ruby_cms 0.1.0

data/app/controllers/concerns/ruby_cms/admin_turbo_table.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+module RubyCms
+  module AdminTurboTable
+    extend ActiveSupport::Concern
+
+    # Check if this is a Turbo Frame request
+    # @return [Boolean]
+    def turbo_frame_request?
+      request.headers["Turbo-Frame"].present?
+    end
+
+    # Render index action with Turbo Frame support
+    # If Turbo Frame request, renders only the table content
+    # Otherwise renders full page
+    # @param turbo_frame_id [String] Turbo Frame ID (default: "admin_table_content")
+    def turbo_render_index(turbo_frame_id: "admin_table_content")
+      if turbo_frame_request?
+        render partial: turbo_frame_id, layout: false
+      else
+        render :index
+      end
+    end
+
+    # Redirect with Turbo Frame support
+    # If Turbo Frame request, renders Turbo Stream redirect
+    # Otherwise performs normal redirect
+    # @param url [String] URL to redirect to
+    # @param options [Hash] Redirect options (notice, alert, etc.)
+    def turbo_redirect_to(url, **)
+      if turbo_frame_request?
+        # For Turbo Frame requests, we can't redirect directly
+        # Instead, we should render a Turbo Stream that updates the frame
+        # or redirect the parent window
+      else
+        redirect_to(url, **)
+      end
+    end
+
+    # Get Turbo Frame ID from request
+    # @return [String, nil]
+    def turbo_frame_id
+      request.headers["Turbo-Frame"]
+    end
+
+    # Check if request expects Turbo Stream response
+    # @return [Boolean]
+    def turbo_stream_request?
+      request.headers["Accept"]&.include?("text/vnd.turbo-stream.html")
+    end
+
+    # Render Turbo Stream update for table
+    # @param turbo_frame_id [String] Turbo Frame ID
+    # @param partial [String] Partial to render (default: turbo_frame_id)
+    def turbo_stream_update_table(turbo_frame_id: "admin_table_content", partial: nil)
+      partial ||= turbo_frame_id
+      render turbo_stream: turbo_stream.update(turbo_frame_id, partial:)
+    end
+
+    # Render Turbo Stream replace for table
+    # @param turbo_frame_id [String] Turbo Frame ID
+    # @param partial [String] Partial to render (default: turbo_frame_id)
+    def turbo_stream_replace_table(turbo_frame_id: "admin_table_content", partial: nil)
+      partial ||= turbo_frame_id
+      render turbo_stream: turbo_stream.replace(turbo_frame_id, partial:)
+    end
+  end
+end

data/app/controllers/concerns/ruby_cms/page_tracking.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module RubyCms
+  # Include in controllers to track page views via Ahoy.
+  # Requires the host app to have Ahoy installed (via RubyCMS install generator).
+  #
+  # Usage:
+  #   class PagesController < ApplicationController
+  #     include RubyCms::PageTracking
+  #   end
+  #
+  # Sets @page_name to controller_name by default. Override in actions:
+  #   @page_name = "custom_page_name"
+  #
+  module PageTracking
+    extend ActiveSupport::Concern
+
+    included do
+      before_action :set_page_name
+      after_action :track_page_view
+    end
+
+    private
+
+    def set_page_name
+      @page_name = controller_name if @page_name.blank?
+    end
+
+    def track_page_view
+      return unless should_track_page_view?
+
+      ahoy.track "page_view",
+                 page_name: @page_name,
+                 request_path: request.path
+    rescue StandardError => e
+      Rails.logger.error "[RubyCMS] Failed to track page view: #{e.message}"
+    end
+
+    def should_track_page_view?
+      # Only track if @page_name is set
+      return false if @page_name.blank?
+
+      # Skip admin paths
+      return false if request.path.start_with?("/admin")
+
+      # Skip Turbo frame requests (optional - adjust based on needs)
+      return false if request.headers["Turbo-Frame"].present?
+
+      true
+    end
+  end
+end

data/app/controllers/concerns/ruby_cms/visitor_error_capture.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module RubyCms
+  # Include in ApplicationController to capture public-site errors to VisitorError.
+  # Skips admin controllers (paths under /admin) and development environment by default.
+  #
+  # Usage in ApplicationController:
+  #   include RubyCms::VisitorErrorCapture
+  #   rescue_from StandardError, with: :handle_visitor_error
+  #
+  # Or use the class method to add both:
+  #   RubyCms::VisitorErrorCapture.install(self)
+  module VisitorErrorCapture
+    extend ActiveSupport::Concern
+
+    class_methods do
+      def install(controller_class)
+        controller_class.include RubyCms::VisitorErrorCapture
+        controller_class.rescue_from StandardError, with: :handle_visitor_error
+      end
+    end
+
+    private
+
+    def handle_visitor_error(exception)
+      return if skip_visitor_error_capture?
+
+      RubyCms::VisitorError.log_error(exception, request)
+    ensure
+      raise exception
+    end
+
+    def skip_visitor_error_capture?
+      return true if Rails.env.development?
+
+      false
+    end
+  end
+end

data/app/controllers/ruby_cms/admin/analytics_controller.rb

@@ -0,0 +1,191 @@
+# frozen_string_literal: true
+
+require "ipaddr"
+
+module RubyCms
+  module Admin
+    class AnalyticsController < BaseController
+      before_action { require_permission!(:manage_analytics) }
+      before_action :set_date_range
+      before_action :validate_date_range
+
+      def index
+        report = RubyCms::Analytics::Report.new(
+          start_date: @start_date,
+          end_date: @end_date,
+          period: @period
+        )
+        @stats = report.dashboard_stats
+        @stats.each {|key, value| instance_variable_set(:"@#{key}", value) }
+      end
+
+      def page_details
+        @page_name = sanitize_page_name(params[:page_name])
+        unless @page_name
+          return redirect_to ruby_cms_admin_analytics_path,
+                             alert: t("ruby_cms.admin.analytics.invalid_page_name",
+                                      default: "Invalid page name.")
+        end
+
+        report = RubyCms::Analytics::Report.new(
+          start_date: @start_date,
+          end_date: @end_date,
+          period: @period
+        )
+        data = report.page_stats(@page_name)
+        @page_views = data[:page_views]
+        @page_stats = data[:stats]
+      end
+
+      def visitor_details
+        @ip_address = sanitize_ip_address(params[:ip_address])
+        unless @ip_address
+          return redirect_to ruby_cms_admin_analytics_path,
+                             alert: t("ruby_cms.admin.analytics.invalid_ip_address",
+                                      default: "Invalid IP address.")
+        end
+
+        report = RubyCms::Analytics::Report.new(
+          start_date: @start_date,
+          end_date: @end_date,
+          period: @period
+        )
+        data = report.visitor_stats(@ip_address)
+        @visitor_views = data[:visitor_views]
+        @visitor_stats = data[:stats]
+      end
+
+      private
+
+      def set_date_range
+        @period = sanitize_period(params[:period]) || default_period
+
+        @start_date, @end_date = parsed_date_range || default_date_range
+      rescue Date::Error
+        @start_date, @end_date = fallback_date_range
+      end
+
+      def validate_date_range
+        max_days = RubyCms::Settings.get(:analytics_max_date_range_days, default: 365).to_i
+        return if valid_date_range?(max_days)
+
+        redirect_to ruby_cms_admin_analytics_path,
+                    alert: "Invalid date range. Maximum range is #{max_days} days."
+      end
+
+      def sanitize_period(value)
+        %w[day week month year].include?(value.to_s) ? value.to_s : nil
+      end
+
+      def default_period
+        RubyCms::Settings.get(:analytics_default_period, default: "week").to_s
+      rescue StandardError
+        "week"
+      end
+
+      def period_start_date(period, end_date)
+        case period
+        when "day" then end_date
+        when "week" then end_date - 6.days
+        when "month" then end_date - 29.days
+        else end_date - 364.days
+        end
+      end
+
+      def sanitize_page_name(page_name)
+        page_name.to_s.gsub(%r{[^a-zA-Z0-9_\-/]}, "").presence
+      end
+
+      def sanitize_ip_address(ip_address)
+        return nil if ip_address.blank?
+
+        IPAddr.new(ip_address)
+        ip_address
+      rescue IPAddr::InvalidAddressError
+        nil
+      end
+
+      helper_method :format_chart_date, :format_chart_date_short
+
+      def format_chart_date(date_string)
+        format_chart_date_by_granularity(date_string, long: true)
+      rescue Date::Error
+        date_string.to_s
+      end
+
+      def format_chart_date_short(date_string)
+        format_chart_date_by_granularity(date_string, long: false)
+      rescue Date::Error
+        date_string.to_s
+      end
+
+      def format_daily_date(date_string)
+        date = Date.parse(date_string.to_s)
+        if @period == "month"
+          end_date = [date + 2.days, @end_date].min
+          return "#{date.strftime('%b %d')} - #{end_date.strftime('%b %d')}" if date != end_date
+        end
+        date.strftime("%B %d, %Y")
+      end
+
+      def format_daily_date_short(date_string)
+        date = Date.parse(date_string.to_s)
+        if @period == "month"
+          end_date = [date + 2.days, @end_date].min
+          return "#{date.strftime('%m/%d')}-#{end_date.strftime('%m/%d')}" if date != end_date
+        end
+        date.strftime("%m/%d")
+      end
+
+      def parsed_date_range
+        return nil unless params[:start_date].present? && params[:end_date].present?
+
+        [
+          Date.parse(params[:start_date]),
+          Date.parse(params[:end_date])
+        ]
+      end
+
+      def default_date_range
+        end_date = Date.current
+        [period_start_date(@period, end_date), end_date]
+      end
+
+      def fallback_date_range
+        end_date = Date.current
+        [end_date - 6.days, end_date]
+      end
+
+      def valid_date_range?(max_days)
+        return false unless @end_date.between?(@start_date, Date.current)
+
+        (@end_date - @start_date).to_i <= max_days
+      end
+
+      def format_chart_date_by_granularity(date_string, long:)
+        str = date_string.to_s
+
+        if str.match?(/\A\d{4}-\d{2}-\d{2}\z/)
+          return long ? format_daily_date(str) : format_daily_date_short(str)
+        end
+
+        if str.match?(/\A\d{4}-\d{2}\z/)
+          format_monthly_date(str, long:)
+        elsif str.match?(/\A\d{2}\z/)
+          format_hourly_date(str, long:)
+        else
+          str
+        end
+      end
+
+      def format_monthly_date(date_string, long:)
+        date = Date.parse("#{date_string}-01")
+        long ? date.strftime("%B %Y") : date.strftime("%b")
+      end
+
+      def format_hourly_date(date_string, long:)
+        long ? "#{date_string}:00" : "#{date_string}h"
+      end
+    end
+  end
+end

data/app/controllers/ruby_cms/admin/base_controller.rb

@@ -0,0 +1,105 @@
+# frozen_string_literal: true
+
+module RubyCms
+  module Admin
+    # Base for all /admin controllers. Ensures authentication and permission enforcement.
+    # Inherits from the host's ApplicationController (or config.admin_base_controller).
+    # This layout must not be used for public pages.
+    class BaseController < Rails.application.config.ruby_cms.admin_base_controller.constantize
+      layout -> { Rails.application.config.ruby_cms.admin_layout.presence || "admin/admin" }
+      before_action :set_cms_locale
+      before_action :require_cms_access
+
+      rescue_from ActiveRecord::RecordNotFound, with: :render_not_found
+
+      helper_method :current_user_cms, :require_permission!
+
+      # Expose the engine's route helpers (ruby_cms_admin_*_path) in controllers.
+      # The host's _routes does not expose the mounted engine's named routes to
+      # the engine's own controllers; we keep _routes as the host's for
+      # new_session_path, root_path, etc.
+      include RubyCms::Engine.routes.url_helpers
+
+      private
+
+      def require_cms_access
+        ensure_authenticated
+        require_permission!(:manage_admin)
+      end
+
+      def ensure_authenticated
+        return if current_user_cms
+
+        if respond_to?(:require_authentication, true)
+          send(:require_authentication)
+        else
+          redirect_to cms_redirect_path, alert: t("ruby_cms.admin.base.authentication_required")
+        end
+      end
+
+      # Forbid (403) or redirect with flash. Default-deny: unknown permission = forbidden.
+      def require_permission!(permission_key, record: nil)
+        return if current_user_cms&.can?(permission_key, record:)
+
+        respond_to do |format|
+          format.html do
+            redirect_to(cms_redirect_path, alert: t("ruby_cms.admin.base.not_authorized"))
+          end
+          format.any { head :forbidden }
+        end
+      end
+
+      # Optional role gate. Example: before_action { require_role!(:admin) } in a subclass.
+      # Uses user.admin? when role is :admin (if the host's User responds to :admin?).
+      def require_role!(role)
+        return if current_user_cms.nil?
+        return if role == :admin && current_user_cms.respond_to?(:admin?) && current_user_cms.admin?
+
+        respond_to do |format|
+          format.html do
+            redirect_to cms_redirect_path, alert: t("ruby_cms.admin.base.not_authorized")
+          end
+          format.any { head :forbidden }
+        end
+      end
+
+      def cms_redirect_path
+        Rails.application.config.ruby_cms.unauthorized_redirect_path.presence || "/"
+      end
+
+      def current_user_cms
+        @current_user_cms ||= resolve_current_user
+      end
+
+      def resolve_current_user
+        if respond_to?(:current_user, true)
+          send(:current_user)
+        else
+          Rails.application.config.ruby_cms.current_user_resolver&.call(self)
+        end
+      end
+
+      def render_not_found
+        render "ruby_cms/errors/not_found",
+               status: :not_found,
+               layout: Rails.application.config.ruby_cms.admin_layout.presence || "admin/admin"
+      end
+
+      def set_cms_locale
+        if session[:ruby_cms_locale].present? &&
+           I18n.available_locales.include?(session[:ruby_cms_locale].to_sym)
+          I18n.locale = session[:ruby_cms_locale].to_sym
+        end
+      end
+
+      # Resolve parameter key for model params
+      # Checks if a specific key exists in params, otherwise falls back to model's param_key
+      # @param model_class [Class] The model class (e.g., ContentBlock)
+      # @param param_name [Symbol] The expected parameter name (e.g., :page)
+      # @return [Symbol] The resolved parameter key
+      def model_param_key(model_class, param_name)
+        params.key?(param_name) ? param_name : model_class.model_name.param_key.to_sym
+      end
+    end
+  end
+end