rails_pulse 0.1.0

data/app/assets/stylesheets/rails_pulse/components/table.css

@@ -0,0 +1,37 @@
+:where(.table) {
+  caption-side: bottom;
+  font-size: var(--text-sm);
+  inline-size: var(--size-full);
+
+  caption {
+    color: var(--color-text-subtle);
+    margin-block-start: var(--size-4);
+  }
+
+  thead {
+    color: var(--color-text-subtle);
+  }
+
+  tbody tr {
+    border-block-start-width: var(--border);
+  }
+
+  tr:hover {
+    background-color: rgb(from var(--color-border-light) r g b / .5);
+  }
+
+  th {
+    font-weight: var(--font-medium);
+    text-align: start;
+  }
+
+  th, td {
+    padding: var(--size-2);
+  }
+
+  tfoot {
+    background-color: rgb(from var(--color-border-light) r g b / .5);
+    border-block-start-width: var(--border);
+    font-weight: var(--font-medium);
+  }
+}

data/app/assets/stylesheets/rails_pulse/components/utilities.css

@@ -0,0 +1,36 @@
+/* Width utilities */
+.w-auto { width: auto; }
+.w-4 { width: 1rem; }
+.w-6 { width: 1.5rem; }
+.w-8 { width: 2rem; }
+.w-12 { width: 3rem; }
+.w-16 { width: 4rem; }
+.w-20 { width: 5rem; }
+.w-24 { width: 6rem; }
+.w-28 { width: 7rem; }
+.w-32 { width: 8rem; }
+.w-36 { width: 9rem; }
+.w-40 { width: 10rem; }
+.w-44 { width: 11rem; }
+.w-48 { width: 12rem; }
+.w-52 { width: 13rem; }
+.w-56 { width: 14rem; }
+.w-60 { width: 15rem; }
+.w-64 { width: 16rem; }
+
+/* Min-width utilities */
+.min-w-0 { min-width: 0; }
+.min-w-4 { min-width: 1rem; }
+.min-w-8 { min-width: 2rem; }
+.min-w-12 { min-width: 3rem; }
+.min-w-16 { min-width: 4rem; }
+.min-w-20 { min-width: 5rem; }
+.min-w-24 { min-width: 6rem; }
+.min-w-32 { min-width: 8rem; }
+
+/* Max-width utilities */
+.max-w-xs { max-width: 20rem; }
+.max-w-sm { max-width: 24rem; }
+.max-w-md { max-width: 28rem; }
+.max-w-lg { max-width: 32rem; }
+.max-w-xl { max-width: 36rem; }

data/app/controllers/concerns/chart_table_concern.rb

@@ -0,0 +1,82 @@
+module ChartTableConcern
+  extend ActiveSupport::Concern
+
+  included do
+    include Pagy::Backend
+    include TimeRangeConcern
+    include ResponseRangeConcern
+    include ZoomRangeConcern
+
+    before_action :setup_time_and_response_ranges
+    before_action :setup_zoom_range_data
+  end
+
+  private
+
+  def setup_chart_and_table_data
+    ransack_params = params[:q] || {}
+
+    # Setup chart data first using original time range (no sorting from table)
+    unless turbo_frame_request?
+      setup_chart_formatters
+      setup_chart_data(ransack_params)
+    end
+
+    # Setup table data using zoom parameters if present, otherwise use chart parameters
+    setup_table_data(ransack_params)
+  end
+
+  def setup_chart_data(ransack_params)
+    chart_ransack_params = build_chart_ransack_params(ransack_params)
+    chart_ransack_query = chart_model.ransack(chart_ransack_params)
+    @chart_data = chart_class.new(
+      ransack_query: chart_ransack_query,
+      group_by: group_by,
+      **chart_options
+    ).to_rails_chart
+  end
+
+  def setup_table_data(ransack_params)
+    table_ransack_params = build_table_ransack_params(ransack_params)
+    @ransack_query = table_model.ransack(table_ransack_params)
+    @ransack_query.sorts = default_table_sort if @ransack_query.sorts.empty?
+
+    table_results = build_table_results
+    handle_pagination
+    @pagy, @table_data = pagy(table_results, limit: session_pagination_limit)
+  end
+
+  def setup_zoom_range_data
+    @zoom_start, @zoom_end, @table_start_time, @table_end_time = setup_zoom_range(@start_time, @end_time)
+  end
+
+  def setup_time_and_response_ranges
+    @start_time, @end_time, @selected_time_range, @time_diff_hours = setup_time_range
+    @start_duration, @selected_response_range = setup_duration_range
+  end
+
+  def setup_chart_formatters
+    @xaxis_formatter = RailsPulse::ChartFormatters.occurred_at_as_time_or_date(@time_diff_hours)
+    @tooltip_formatter = RailsPulse::ChartFormatters.tooltip_as_time_or_date_with_marker(@time_diff_hours)
+  end
+
+  def group_by
+    @time_diff_hours <= 25 ? :group_by_hour : :group_by_day
+  end
+
+  def handle_pagination
+    method = pagination_method
+    send(method, params[:limit]) if params[:limit].present?
+  end
+
+  # Abstract methods - must be implemented by including controllers
+  def chart_model; raise NotImplementedError; end
+  def table_model; raise NotImplementedError; end
+  def chart_class; raise NotImplementedError; end
+  def chart_options; {}; end
+  def build_chart_ransack_params(ransack_params); raise NotImplementedError; end
+  def build_table_ransack_params(ransack_params); raise NotImplementedError; end
+  def default_table_sort; raise NotImplementedError; end
+  def build_table_results; raise NotImplementedError; end
+  def pagination_method; :store_pagination_limit; end
+end

data/app/controllers/concerns/response_range_concern.rb

@@ -0,0 +1,24 @@
+module ResponseRangeConcern
+  extend ActiveSupport::Concern
+
+  def setup_duration_range(type = :route)
+    ransack_params = params[:q] || {}
+    thresholds = RailsPulse.configuration.public_send("#{type}_thresholds")
+
+    if ransack_params[:duration].present?
+      selected_range = ransack_params[:duration]
+      start_duration =
+        case ransack_params[:duration].to_sym
+        when :slow then thresholds[:slow]
+        when :very_slow then thresholds[:very_slow]
+        when :critical then thresholds[:critical]
+        else 0
+        end
+    else
+      start_duration = 0
+      selected_range = :all
+    end
+
+    [ start_duration, selected_range ]
+  end
+end

data/app/controllers/concerns/time_range_concern.rb

@@ -0,0 +1,67 @@
+module TimeRangeConcern
+  extend ActiveSupport::Concern
+
+  included do
+    # Define the constant in the including class - ordered by most common usage
+    const_set(:TIME_RANGE_OPTIONS, [
+      [ "Last 24 hours", :last_day ],
+      [ "Last Week", :last_week ],
+      [ "Last Month", :last_month ],
+      [ "All Time", :all_time ]
+    ].freeze)
+  end
+
+  def setup_time_range
+    start_time = 1.day.ago
+    end_time = Time.zone.now
+    selected_time_range = :last_day
+
+    ransack_params = params[:q] || {}
+
+    if ransack_params[:requests_occurred_at_gteq].present?
+      # Custom time range from routes index chart zoom which filters requests through an association
+      start_time = parse_time_param(ransack_params[:requests_occurred_at_gteq])
+      end_time = parse_time_param(ransack_params[:requests_occurred_at_lt])
+    elsif ransack_params[:occurred_at_gteq].present?
+      # Custom time range from chart zoom where there is no association
+      start_time = parse_time_param(ransack_params[:occurred_at_gteq])
+      end_time = parse_time_param(ransack_params[:occurred_at_lt])
+    elsif ransack_params[:occurred_at_range]
+      # Predefined time range from dropdown
+      selected_time_range = ransack_params[:occurred_at_range]
+      start_time =
+        case selected_time_range.to_sym
+        when :last_day then 1.day.ago
+        when :last_week then 1.week.ago
+        when :last_month then 1.month.ago
+        when :all_time then 100.years.ago
+        end
+    end
+
+    time_diff = (end_time.to_i - start_time.to_i) / 3600.0
+
+    if time_diff <= 25
+      start_time = start_time.beginning_of_hour
+      end_time = end_time.end_of_hour
+    else
+      start_time = start_time.beginning_of_day
+      end_time = end_time.end_of_day
+    end
+
+    [ start_time, end_time, selected_time_range, time_diff ]
+  end
+
+  private
+
+  def parse_time_param(param)
+    case param
+    when Time, DateTime
+      param.in_time_zone
+    when String
+      Time.zone.parse(param)
+    else
+      # Assume it's an integer timestamp
+      Time.zone.at(param.to_i)
+    end
+  end
+end

data/app/controllers/concerns/zoom_range_concern.rb

@@ -0,0 +1,40 @@
+module ZoomRangeConcern
+  extend ActiveSupport::Concern
+
+  def setup_zoom_range(main_start_time, main_end_time)
+    # Extract zoom parameters from params (this removes them from params)
+    zoom_start = params.delete(:zoom_start_time)
+    zoom_end = params.delete(:zoom_end_time)
+
+    # Normalize zoom times to beginning/end of day or hour like we do for main time range
+    if zoom_start && zoom_end
+      zoom_start, zoom_end = normalize_zoom_times(zoom_start.to_i, zoom_end.to_i)
+    end
+
+    # Calculate table times - use zoom if present, otherwise fallback to main times
+    table_start_time = zoom_start || main_start_time
+    table_end_time = zoom_end || main_end_time
+
+    [ zoom_start, zoom_end, table_start_time, table_end_time ]
+  end
+
+  private
+
+  def normalize_zoom_times(start_time, end_time)
+    time_diff = (end_time - start_time) / 3600.0
+
+    if time_diff <= 25
+      start_time_obj = Time.zone&.at(start_time) || Time.at(start_time)
+      end_time_obj = Time.zone&.at(end_time) || Time.at(end_time)
+      start_time = start_time_obj&.beginning_of_hour || start_time_obj
+      end_time = end_time_obj&.end_of_hour || end_time_obj
+    else
+      start_time_obj = Time.zone&.at(start_time) || Time.at(start_time)
+      end_time_obj = Time.zone&.at(end_time) || Time.at(end_time)
+      start_time = start_time_obj&.beginning_of_day || start_time_obj
+      end_time = end_time_obj&.end_of_day || end_time_obj
+    end
+
+    [ start_time, end_time ]
+  end
+end

data/app/controllers/rails_pulse/application_controller.rb

@@ -0,0 +1,67 @@
+module RailsPulse
+  class ApplicationController < ActionController::Base
+    before_action :authenticate_rails_pulse_user!
+
+    def set_pagination_limit
+      session[:pagination_limit] = params[:limit].to_i if params[:limit].present?
+      render json: { status: "ok" }
+    end
+
+    private
+
+    def authenticate_rails_pulse_user!
+      return unless RailsPulse.configuration.authentication_enabled
+
+      # If no authentication method is configured, use fallback HTTP Basic Auth
+      if RailsPulse.configuration.authentication_method.nil?
+        return fallback_http_basic_auth
+      end
+
+      # Safely execute authentication method in controller context
+      case RailsPulse.configuration.authentication_method
+      when Proc
+        instance_exec(&RailsPulse.configuration.authentication_method)
+      when Symbol, String
+        method_name = RailsPulse.configuration.authentication_method.to_s
+        if respond_to?(method_name, true)
+          send(method_name)
+        else
+          Rails.logger.error "RailsPulse: Authentication method '#{method_name}' not found"
+          render plain: "Authentication configuration error", status: :internal_server_error
+        end
+      else
+        Rails.logger.error "RailsPulse: Invalid authentication method type: #{RailsPulse.configuration.authentication_method.class}"
+        render plain: "Authentication configuration error", status: :internal_server_error
+      end
+    rescue StandardError => e
+      Rails.logger.warn "RailsPulse authentication failed: #{e.message}"
+      redirect_to RailsPulse.configuration.authentication_redirect_path
+    end
+
+    def fallback_http_basic_auth
+      authenticate_or_request_with_http_basic("Rails Pulse") do |username, password|
+        # Use environment variables for default credentials
+        expected_username = ENV.fetch("RAILS_PULSE_USERNAME", "admin")
+        expected_password = ENV.fetch("RAILS_PULSE_PASSWORD", nil)
+
+        if expected_password.nil?
+          Rails.logger.error "RailsPulse: No authentication method configured and RAILS_PULSE_PASSWORD not set. Access denied."
+          false
+        else
+          username == expected_username && password == expected_password
+        end
+      end
+    end
+
+    def session_pagination_limit
+      # Keep default small for optimal performance
+      session[:pagination_limit] || 10
+    end
+
+    def store_pagination_limit(limit)
+      # Validate pagination limit: minimum 5, maximum 50 for performance
+      validated_limit = limit.to_i.clamp(5, 50)
+      session[:pagination_limit] = validated_limit if limit.present?
+    end
+  end
+end

data/app/controllers/rails_pulse/assets_controller.rb

@@ -0,0 +1,33 @@
+module RailsPulse
+  class AssetsController < ApplicationController
+    skip_before_action :verify_authenticity_token, only: [ :show ]
+
+    def show
+      asset_name = params[:asset_name]
+      asset_path = Rails.root.join("public", "rails-pulse-assets", asset_name)
+
+      # Fallback to engine assets if not found in host app
+      unless File.exist?(asset_path)
+        asset_path = RailsPulse::Engine.root.join("public", "rails-pulse-assets", asset_name)
+      end
+
+      if File.exist?(asset_path)
+        content_type = case File.extname(asset_name)
+        when ".js" then "application/javascript"
+        when ".css" then "text/css"
+        when ".map" then "application/json"
+        when ".svg" then "image/svg+xml"
+        else "application/octet-stream"
+        end
+
+        send_file asset_path,
+                  type: content_type,
+                  disposition: "inline",
+                  cache: true,
+                  expires: 1.year.from_now
+      else
+        head :not_found
+      end
+    end
+  end
+end

data/app/controllers/rails_pulse/caches_controller.rb

@@ -0,0 +1,115 @@
+module RailsPulse
+  class CachesController < ApplicationController
+    def show
+      @component_id = params[:id]
+      @context = params[:context]
+      @cache_key = ComponentCacheKey.build(@component_id, @context)
+
+      # Preserve component options before refresh
+      existing_options = {}
+      if params[:refresh]
+        existing_cache = Rails.cache.read(@cache_key)
+        existing_options = existing_cache[:component_options] if existing_cache&.dig(:component_options)
+        Rails.cache.delete(@cache_key)
+      end
+
+      # Check if cache exists with just options (from render_skeleton_with_frame)
+      cached_data = Rails.cache.read(@cache_key)
+      if cached_data && !cached_data[:component_data]
+        # Merge options with full data
+        cached_data = {
+          component_data: calculate_component_data,
+          cached_at: Time.current,
+          component_options: cached_data[:component_options] || {}
+        }
+        Rails.cache.write(@cache_key, cached_data, expires_in: ComponentCacheKey.cache_expires_in)
+      elsif !cached_data
+        # No cache exists, create new one (use preserved options if refreshing)
+        cached_data = {
+          component_data: calculate_component_data,
+          cached_at: Time.current,
+          component_options: existing_options
+        }
+        Rails.cache.write(@cache_key, cached_data, expires_in: ComponentCacheKey.cache_expires_in)
+      end
+
+      @component_data = cached_data[:component_data]
+      @cached_at = cached_data[:cached_at]
+      @component_options = cached_data[:component_options] || {}
+
+      # Update cached_at timestamp in component options if refresh action exists
+      if params[:refresh] && @component_options[:actions]
+        update_cached_at_in_actions(@component_options[:actions], @cached_at)
+        # Update the unified cache with new cached_at timestamp
+        cached_data[:component_options] = @component_options
+        Rails.cache.write(@cache_key, cached_data, expires_in: ComponentCacheKey.cache_expires_in)
+      end
+    end
+
+    private
+
+    def calculate_component_data
+      route = extract_route_from_context
+      query = extract_query_from_context
+
+      case @component_id
+      when "average_response_times"
+        Routes::Cards::AverageResponseTimes.new(route: route).to_metric_card
+      when "percentile_response_times"
+        Routes::Cards::PercentileResponseTimes.new(route: route).to_metric_card
+      when "request_count_totals"
+        Routes::Cards::RequestCountTotals.new(route: route).to_metric_card
+      when "error_rate_per_route"
+        Routes::Cards::ErrorRatePerRoute.new(route: route).to_metric_card
+      when "average_query_times"
+        Queries::Cards::AverageQueryTimes.new(query: query).to_metric_card
+      when "percentile_query_times"
+        Queries::Cards::PercentileQueryTimes.new(query: query).to_metric_card
+      when "execution_rate"
+        Queries::Cards::ExecutionRate.new(query: query).to_metric_card
+      when "dashboard_average_response_time"
+        Dashboard::Charts::AverageResponseTime.new.to_chart_data
+      when "dashboard_p95_response_time"
+        Dashboard::Charts::P95ResponseTime.new.to_chart_data
+      when "dashboard_slow_routes"
+        Dashboard::Tables::SlowRoutes.new.to_table_data
+      when "dashboard_slow_queries"
+        Dashboard::Tables::SlowQueries.new.to_table_data
+      else
+        { title: "Unknown Metric", summary: "N/A" }
+      end
+    end
+
+    def extract_route_from_context
+      return unless @context
+
+      # Extract route ID from context like "route_123" or return nil for "routes"/"requests"
+      if @context.match(/^route_(\d+)$/)
+        route_id = @context.match(/^route_(\d+)$/)[1]
+        Route.find(route_id)
+      else
+        nil
+      end
+    end
+
+    def extract_query_from_context
+      return unless @context
+
+      # Extract query ID from context like "query_123" or return nil for other contexts
+      if @context.match(/^query_(\d+)$/)
+        query_id = @context.match(/^query_(\d+)$/)[1]
+        Query.find(query_id)
+      else
+        nil
+      end
+    end
+
+    def update_cached_at_in_actions(actions, cached_at)
+      actions.each do |action|
+        if action.dig(:data, :rails_pulse__timezone_cached_at_value)
+          action[:data][:rails_pulse__timezone_cached_at_value] = cached_at.iso8601
+        end
+      end
+    end
+  end
+end

data/app/controllers/rails_pulse/csp_test_controller.rb

@@ -0,0 +1,57 @@
+# CSP Test Controller for Rails Pulse
+# Tests Content Security Policy compliance with strict policies
+
+class RailsPulse::CspTestController < RailsPulse::ApplicationController
+  # Strict CSP configuration for testing
+  before_action :set_strict_csp
+
+  def show
+    respond_to do |format|
+      format.html { render :show }
+      format.json { render json: { status: "ok", message: "CSP test endpoint working" } }
+    end
+  end
+
+  private
+
+  def set_strict_csp
+    # Strict Content Security Policy for testing Rails Pulse CSP compliance
+    csp_directives = {
+      "default-src" => "'self'",
+      "script-src" => build_script_src,
+      "style-src" => build_style_src,
+      "style-src-attr" => "'unsafe-hashes' 'unsafe-inline'",  # CSS custom properties
+      "img-src" => "'self' data:",
+      "font-src" => "'self'",
+      "connect-src" => "'self'",
+      "frame-src" => "'none'",
+      "object-src" => "'none'",
+      "base-uri" => "'self'",
+      "form-action" => "'self'"
+    }
+
+    response.headers["Content-Security-Policy"] = csp_directives.map { |k, v| "#{k} #{v}" }.join("; ")
+  end
+
+  def build_script_src
+    [
+      "'self'",
+      "'nonce-#{request_nonce}'",
+      "'sha256-ieoeWczDHkReVBsRBqaal5AFMlBtNjMzgwKvLqi/tSU='"  # Known safe inline script
+    ].join(" ")
+  end
+
+  def build_style_src
+    [
+      "'self'",
+      "'nonce-#{request_nonce}'",
+      "'sha256-WAyOw4V+FqDc35lQPyRADLBWbuNK8ahvYEaQIYF1+Ps='"  # Icon controller styles
+    ].join(" ")
+  end
+
+  def request_nonce
+    @request_nonce ||= SecureRandom.base64(32)
+  end
+
+  helper_method :request_nonce
+end

data/app/controllers/rails_pulse/dashboard_controller.rb

@@ -0,0 +1,6 @@
+module RailsPulse
+  class DashboardController < ApplicationController
+    def index
+    end
+  end
+end