rls_multi_tenant 0.1.6 → 0.1.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8c3310349a1bab642ea0facd9a4199d3b63e075e9eb15905b00a86075285f891
-  data.tar.gz: '06494c0144141a2ad9ac97b57091ebfc7198472342d9b7a9e5da2609e5928c9a'
+  metadata.gz: 3fb27124134b3487ef6f83347eca26c0ac64431e44a01d92cf70bd3dd5a03e20
+  data.tar.gz: a4fceedb11cdc42c788aad2c8c8ac11f6344d497ec2f62b002719c7cfc5a6179
 SHA512:
-  metadata.gz: 4231b3ec6287ef0bb2223284b991c7951149ab2f608c755a823b451a6527134ce64a11a24b988a74e62ebc692585aaedb99d738b8a7055d01b570cff4cc354d9
-  data.tar.gz: 640196b111037946feee80e8a516d32f0a09b00512c277cff68dd1c011794d3f7b827490b0c003810642c90151b06ef14ab02223bd8b1bc85fae741803b161f3
+  metadata.gz: adff1ce5bde6c15d358e67041982e0506c97fa5b1e7eee02fd69fbf9eab3799fa67be034a8b584ea8cf5864a556751d1d8a679e3adf49cddbedc995d988b98d7
+  data.tar.gz: 0c125b52250a2fce049e4f0965af09c4ae13f75f8a7516b58f6a6d136179821471a2f7ff24340ba3654f2cfa1ec4bcf2af29d4ab76ddb58ddad2e3643edc5dbd

data/.rspec

@@ -0,0 +1,3 @@
+--require spec_helper
+--color
+--format documentation

data/.rubocop.yml

@@ -1,4 +1,4 @@
-require:
+plugins:
   - rubocop-rails
   - rubocop-rspec
 
@@ -22,7 +22,7 @@ Style/FrozenStringLiteralComment:
 Style/ClassAndModuleChildren:
   Enabled: false
 
-Metrics/LineLength:
+Layout/LineLength:
   Max: 120
 
 Metrics/BlockLength:

data/README.md

@@ -1,5 +1,12 @@
 # RLS Multi-Tenant
 
+[![CI](https://github.com/codingways/rls_multi_tenant/actions/workflows/simple.yml/badge.svg)](https://github.com/codingways/rls_multi_tenant/actions/workflows/simple.yml)
+[![Ruby](https://img.shields.io/badge/ruby-3.0%2B-red.svg)](https://www.ruby-lang.org/)
+[![Rails](https://img.shields.io/badge/rails-6.0%2B-red.svg)](https://rubyonrails.org/)
+[![Gem Version](https://badge.fury.io/rb/rls_multi_tenant.svg)](https://badge.fury.io/rb/rls_multi_tenant)
+[![Downloads](https://img.shields.io/gem/dt/rls_multi_tenant.svg)](https://rubygems.org/gems/rls_multi_tenant)
+[![License](https://img.shields.io/badge/license-MIT-green.svg)](LICENSE)
+
 A Rails gem that provides PostgreSQL Row Level Security (RLS) based multi-tenancy for Rails applications.
 
 ## Features
@@ -10,6 +17,7 @@ A Rails gem that provides PostgreSQL Row Level Security (RLS) based multi-tenanc
 - 📦 **Auto-inclusion**: Automatic model configuration
 - 🚀 **Generators**: Rails generators for quick setup
 - ⚙️ **Configurable**: Flexible configuration options
+- 🌐 **Subdomain Middleware**: Automatic tenant switching based on subdomain
 
 ## Installation
 
@@ -40,6 +48,8 @@ bundle install
      config.tenant_id_column = :tenant_id          # Tenant ID column name
      config.app_user_env_var = "POSTGRES_APP_USER" # Environment variable for app user
      config.enable_security_validation = true      # Enable security checks
+     config.enable_subdomain_middleware = true     # Enable subdomain-based tenant switching (default: true)
+     config.subdomain_field = :subdomain           # Field to use for subdomain matching (default: :subdomain)
    end
    ```
 
@@ -75,32 +85,78 @@ Your models automatically include the `MultiTenant` concern:
 ```ruby
 class User < ApplicationRecord
   # Automatically includes MultiTenant concern
-  # include RlsMultiTenant::Concerns::MultiTenant
+  include RlsMultiTenant::Concerns::MultiTenant
 end
 ```
 
 ### Tenant Context Switching
 
 ```ruby
-# Create a new tenant
-tenant = Tenant.create!(name: "Tenant 1")
+# Create a new tenant with subdomain
+tenant = Tenant.create!(name: "Company A", subdomain: "company-a")
 ```
 
 ```ruby
 # Switch tenant context for a block
 Tenant.switch(tenant) do
-  User.create!(name: "User from Tenant 1", email: "user@example.com") # Automatically assigned to current tenant
+  User.create!(name: "User from Company A", email: "user@company-a.com") # Automatically assigned to current tenant
 end
 
 # Switch tenant context permanently
 Tenant.switch!(tenant)
-User.create!(name: "User from Tenant 1", email: "user@example.com")
+User.create!(name: "User from Company A", email: "user@company-a.com")
 Tenant.reset! # Reset context
 
 # Get current tenant
 current_tenant = Tenant.current
 ```
 
+### Automatic Subdomain-Based Tenant Switching
+
+The gem includes middleware that automatically switches tenants based on the request subdomain. This is enabled by default and works seamlessly with your tenant model.
+
+**The middleware automatically:**
+- Extracts the subdomain from the request host
+- Finds the matching tenant by the subdomain field
+- Switches the tenant context for the duration of the request
+- Resets the context after the request completes
+
+**Usage:**
+```ruby
+# Create tenants with subdomains
+tenant1 = Tenant.create!(name: "Company A", subdomain: "company-a")
+tenant2 = Tenant.create!(name: "Company B", subdomain: "company-b")
+
+# Users visiting company-a.yourdomain.com will automatically be in tenant1's context
+# Users visiting company-b.yourdomain.com will automatically be in tenant2's context
+# Users visiting yourdomain.com (no subdomain) will have no tenant context
+```
+
+### Public Access (Non-Tenanted Models)
+
+Models that don't include `RlsMultiTenant::Concerns::TenantContext` are automatically treated as public models and can be accessed without tenant context. This provides a secure, explicit way to separate tenant-specific and public models.
+
+**Example:**
+```ruby
+# Public models (no tenant association)
+class PublicPost < ApplicationRecord
+  # No TenantContext concern included
+  # These models are accessible without tenant context
+end
+
+# Tenant-specific models (automatically generated)
+class User < ApplicationRecord
+  # Automatically includes MultiTenant concern
+  # These models require tenant context and are constrained by RLS
+  include RlsMultiTenant::Concerns::MultiTenant
+end
+```
+
+**Security Benefits:**
+- **Explicit Intent**: Models must explicitly include `TenantContext` to be tenant-constrained
+- **Fail-Safe**: Public models are clearly separated from tenant models
+- **No Configuration Drift**: Can't accidentally expose tenant data through misconfiguration
+
 ## Configuration
 
 The gem is configured in `config/initializers/rls_multi_tenant.rb` (created by the install generator). You can customize the following options:
@@ -111,6 +167,8 @@ RlsMultiTenant.configure do |config|
   config.tenant_id_column = :tenant_id          # Tenant ID column name
   config.app_user_env_var = "POSTGRES_APP_USER" # Environment variable for app user
   config.enable_security_validation = true      # Enable security checks (prevents running with superuser privileges)
+  config.enable_subdomain_middleware = true     # Enable subdomain-based tenant switching (default: true)
+  config.subdomain_field = :subdomain           # Field to use for subdomain matching (default: :subdomain)
 end
 ```
 
@@ -126,6 +184,9 @@ rails db_as:admin[seed]
 
 # Create database with admin privileges
 rails db_as:admin[create]
+
+# Drop database with admin privileges
+rails db_as:admin[drop]
 ```
 
 ## Security Features

data/lib/rls_multi_tenant/concerns/multi_tenant.rb

@@ -16,8 +16,13 @@ module RlsMultiTenant
 
         def set_tenant_id
           current_tenant = RlsMultiTenant.tenant_class.current
+
           if current_tenant && self.send(RlsMultiTenant.tenant_id_column).blank?
             self.send("#{RlsMultiTenant.tenant_id_column}=", current_tenant.id)
+          elsif current_tenant.nil?
+            raise RlsMultiTenant::Error, 
+                  "Cannot create #{self.class.name} without tenant context. " \
+                  "This model requires a tenant context. "
           end
         end
       end

data/lib/rls_multi_tenant/concerns/tenant_context.rb

@@ -12,6 +12,7 @@ module RlsMultiTenant
         def tenant_session_var
           "rls.#{RlsMultiTenant.tenant_id_column}"
         end
+
         # Switch tenant context for a block
         def switch(tenant_or_id)
           tenant_id = extract_tenant_id(tenant_or_id)

data/lib/rls_multi_tenant/generators/install/templates/rls_multi_tenant.rb

@@ -12,4 +12,11 @@ RlsMultiTenant.configure do |config|
   
   # Enable/disable security validation
   config.enable_security_validation = true
+  
+  # Enable/disable subdomain-based tenant switching middleware
+  config.enable_subdomain_middleware = true
+  
+  # Configure the field to use for subdomain matching (default: :subdomain)
+  # This should be a field on your tenant model that contains the subdomain
+  config.subdomain_field = :subdomain
 end

data/lib/rls_multi_tenant/generators/model/templates/migration.rb

@@ -1,7 +1,7 @@
 class <%= migration_class_name %> < ActiveRecord::Migration[<%= Rails.version.to_f %>]
   def change
     # Create the table
-    create_table :<%= table_name %>, id: :uuid do |t|
+    create_table :<%= table_name %> do |t|
       t.references :<%= tenant_id_column.to_s.gsub('_id', '') %>, null: false, foreign_key: { to_table: :<%= tenant_class_name.underscore.pluralize %> }, type: :uuid
 <% @attributes.each do |attribute| -%>
       t.<%= attribute.type %> :<%= attribute.name %>

data/lib/rls_multi_tenant/generators/shared/templates/create_tenant.rb

@@ -2,10 +2,12 @@ class Create<%= RlsMultiTenant.tenant_class_name.pluralize %> < ActiveRecord::Mi
   def change
     create_table :<%= RlsMultiTenant.tenant_class_name.underscore.pluralize %>, id: :uuid do |t|
       t.string :name, null: false
+      t.string :subdomain, null: false
 
       t.timestamps
     end
 
     add_index :<%= RlsMultiTenant.tenant_class_name.underscore.pluralize %>, :name, unique: true
+    add_index :<%= RlsMultiTenant.tenant_class_name.underscore.pluralize %>, :subdomain, unique: true
   end
 end

data/lib/rls_multi_tenant/middleware/subdomain_tenant_selector.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+module RlsMultiTenant
+  module Middleware
+    class SubdomainTenantSelector
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        request = ActionDispatch::Request.new(env)
+        tenant = resolve_tenant_from_subdomain(request)
+        
+        if tenant
+          # Switch tenant context for the duration of the request
+          Rails.logger.info "[RLS Multi-Tenant] #{request.method} #{request.path} -> Tenant: #{tenant.name} (#{tenant.id})" if defined?(Rails)
+          RlsMultiTenant.tenant_class.switch(tenant) do
+            @app.call(env)
+          end
+        else
+          # No tenant found - check if we need tenant context
+          subdomain = extract_subdomain(request.host)
+          if subdomain.present? && subdomain != 'www'
+            # Subdomain exists but no tenant found - this is an error
+            Rails.logger.warn "[RLS Multi-Tenant] #{request.method} #{request.path} -> No tenant found for subdomain '#{subdomain}'" if defined?(Rails)
+            raise RlsMultiTenant::Error, "No tenant found for subdomain '#{subdomain}'. Please ensure the tenant exists with the correct subdomain."
+          end
+          # If no subdomain, allow access to public models (models without TenantContext)
+          # Models that include TenantContext will automatically be constrained by RLS
+          Rails.logger.info "[RLS Multi-Tenant] #{request.method} #{request.path} -> Public access (no subdomain)" if defined?(Rails)
+          @app.call(env)
+        end
+      end
+
+      private
+
+      def resolve_tenant_from_subdomain(request)
+        subdomain = extract_subdomain(request.host)
+        return nil if subdomain.blank? || subdomain == 'www'
+
+        # Look up tenant by subdomain only
+        tenant_class = RlsMultiTenant.tenant_class
+        subdomain_field = RlsMultiTenant.subdomain_field
+        
+        # Only allow subdomain-based lookup
+        unless tenant_class.column_names.include?(subdomain_field.to_s)
+          raise RlsMultiTenant::ConfigurationError, 
+                "Subdomain field '#{subdomain_field}' not found on #{tenant_class.name}. " \
+                "Please add a '#{subdomain_field}' column to your tenant model or configure a different subdomain_field."
+        end
+        
+        tenant_class.find_by(subdomain_field => subdomain)
+      rescue => e
+        Rails.logger.error "Failed to resolve tenant from subdomain '#{subdomain}': #{e.message}" if defined?(Rails)
+        nil
+      end
+
+      def extract_subdomain(host)
+        return nil if host.blank?
+        
+        # Remove port if present
+        host = host.split(':').first
+        
+        # Split by dots and get the first part (subdomain)
+        parts = host.split('.')
+        
+        # Handle localhost development (e.g., foo.localhost:3000)
+        if parts.length == 2 && parts.last == 'localhost'
+          parts.first
+        # Handle standard domains (e.g., foo.example.com)
+        elsif parts.length >= 3
+          parts.first
+        else
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/rls_multi_tenant/railtie.rb

@@ -34,5 +34,11 @@ module RlsMultiTenant
         end
       end
     end
+
+    initializer "rls_multi_tenant.middleware", after: :load_config_initializers do |app|
+      if RlsMultiTenant.enable_subdomain_middleware
+        app.config.middleware.use RlsMultiTenant::Middleware::SubdomainTenantSelector
+      end
+    end
   end
 end

data/lib/rls_multi_tenant/security_validator.rb

@@ -48,8 +48,8 @@ module RlsMultiTenant
       private
 
       def skip_validation?
-        # Skip validation if we're running install generator
-        return true if ARGV.any? { |arg| arg.include?('rls_multi_tenant:install') }
+        # Skip validation if we're running an install or setup generator
+        return true if ARGV.any? { |arg| arg.include?('rls_multi_tenant:install') || arg.include?('rls_multi_tenant:setup') }
         
         # Skip validation if we're in admin mode (set by db_as:admin task)
         return true if ENV['RLS_MULTI_TENANT_ADMIN_MODE'] == 'true'

data/lib/rls_multi_tenant/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RlsMultiTenant
-  VERSION = "0.1.6"
+  VERSION = "0.1.8"
 end

data/lib/rls_multi_tenant.rb

@@ -5,6 +5,7 @@ require "rls_multi_tenant/concerns/multi_tenant"
 require "rls_multi_tenant/concerns/tenant_context"
 require "rls_multi_tenant/security_validator"
 require "rls_multi_tenant/rls_helper"
+require "rls_multi_tenant/middleware/subdomain_tenant_selector"
 require "rls_multi_tenant/generators/shared/template_helper"
 require "rls_multi_tenant/railtie" if defined?(Rails)
 
@@ -15,7 +16,7 @@ module RlsMultiTenant
 
   # Configuration options
   class << self
-    attr_accessor :tenant_class_name, :tenant_id_column, :app_user_env_var, :enable_security_validation
+    attr_accessor :tenant_class_name, :tenant_id_column, :app_user_env_var, :enable_security_validation, :enable_subdomain_middleware, :subdomain_field
 
     def configure
       yield self
@@ -36,6 +37,14 @@ module RlsMultiTenant
     def enable_security_validation
       @enable_security_validation.nil? ? true : @enable_security_validation
     end
+
+    def enable_subdomain_middleware
+      @enable_subdomain_middleware.nil? ? false : @enable_subdomain_middleware
+    end
+
+    def subdomain_field
+      @subdomain_field ||= :subdomain
+    end
   end
 
   # Default configuration
@@ -43,4 +52,6 @@ module RlsMultiTenant
   self.tenant_id_column = :tenant_id
   self.app_user_env_var = "POSTGRES_APP_USER"
   self.enable_security_validation = true
+  self.enable_subdomain_middleware = true
+  self.subdomain_field = :subdomain
 end

data/rls_multi_tenant.gemspec

@@ -34,6 +34,7 @@ Gem::Specification.new do |spec|
   # Dependencies
   spec.add_dependency "rails", ">= 6.0", "< 9.0"
   spec.add_dependency "pg", ">= 1.0", "< 3.0"
+  spec.add_dependency "ostruct", ">= 0.1.0"
 
   # Development dependencies
   spec.add_development_dependency "rspec-rails", "~> 6.0"

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: rls_multi_tenant
 version: !ruby/object:Gem::Version
-  version: 0.1.6
+  version: 0.1.8
 platform: ruby
 authors:
 - Coding Ways
-autorequire: 
 bindir: exe
 cert_chain: []
-date: 2025-09-15 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -50,6 +49,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: ostruct
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.0
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
@@ -157,6 +170,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".rspec"
 - ".rubocop.yml"
 - README.md
 - lib/rls_multi_tenant.rb
@@ -177,6 +191,7 @@ files:
 - lib/rls_multi_tenant/generators/shared/templates/db_admin.rake
 - lib/rls_multi_tenant/generators/shared/templates/enable_uuid_extension.rb
 - lib/rls_multi_tenant/generators/task/task_generator.rb
+- lib/rls_multi_tenant/middleware/subdomain_tenant_selector.rb
 - lib/rls_multi_tenant/railtie.rb
 - lib/rls_multi_tenant/rls_helper.rb
 - lib/rls_multi_tenant/rls_multi_tenant.rb
@@ -192,7 +207,6 @@ metadata:
   changelog_uri: https://github.com/codingways/rls_multi_tenant/blob/main/CHANGELOG.md
   bug_tracker_uri: https://github.com/codingways/rls_multi_tenant/issues
   documentation_uri: https://github.com/codingways/rls_multi_tenant#readme
-post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -207,8 +221,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.23
-signing_key: 
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Rails gem for PostgreSQL Row Level Security (RLS) multi-tenant applications
 test_files: []