase.config.app.favicon_path
+      favicon_link_tag 'rails_base/favicon.ico'
+    end
+    %>
+  </head>
+
+  <body>
+    <script type="text/javascript">
+      // Load at top so available for rest of body oddy
+      function set_cookie(name, value, path ) {
+        path ||= '/'
+        document.cookie = `${name}=${value}; path=${path}`
+      }
+
+      function get_cookie(name) {
+        var cookie = document.cookie
+        return cookie.split('; ').find(row => row.startsWith(`${name}=`)).split('=')[1];
+      }
+
+      function modify_layout(){
+        if(viewport_probable_mobile()){
+          $('#_body_base_container').addClass('p-0')
+        } else {
+          $('#_body_base_container').removeClass('p-0')
+        }
+      }
+
+      <% RailsBase::ApplicationController::VIEWPORT_SIZES.each do |name, max_width| %>
+        function viewport_at_least_<%= name %>(){
+          return getViewportWidth() >= <%= max_width || 99_999 %>
+
+        }
+        <% if name == RailsBase::ApplicationController::VIEWPORT_MOBILE_MAX %>
+        <% puts "Rendering #{name} for viewport_probable_mobile" %>
+
+        <% end %>
+      <% end %>
+
+      <%
+        k = RailsBase::ApplicationController::VIEWPORT_MOBILE_MAX
+        size = RailsBase::ApplicationController::VIEWPORT_SIZES[k] || 99_999
+      %>
+      function viewport_probable_mobile(){
+        return getViewportWidth() <= <%= size  %>
+      }
+
+      function getViewportWidth() {
+        // https://stackoverflow.com/a/8876069
+        return Math.max(
+          document.documentElement.clientWidth,
+          window.innerWidth || 0
+        )
+      }
+    </script>
+
+    <% rails_base_alert = "alertid-#{(10**10*rand).to_i}" %>
+    <% rails_base_success = "successid-#{(10**10*rand).to_i}"%>
+    <div id='_body_base_container' class="container-fluid" style="overflow-x: hidden !important;">
+      <% if current_user %>
+        <%= render partial: 'rails_base/shared/logged_in_header'%>
+      <% else %>
+        <%= render partial: 'rails_base/shared/logged_out_header'%>
+      <% end %>
+      <% if notice %>
+      <div class="alert alert-success alert-dismissible fade show" role="alert">
+        <%= notice %>
+        <button type="button" class="close" data-dismiss="alert" aria-label="Close">
+          <span aria-hidden="true">&times;</span>
+        </button>
+      </div>
+      <% end %>
+      <% if alert %>
+        <div class="alert alert-danger alert-dismissible fade show" role="alert">
+          <%= alert %>
+          <button type="button" class="close" data-dismiss="alert" aria-label="Close">
+            <span aria-hidden="true">&times;</span>
+          </button>
+        </div>
+      <% end %>
+      <div id='<%= rails_base_success %>' class="alert alert-success alert-dismissible fade show" role="alert" style='display:none'>
+        <div class='text'></div>
+        <button type="button" class="close" data-dismiss="alert" aria-label="Close">
+          <span aria-hidden="true">&times;</span>
+        </button>
+      </div>
+      <div id='<%= rails_base_alert %>' class="alert alert-danger alert-dismissible fade show" role="alert" style='display:none'>
+        <div class='text'></div>
+        <button type="button" class="close" data-dismiss="alert" aria-label="Close">
+          <span aria-hidden="true">&times;</span>
+        </button>
+      </div>
+      <div class="p-1">
+        <%= yield %>
+      </div>
+
+      <% if RailsBase.appearance.footer.enable? %>
+      <footer id="base-footer" class="text-center">
+        <div class="text-center p-2 <%= appearance_text_class %>">
+          <%= raw RailsBase.appearance.footer.html %>
+        </div>
+      </footer>
+    <% end %>
+    </div>
+
+    <script>
+      modify_layout();
+      function _rails_base_display_success(msg){
+        $('#<%= rails_base_alert %>').hide()
+        $('#<%= rails_base_success %> .text').text(msg)
+        $('#<%= rails_base_success %>').show()
+      };
+
+      function _rails_base_display_alert(msg){
+        $('#<%= rails_base_success %>').hide()
+        $('#<%= rails_base_alert %> .text').text(msg)
+        $('#<%= rails_base_alert %>').show()
+      };
+
+      function _rails_base_hide_displays(){
+        $('#<%= rails_base_alert %>').hide()
+        $('#<%= rails_base_success %>').hide()
+      };
+
+      <%
+        # dont load these when error page happens. The full stack of librarires are not
+        # rendered and jquery/bootstrap are missing
+      %>
+      <% case footer_mode_case %>
+      <% when :sticky %>
+      $('#base-footer').addClass('fixed-bottom')
+      <% when :bottom %>
+      if($('#_body_base_container').height() <= window.innerHeight){
+        $('#base-footer').addClass('fixed-bottom')
+      }
+      <% else %>
+      <% end %>
+
+      <% unless defined?(@error_page) %>
+      $(document).ready(function(){
+        $('[data-toggle="tooltip"]').tooltip();
+        $('.b-tooltip').tooltip();
+        // https://github.com/jmosbech/StickyTableHeaders
+        $('.tableFixHead').stickyTableHeaders();
+
+        // Attempt to set timezone on every request
+        set_cookie('<%= RailsBase::ApplicationController::TIMEZONE_OFFSET_COOKIE %>', new Date().getTimezoneOffset())
+      });
+      <% end %>
+      <% if Rails.env == 'production' %>
+      // Disable console logging
+      console.log = function() {}
+      <% end %>
+
+      function goBack() {
+        window.history.back();
+      }
+
+      $("table select").addClass('w-auto')
+    </script>
+  </body>
+</html>