rls_multi_tenant 0.1.5 → 0.1.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f313946d33d5edb4a96fec341e7ab62fc325ab0d6700bad0aef7b05d6f240ec4
-  data.tar.gz: 0bbbdf115873c98b5487569cd21e63822fd1b2419b7eec55bbb875a5c131a417
+  metadata.gz: ef549a91c89a2d4c0b4ee20af9711d31fb807b3b61d115c6655e491a35ef1bcc
+  data.tar.gz: 4aabdf36264d22878785a8e737b67c7dca87a4700989d149dda0e72b13cbc6be
 SHA512:
-  metadata.gz: fe257329e8fff95796cc6b4510ce1672ddf16e86b572d0113fedcc902afa69fc7e13d925b4d2d5e0a0bb1a6bcc5692e1bdc477fe8aab365b4b838d3fbedf124f
-  data.tar.gz: 4ad4b27347d478b42e720c33c178eb655860d93809f0403fa58ff5197dbae98e563064e654ea51bdbabf0c3ae272e5871de402e1f6785fac0b3e39971a890341
+  metadata.gz: 31152dc5b94a7f4a9c12ec3eaf3aed96ca8fc8e1080e2918b68b85a65b9d9d8fa34f7ae8c7472b2daa77dafa5d00f368a362d2473732c940c26e860bc4a93155
+  data.tar.gz: 1bbab04fd97a40d5f07254f0f75e1ed113950309d1029840238dc572a5739a4f76e808b1e14b95f936334079c1776112401be9bdbff76ece4e794d2d30c8ad8a

data/README.md

@@ -10,6 +10,7 @@ A Rails gem that provides PostgreSQL Row Level Security (RLS) based multi-tenanc
 - 📦 **Auto-inclusion**: Automatic model configuration
 - 🚀 **Generators**: Rails generators for quick setup
 - ⚙️ **Configurable**: Flexible configuration options
+- 🌐 **Subdomain Middleware**: Automatic tenant switching based on subdomain
 
 ## Installation
 
@@ -40,6 +41,8 @@ bundle install
      config.tenant_id_column = :tenant_id          # Tenant ID column name
      config.app_user_env_var = "POSTGRES_APP_USER" # Environment variable for app user
      config.enable_security_validation = true      # Enable security checks
+     config.enable_subdomain_middleware = true     # Enable subdomain-based tenant switching (default: true)
+     config.subdomain_field = :subdomain           # Field to use for subdomain matching (default: :subdomain)
    end
    ```
 
@@ -75,32 +78,78 @@ Your models automatically include the `MultiTenant` concern:
 ```ruby
 class User < ApplicationRecord
   # Automatically includes MultiTenant concern
-  # include RlsMultiTenant::Concerns::MultiTenant
+  include RlsMultiTenant::Concerns::MultiTenant
 end
 ```
 
 ### Tenant Context Switching
 
 ```ruby
-# Create a new tenant
-tenant = Tenant.create!(name: "Tenant 1")
+# Create a new tenant with subdomain
+tenant = Tenant.create!(name: "Company A", subdomain: "company-a")
 ```
 
 ```ruby
 # Switch tenant context for a block
 Tenant.switch(tenant) do
-  User.create!(name: "User from Tenant 1", email: "user@example.com") # Automatically assigned to current tenant
+  User.create!(name: "User from Company A", email: "user@company-a.com") # Automatically assigned to current tenant
 end
 
 # Switch tenant context permanently
 Tenant.switch!(tenant)
-User.create!(name: "User from Tenant 1", email: "user@example.com")
+User.create!(name: "User from Company A", email: "user@company-a.com")
 Tenant.reset! # Reset context
 
 # Get current tenant
 current_tenant = Tenant.current
 ```
 
+### Automatic Subdomain-Based Tenant Switching
+
+The gem includes middleware that automatically switches tenants based on the request subdomain. This is enabled by default and works seamlessly with your tenant model.
+
+**The middleware automatically:**
+- Extracts the subdomain from the request host
+- Finds the matching tenant by the subdomain field
+- Switches the tenant context for the duration of the request
+- Resets the context after the request completes
+
+**Usage:**
+```ruby
+# Create tenants with subdomains
+tenant1 = Tenant.create!(name: "Company A", subdomain: "company-a")
+tenant2 = Tenant.create!(name: "Company B", subdomain: "company-b")
+
+# Users visiting company-a.yourdomain.com will automatically be in tenant1's context
+# Users visiting company-b.yourdomain.com will automatically be in tenant2's context
+# Users visiting yourdomain.com (no subdomain) will have no tenant context
+```
+
+### Public Access (Non-Tenanted Models)
+
+Models that don't include `RlsMultiTenant::Concerns::TenantContext` are automatically treated as public models and can be accessed without tenant context. This provides a secure, explicit way to separate tenant-specific and public models.
+
+**Example:**
+```ruby
+# Public models (no tenant association)
+class PublicPost < ApplicationRecord
+  # No TenantContext concern included
+  # These models are accessible without tenant context
+end
+
+# Tenant-specific models (automatically generated)
+class User < ApplicationRecord
+  # Automatically includes MultiTenant concern
+  # These models require tenant context and are constrained by RLS
+  include RlsMultiTenant::Concerns::MultiTenant
+end
+```
+
+**Security Benefits:**
+- **Explicit Intent**: Models must explicitly include `TenantContext` to be tenant-constrained
+- **Fail-Safe**: Public models are clearly separated from tenant models
+- **No Configuration Drift**: Can't accidentally expose tenant data through misconfiguration
+
 ## Configuration
 
 The gem is configured in `config/initializers/rls_multi_tenant.rb` (created by the install generator). You can customize the following options:
@@ -111,6 +160,8 @@ RlsMultiTenant.configure do |config|
   config.tenant_id_column = :tenant_id          # Tenant ID column name
   config.app_user_env_var = "POSTGRES_APP_USER" # Environment variable for app user
   config.enable_security_validation = true      # Enable security checks (prevents running with superuser privileges)
+  config.enable_subdomain_middleware = true     # Enable subdomain-based tenant switching (default: true)
+  config.subdomain_field = :subdomain           # Field to use for subdomain matching (default: :subdomain)
 end
 ```
 
@@ -126,6 +177,9 @@ rails db_as:admin[seed]
 
 # Create database with admin privileges
 rails db_as:admin[create]
+
+# Drop database with admin privileges
+rails db_as:admin[drop]
 ```
 
 ## Security Features

data/lib/rls_multi_tenant/concerns/multi_tenant.rb

@@ -16,8 +16,13 @@ module RlsMultiTenant
 
         def set_tenant_id
           current_tenant = RlsMultiTenant.tenant_class.current
+
           if current_tenant && self.send(RlsMultiTenant.tenant_id_column).blank?
             self.send("#{RlsMultiTenant.tenant_id_column}=", current_tenant.id)
+          elsif current_tenant.nil?
+            raise RlsMultiTenant::Error, 
+                  "Cannot create #{self.class.name} without tenant context. " \
+                  "This model requires a tenant context. "
           end
         end
       end

data/lib/rls_multi_tenant/concerns/tenant_context.rb

@@ -12,6 +12,7 @@ module RlsMultiTenant
         def tenant_session_var
           "rls.#{RlsMultiTenant.tenant_id_column}"
         end
+
         # Switch tenant context for a block
         def switch(tenant_or_id)
           tenant_id = extract_tenant_id(tenant_or_id)

data/lib/rls_multi_tenant/generators/install/install_generator.rb

@@ -1,10 +1,13 @@
 # frozen_string_literal: true
 
 require 'rails/generators'
+require 'rls_multi_tenant/generators/shared/template_helper'
 
 module RlsMultiTenant
   module Generators
     class InstallGenerator < Rails::Generators::Base
+      include Shared::TemplateHelper
+
       source_root File.expand_path("templates", __dir__)
 
       desc "Install RLS Multi-tenant gem configuration"
@@ -13,6 +16,14 @@ module RlsMultiTenant
         template "rls_multi_tenant.rb", "config/initializers/rls_multi_tenant.rb"
       end
 
+      def create_db_admin_task
+        unless File.exist?(File.join(destination_root, "lib/tasks/db_admin.rake"))
+          copy_shared_template "db_admin.rake", "lib/tasks/db_admin.rake"
+        else
+          say "Database admin task already exists, skipping creation", :yellow
+        end
+      end
+
       def show_instructions
         say "\n" + "="*60, :green
         say "RLS Multi-tenant gem configuration installed successfully!", :green

data/lib/rls_multi_tenant/generators/install/templates/rls_multi_tenant.rb

@@ -12,4 +12,11 @@ RlsMultiTenant.configure do |config|
   
   # Enable/disable security validation
   config.enable_security_validation = true
+  
+  # Enable/disable subdomain-based tenant switching middleware
+  config.enable_subdomain_middleware = true
+  
+  # Configure the field to use for subdomain matching (default: :subdomain)
+  # This should be a field on your tenant model that contains the subdomain
+  config.subdomain_field = :subdomain
 end

data/lib/rls_multi_tenant/generators/migration/templates/enable_rls.rb

@@ -7,15 +7,9 @@ class EnableRlsFor<%= table_name.camelize %> < ActiveRecord::Migration[<%= Rails
         
         # Create RLS policy
         execute "CREATE POLICY <%= table_name %>_app_user ON <%= table_name %> TO #{ENV['<%= RlsMultiTenant.app_user_env_var %>']} USING (<%= RlsMultiTenant.tenant_id_column %> = NULLIF(current_setting('rls.<%= RlsMultiTenant.tenant_id_column %>', TRUE), '')::uuid)"
-        
-        # Grant permissions
-        execute "GRANT SELECT, INSERT, UPDATE, DELETE ON <%= table_name %> TO #{ENV['<%= RlsMultiTenant.app_user_env_var %>']}"
       end
       
       dir.down do
-        # Revoke permissions
-        execute "REVOKE SELECT, INSERT, UPDATE, DELETE ON <%= table_name %> FROM #{ENV['<%= RlsMultiTenant.app_user_env_var %>']}"
-        
         # Drop policy
         execute "DROP POLICY <%= table_name %>_app_user ON <%= table_name %>"
         

data/lib/rls_multi_tenant/generators/model/templates/migration.rb

@@ -1,7 +1,7 @@
 class <%= migration_class_name %> < ActiveRecord::Migration[<%= Rails.version.to_f %>]
   def change
     # Create the table
-    create_table :<%= table_name %>, id: :uuid do |t|
+    create_table :<%= table_name %> do |t|
       t.references :<%= tenant_id_column.to_s.gsub('_id', '') %>, null: false, foreign_key: { to_table: :<%= tenant_class_name.underscore.pluralize %> }, type: :uuid
 <% @attributes.each do |attribute| -%>
       t.<%= attribute.type %> :<%= attribute.name %>
@@ -13,15 +13,6 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= Rails.version.to
     # Enable Row Level Security
     execute "ALTER TABLE <%= table_name %> ENABLE ROW LEVEL SECURITY"
 
-    reversible do |dir|
-      dir.up do
-        execute "GRANT SELECT, INSERT, UPDATE, DELETE ON <%= table_name %> TO #{ENV['<%= RlsMultiTenant.app_user_env_var %>']}"
-      end
-      dir.down do
-        execute "REVOKE SELECT, INSERT, UPDATE, DELETE ON <%= table_name %> FROM #{ENV['<%= RlsMultiTenant.app_user_env_var %>']}"
-      end
-    end
-
     # Define RLS policy
     reversible do |dir|
       dir.up do

data/lib/rls_multi_tenant/generators/setup/setup_generator.rb

@@ -23,14 +23,6 @@ module RlsMultiTenant
         end
       end
 
-      def create_db_admin_task
-        unless File.exist?(File.join(destination_root, "lib/tasks/db_admin.rake"))
-          copy_shared_template "db_admin.rake", "lib/tasks/db_admin.rake"
-        else
-          say "Database admin task already exists, skipping creation", :yellow
-        end
-      end
-
       def create_uuid_migration
         unless Dir.glob(File.join(destination_root, "db/migrate/*_enable_uuid_extension.rb")).any?
           create_migration_with_timestamp("enable_uuid", 1)
@@ -61,7 +53,6 @@ module RlsMultiTenant
         say "="*60, :green
         say "\nCreated:", :yellow
         say "• #{tenant_class_name} model", :green
-        say "• Database admin task", :green
         say "• UUID extension migration", :green
         say "• App user migration(s)", :green
         say "• #{tenant_class_name} migration", :green

data/lib/rls_multi_tenant/generators/shared/templates/create_tenant.rb

@@ -2,10 +2,12 @@ class Create<%= RlsMultiTenant.tenant_class_name.pluralize %> < ActiveRecord::Mi
   def change
     create_table :<%= RlsMultiTenant.tenant_class_name.underscore.pluralize %>, id: :uuid do |t|
       t.string :name, null: false
+      t.string :subdomain, null: false
 
       t.timestamps
     end
 
     add_index :<%= RlsMultiTenant.tenant_class_name.underscore.pluralize %>, :name, unique: true
+    add_index :<%= RlsMultiTenant.tenant_class_name.underscore.pluralize %>, :subdomain, unique: true
   end
 end

data/lib/rls_multi_tenant/middleware/subdomain_tenant_selector.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+module RlsMultiTenant
+  module Middleware
+    class SubdomainTenantSelector
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        request = ActionDispatch::Request.new(env)
+        tenant = resolve_tenant_from_subdomain(request)
+        
+        if tenant
+          # Switch tenant context for the duration of the request
+          Rails.logger.info "[RLS Multi-Tenant] #{request.method} #{request.path} -> Tenant: #{tenant.name} (#{tenant.id})" if defined?(Rails)
+          RlsMultiTenant.tenant_class.switch(tenant) do
+            @app.call(env)
+          end
+        else
+          # No tenant found - check if we need tenant context
+          subdomain = extract_subdomain(request.host)
+          if subdomain.present? && subdomain != 'www'
+            # Subdomain exists but no tenant found - this is an error
+            Rails.logger.warn "[RLS Multi-Tenant] #{request.method} #{request.path} -> No tenant found for subdomain '#{subdomain}'" if defined?(Rails)
+            raise RlsMultiTenant::Error, "No tenant found for subdomain '#{subdomain}'. Please ensure the tenant exists with the correct subdomain."
+          end
+          # If no subdomain, allow access to public models (models without TenantContext)
+          # Models that include TenantContext will automatically be constrained by RLS
+          Rails.logger.info "[RLS Multi-Tenant] #{request.method} #{request.path} -> Public access (no subdomain)" if defined?(Rails)
+          @app.call(env)
+        end
+      end
+
+      private
+
+      def resolve_tenant_from_subdomain(request)
+        subdomain = extract_subdomain(request.host)
+        return nil if subdomain.blank? || subdomain == 'www'
+
+        # Look up tenant by subdomain only
+        tenant_class = RlsMultiTenant.tenant_class
+        subdomain_field = RlsMultiTenant.subdomain_field
+        
+        # Only allow subdomain-based lookup
+        unless tenant_class.column_names.include?(subdomain_field.to_s)
+          raise RlsMultiTenant::ConfigurationError, 
+                "Subdomain field '#{subdomain_field}' not found on #{tenant_class.name}. " \
+                "Please add a '#{subdomain_field}' column to your tenant model or configure a different subdomain_field."
+        end
+        
+        tenant_class.find_by(subdomain_field => subdomain)
+      rescue => e
+        Rails.logger.error "Failed to resolve tenant from subdomain '#{subdomain}': #{e.message}" if defined?(Rails)
+        nil
+      end
+
+      def extract_subdomain(host)
+        return nil if host.blank?
+        
+        # Remove port if present
+        host = host.split(':').first
+        
+        # Split by dots and get the first part (subdomain)
+        parts = host.split('.')
+        
+        # Handle localhost development (e.g., foo.localhost:3000)
+        if parts.length == 2 && parts.last == 'localhost'
+          parts.first
+        # Handle standard domains (e.g., foo.example.com)
+        elsif parts.length >= 3
+          parts.first
+        else
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/rls_multi_tenant/railtie.rb

@@ -34,5 +34,11 @@ module RlsMultiTenant
         end
       end
     end
+
+    initializer "rls_multi_tenant.middleware", after: :load_config_initializers do |app|
+      if RlsMultiTenant.enable_subdomain_middleware
+        app.config.middleware.use RlsMultiTenant::Middleware::SubdomainTenantSelector
+      end
+    end
   end
 end

data/lib/rls_multi_tenant/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RlsMultiTenant
-  VERSION = "0.1.5"
+  VERSION = "0.1.7"
 end

data/lib/rls_multi_tenant.rb

@@ -5,6 +5,7 @@ require "rls_multi_tenant/concerns/multi_tenant"
 require "rls_multi_tenant/concerns/tenant_context"
 require "rls_multi_tenant/security_validator"
 require "rls_multi_tenant/rls_helper"
+require "rls_multi_tenant/middleware/subdomain_tenant_selector"
 require "rls_multi_tenant/generators/shared/template_helper"
 require "rls_multi_tenant/railtie" if defined?(Rails)
 
@@ -15,7 +16,7 @@ module RlsMultiTenant
 
   # Configuration options
   class << self
-    attr_accessor :tenant_class_name, :tenant_id_column, :app_user_env_var, :enable_security_validation
+    attr_accessor :tenant_class_name, :tenant_id_column, :app_user_env_var, :enable_security_validation, :enable_subdomain_middleware, :subdomain_field
 
     def configure
       yield self
@@ -36,6 +37,14 @@ module RlsMultiTenant
     def enable_security_validation
       @enable_security_validation.nil? ? true : @enable_security_validation
     end
+
+    def enable_subdomain_middleware
+      @enable_subdomain_middleware.nil? ? false : @enable_subdomain_middleware
+    end
+
+    def subdomain_field
+      @subdomain_field ||= :subdomain
+    end
   end
 
   # Default configuration
@@ -43,4 +52,6 @@ module RlsMultiTenant
   self.tenant_id_column = :tenant_id
   self.app_user_env_var = "POSTGRES_APP_USER"
   self.enable_security_validation = true
+  self.enable_subdomain_middleware = true
+  self.subdomain_field = :subdomain
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rls_multi_tenant
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.7
 platform: ruby
 authors:
 - Coding Ways
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2025-09-15 00:00:00.000000000 Z
+date: 2025-09-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -177,6 +177,7 @@ files:
 - lib/rls_multi_tenant/generators/shared/templates/db_admin.rake
 - lib/rls_multi_tenant/generators/shared/templates/enable_uuid_extension.rb
 - lib/rls_multi_tenant/generators/task/task_generator.rb
+- lib/rls_multi_tenant/middleware/subdomain_tenant_selector.rb
 - lib/rls_multi_tenant/railtie.rb
 - lib/rls_multi_tenant/rls_helper.rb
 - lib/rls_multi_tenant/rls_multi_tenant.rb