super_settings 0.0.0.rc1

data/lib/super_settings/application/styles.css

@@ -0,0 +1,122 @@
+#settings-table td p {
+  margin-top: 0;
+  margin-bottom: 0.5rem;
+}
+
+#settings-table td p:last-of-type {
+  margin-bottom: 0;
+}
+
+#settings-table input[type=text], #settings-table input[type=number], #settings-table input[type=date], #settings-table input[type=time], #settings-table textarea {
+  width: 100%;
+}
+
+.super-settings-edit-row {
+  background-color: #f2fdf2 !important;
+}
+
+#settings-table tr[data-deleted] td {
+  background-color: #ffd1d8 !important;
+  color: darkred;
+  text-decoration: line-through;
+}
+
+#settings-table tr[data-newrecord] .js-show-history {
+  display: none;
+}
+
+.super-settings-key {
+  overflow-wrap: break-word;
+  max-width: 30rem;
+  min-width: 15rem;
+}
+
+.super-settings-value {
+  overflow-wrap: break-word;
+  max-width: 30rem;
+  min-width: 15rem;
+}
+
+.super-settings-value-type {
+  width: 7rem;
+}
+
+.super-settings-description {
+  min-width: 20rem;
+}
+
+.super-settings-controls {
+  width: 6rem;
+  white-space: nowrap;
+  text-align: right;
+  text-decoration: none !important;
+}
+
+.super-settings-history-key {
+  font-weight: normal;
+  color: royalblue;
+}
+
+.super-settings-modal {
+  z-index: 1000000000000;
+  display: none;
+  padding-top: 5rem;
+  position: fixed;
+  left: 0;
+  top: 0;
+  width: 100%;
+  height: 100%;
+  overflow: auto;
+  background-color: rgba(0,0,0,0.4);
+}
+
+.super-settings-modal-dialog {
+  margin: auto;
+  background-color: #fff;
+  position: relative;
+  outline: 0;
+  padding: 2em;
+  box-shadow: 3px 3px 7px 3px rgba(0, 0, 0, 0.6);
+  border-radius: 4px;
+  width: 80%;
+  height: 80%;
+}
+
+.super-settings-modal-content {
+  height: 100%;
+  overflow: auto;
+}
+
+.super-settings-modal-close {
+  display: block;
+  position: absolute;
+  top: 0;
+  right: 0;
+  border: 0;
+  padding: 1ex;
+  background-color: inherit;
+  font-size: 1.5rem;
+  font-weight: 500;
+}
+
+.super-settings-sr-only {
+  position: absolute;
+  width: 1px;
+  height: 1px;
+  padding: 0;
+  margin: -1px;
+  overflow: hidden;
+  clip: rect(0,0,0,0);
+  border: 0;
+}
+
+.super-settings-text-nowrap {
+  white-space: nowrap !important;
+}
+
+.super-settings-sticky-top {
+  position: sticky;
+  top: 0;
+  padding: 1rem 0;
+  background-color: white;
+}

data/lib/super_settings/application.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require_relative "application/helper"
+
+module SuperSettings
+  # Simple class for rendering ERB templates for the HTML application.
+  class Application
+    include Helper
+
+    # @param layout [String, Symbol] path to an ERB template to use as the layout around the application UI. You can
+    #                                pass the symbol `:default` to use the default layout that ships with the gem.
+    # @param add_to_head [String] HTML code to add to the <head> element on the page.
+    def initialize(layout = nil, add_to_head = nil)
+      if layout
+        layout = File.expand_path(File.join("application", "layout.html.erb"), __dir__) if layout == :default
+        @layout = ERB.new(File.read(layout))
+        @add_to_head = add_to_head
+      end
+    end
+
+    # Render the specified ERB file in the lib/application directory distributed with the gem.
+    def render(erb_file)
+      template = ERB.new(File.read(File.expand_path(File.join("application", erb_file), __dir__)))
+      html = template.result(binding)
+      if @layout
+        render_layout { html }
+      else
+        html
+      end
+    end
+
+    private
+
+    def render_layout
+      @layout.result(binding)
+    end
+  end
+end

data/lib/super_settings/attributes.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module SuperSettings
+  # Interface to expose mass setting attributes on an object. Setting attributes with a
+  # hash will simply call the attribute writers for each key in the hash.
+  module Attributes
+    class UnknownAttributeError < StandardError
+    end
+
+    def initialize(attributes = nil)
+      self.attributes = attributes if attributes
+    end
+
+    def attributes=(values)
+      values.each do |name, value|
+        if respond_to?("#{name}=", true)
+          send("#{name}=", value)
+        else
+          raise UnknownAttributeError.new("unknown attribute #{name.to_s.inspect} for #{self.class}")
+        end
+      end
+    end
+  end
+end

data/lib/super_settings/coerce.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module SuperSettings
+  # Utility functions for coercing values to other data types.
+  class Coerce
+    # rubocop:disable Lint/BooleanSymbol
+    FALSE_VALUES = [
+      false, 0,
+      "0", :"0",
+      "f", :f,
+      "F", :F,
+      "false", :false,
+      "FALSE", :FALSE,
+      "off", :off,
+      "OFF", :OFF
+    ].to_set.freeze
+    # rubocop:enable Lint/BooleanSymbol
+
+    class << self
+      # Cast variations of booleans (i.e. "true", "false", 1, 0, etc.) to actual boolean objects.
+      # @param value [Object]
+      # @return [Boolean]
+      def boolean(value)
+        if value == false
+          false
+        elsif blank?(value)
+          nil
+        else
+          !FALSE_VALUES.include?(value)
+        end
+      end
+
+      # Cast a value to a Time object.
+      def time(value)
+        value = nil if value.nil? || value.to_s.empty?
+        return nil if value.nil?
+        time = if value.is_a?(Numeric)
+          Time.at(value)
+        elsif value.respond_to?(:to_time)
+          value.to_time
+        else
+          Time.parse(value.to_s)
+        end
+        if time.respond_to?(:in_time_zone) && Time.respond_to?(:zone)
+          time = time.in_time_zone(Time.zone)
+        end
+        time
+      end
+
+      # @return true if the value is nil or empty.
+      def blank?(value)
+        return true if value.nil?
+        if value.respond_to?(:empty?)
+          value.empty?
+        else
+          value.to_s.empty?
+        end
+      end
+
+      # @return true if the value is not nil and not empty.
+      def present?(value)
+        !blank?(value)
+      end
+    end
+  end
+end

data/lib/super_settings/configuration.rb

@@ -0,0 +1,144 @@
+# frozen_string_literal: true
+
+require "singleton"
+
+module SuperSettings
+  # Configuration for the gem when run as a Rails engine. Default values and behaviors
+  # on the controller and model can be overridden with the configuration.
+  #
+  # The configuration is a singleton instance.
+  class Configuration
+    include Singleton
+
+    # Configuration for the controller.
+    class Controller
+      # @api private
+      attr_reader :enhancement
+
+      # Superclass for the controller. This should normally be set to one of your existing
+      # base controller classes since these probably have authentication methods, etc. defined
+      # on them. If this is not defined, the superclass will be `SuperSettings::ApplicationController`.
+      # It can be set to either a class or a class name. Setting to a class name is preferrable
+      # since it will be compatible with class reloading in a development environment.
+      attr_writer :superclass
+
+      def superclass
+        if @superclass.is_a?(String)
+          @superclass.constantize
+        else
+          @superclass
+        end
+      end
+
+      # Optinal name of the application displayed in the view.
+      attr_accessor :application_name
+
+      # Optional mage URL for the application logo.
+      attr_accessor :application_logo
+
+      # Optional URL for a link back to the rest of the application.
+      attr_accessor :application_link
+
+      # Javascript to inject into the settings application HTML page. This can be used, for example,
+      # to set authorization credentials stored client side to access the settings API.
+      attr_accessor :javascript
+
+      # Enhance the controller. You can define methods or call controller class methods like
+      # `before_action`, etc. in the block. These will be applied to the engine controller.
+      # This is essentially the same a monkeypatching the controller class.
+      def enhance(&block)
+        @enhancement = block
+      end
+
+      # Define how the `changed_by` attibute on the setting history will be filled from the controller.
+      # The block will be evaluated in the context of the controller when the settings are changed.
+      # The value returned by the block will be stored in the changed_by attribute. For example, if
+      # your base controller class defines a method `current_user` and you'd like the name to be stored
+      # in the history, you could call `define_changed_by { current_user.name }`
+      def define_changed_by(&block)
+        @changed_by_block = block
+      end
+
+      # Return the value of `define_changed_by` block.
+      #
+      # @api private
+      def changed_by(controller)
+        if defined?(@changed_by_block) && @changed_by_block
+          controller.instance_eval(&@changed_by_block)
+        end
+      end
+    end
+
+    # Configuration for the models.
+    class Model
+      # Specify the cache implementation to use for caching the last updated timestamp for reloading
+      # changed records. Defaults to `Rails.cache`
+      attr_accessor :cache
+
+      attr_writer :storage
+
+      # Specify the storage engine to use for persisting settings. The value can either be specified
+      # as a full class name or an underscored class name for a storage classed defined in the
+      # `SuperSettings::Storage` namespace. The default storage engine is `SuperSettings::Storage::ActiveRecord`.
+      def storage
+        if defined?(@storage) && @storage
+          @storage
+        else
+          :active_record
+        end
+      end
+
+      # @return [Class]
+      # @api private
+      def storage_class
+        if storage.is_a?(Class)
+          storage
+        else
+          class_name = storage.to_s.camelize
+          if Storage.const_defined?("#{class_name}Storage")
+            Storage.const_get("#{class_name}Storage")
+          else
+            class_name.constantize
+          end
+        end
+      end
+    end
+
+    # Return the model specific configuration object.
+    attr_reader :model
+
+    # Return the controller specific configuration object.
+    attr_reader :controller
+
+    # Set the secret used for encrypting secret settings. Defaults to the value of the
+    # SUPER_SETTINGS_SECRET environment variable. An array can be provided if you need to
+    # roll the secret with the first value being the current one.
+    attr_accessor :secret
+
+    # Set the number of seconds that settings will be cached locally before the database
+    # is checked for updates. Defaults to 5 seconds.
+    attr_accessor :refresh_interval
+
+    def initialize
+      @model = Model.new
+      @controller = Controller.new
+    end
+
+    # Defer the execution of a block that will be yielded to with the config object. This
+    # is needed in a Rails environment during initialization so that all the frameworks can
+    # load before loading the settings.
+    #
+    # @api private
+    def defer(&block)
+      @block = block
+    end
+
+    # Call the block deferred during initialization.
+    #
+    # @api private
+    def call
+      @block&.call(self)
+      @block = nil
+    end
+  end
+end

data/lib/super_settings/controller_actions.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+require "erb"
+
+module SuperSettings
+  # Module used to build the SuperSettings::SettingsController for Rails applications.
+  # This controller is defined at runtime since it is assumed that the superclass will
+  # be one of the application's own base controller classes since the application will
+  # want to define authentication and authorization criteria.
+  #
+  # The controller is built by extending the class defined by the Configuration object and
+  # then mixing in this module.
+  module ControllerActions
+    def self.included(base)
+      base.layout "super_settings/settings"
+      base.helper SettingsHelper
+      base.protect_from_forgery with: :exception, if: :protect_from_forgery?
+    end
+
+    # Render the HTML application for managing settings.
+    def root
+      html = SuperSettings::Application.new.render("index.html.erb")
+      render html: html.html_safe, layout: true
+    end
+
+    # API endpoint for getting active settings. See SuperSettings::RestAPI for details.
+    def index
+      render json: SuperSettings::RestAPI.index
+    end
+
+    # API endpoint for getting a setting. See SuperSettings::RestAPI for details.
+    def show
+      setting = SuperSettings::RestAPI.show(params[:key])
+      if setting
+        render json: setting
+      else
+        render json: nil, status: 404
+      end
+    end
+
+    # API endpoint for updating settings. See SuperSettings::RestAPI for details.
+    def update
+      changed_by = Configuration.instance.controller.changed_by(self)
+      result = SuperSettings::RestAPI.update(params[:settings], changed_by)
+      if result[:success]
+        render json: result
+      else
+        render json: result, status: 422
+      end
+    end
+
+    # API endpoint for getting the history of a setting. See SuperSettings::RestAPI for details.
+    def history
+      setting_history = SuperSettings::RestAPI.history(params[:key], offset: params[:offset], limit: params[:limit])
+      if setting_history
+        render json: setting_history
+      else
+        render json: nil, status: 404
+      end
+    end
+
+    # API endpoint for getting the last time a setting was changed. See SuperSettings::RestAPI for details.
+    def last_updated_at
+      render json: SuperSettings::RestAPI.last_updated_at
+    end
+
+    # API endpoint for getting settings that have changed since specified time. See SuperSettings::RestAPI for details.
+    def updated_since
+      render json: SuperSettings::RestAPI.updated_since(params[:time])
+    end
+
+    protected
+
+    # Return true if CSRF protection needs to be enabled for the request.
+    # By default it is only enabled on stateful requests that include Basic authorization
+    # or cookies in the request so that stateless REST API calls are allowed.
+    def protect_from_forgery?
+      request.cookies.present? || request.authorization.to_s.split(" ", 2).first&.match?(/\ABasic/i)
+    end
+  end
+end

data/lib/super_settings/encryption.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+module SuperSettings
+  module Encryption
+    SALT = "0c54a781"
+    private_constant :SALT
+
+    # Error thrown when the secret is invalid
+    class InvalidSecretError < StandardError
+      def initialize
+        super("Cannot decrypt. Invalid secret provided.")
+      end
+    end
+
+    class << self
+      # Set the secret key used for encrypting secret values. If this is not set,
+      # the value will be loaded from the `SUPER_SETTINGS_SECRET` environment
+      # variable. If that value is not set, arguments will not be encrypted.
+      #
+      # You can set multiple secrets by passing an array if you need to roll your secrets.
+      # The left most value in the array will be used as the encryption secret, but
+      # all the values will be tried when decrypting. That way if you have existing keys
+      # that were encrypted with a different secret, you can still make it available
+      # when decrypting. If you are using the environment variable, separate the keys
+      # with spaces.
+      #
+      # @param value [String] One or more secrets to use for encrypting arguments.
+      # @return [void]
+      def secret=(value)
+        @encryptors = make_encryptors(value)
+      end
+
+      # Encrypt a value for use with secret settings.
+      # @api private
+      def encrypt(value)
+        return nil if Coerce.blank?(value)
+        encryptor = encryptors.first
+        return value if encryptor.nil?
+        encryptor.encrypt(value)
+      end
+
+      # Decrypt a value for use with secret settings.
+      # @api private
+      def decrypt(value)
+        return nil if Coerce.blank?(value)
+        return value if encryptors.empty? || encryptors == [nil]
+        encryptors.each do |encryptor|
+          begin
+            return encryptor.decrypt(value) if encryptor
+          rescue OpenSSL::Cipher::CipherError
+            # Not the right key, try the next one
+          end
+        end
+        raise InvalidSecretError
+      end
+
+      # @return [Boolean] true if the value is encrypted in the storage engine.
+      def encrypted?(value)
+        SecretKeys::Encryptor.encrypted?(value)
+      end
+
+      private
+
+      def encryptors
+        if !defined?(@encryptors) || @encryptors.empty?
+          @encryptors = make_encryptors(ENV["SUPER_SETTINGS_SECRET"].to_s.split)
+        end
+        @encryptors
+      end
+
+      def make_encryptors(secrets)
+        Array(secrets).map { |val| val.nil? ? nil : SecretKeys::Encryptor.from_password(val, SALT) }
+      end
+    end
+  end
+end

data/lib/super_settings/engine.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+module SuperSettings
+  # Engine that is loaded in a Rails environment. The engine will take care of applying any
+  # settings overriding behavior in the Configuration as well as eager loading the settings
+  # into memory.
+  class Engine < Rails::Engine
+    isolate_namespace ::SuperSettings
+
+    config.after_initialize do
+      # Call the deferred initialization block.
+      configuration = Configuration.instance
+      configuration.call
+
+      SuperSettings.refresh_interval = configuration.refresh_interval unless configuration.refresh_interval.nil?
+
+      reloader = if defined?(Rails.application.reloader.to_prepare)
+        Rails.application.reloader
+      elsif defined?(ActiveSupport::Reloader.to_prepare)
+        ActiveSupport::Reloader
+      elsif defined?(ActionDispatch::Reloader.to_prepare)
+        ActionDispatch::Reloader
+      end
+
+      create_controller = lambda do
+        klass = Class.new(configuration.controller.superclass || ::ApplicationController)
+        if defined?(SuperSettings::SettingsController)
+          SuperSettings.send(:remove_const, :SettingsController)
+        end
+        SuperSettings.const_set(:SettingsController, klass)
+        klass.include(ControllerActions)
+        if configuration.controller.enhancement
+          klass.class_eval(&configuration.controller.enhancement)
+        end
+      end
+
+      # Setup the controller.
+      ActiveSupport.on_load(:action_controller) do
+        create_controller.call
+        if reloader && !Rails.configuration.cache_classes
+          reloader.to_prepare(&create_controller)
+        end
+      end
+
+      model_load_block = proc do
+        Setting.cache = (configuration.model.cache || Rails.cache)
+        Setting.storage = configuration.model.storage_class
+
+        if configuration.secret.present?
+          SuperSettings.secret = configuration.secret
+          configuration.secret = nil
+        end
+
+        if !SuperSettings.loaded?
+          begin
+            SuperSettings.load_settings
+          rescue => e
+            Rails.logger&.warn(e)
+          end
+        end
+      end
+
+      if configuration.model.storage.to_s == "active_record"
+        ActiveSupport.on_load(:active_record, &model_load_block)
+      else
+        model_load_block.call
+      end
+    end
+  end
+end

data/lib/super_settings/history_item.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module SuperSettings
+  # Model for each item in a setting's history. When a setting is changed, the system
+  # will track the value it is changed to, who it was changed by, and when.
+  class HistoryItem
+    include Attributes
+
+    attr_accessor :key, :value, :changed_by, :created_at
+    attr_writer :deleted
+
+    def deleted?
+      # Stupid strict mode...
+      !!(defined?(@deleted) && @deleted)
+    end
+
+    # The method could be overriden to change how the changed_by attribute is displayed.
+    # For instance, you could store a user id in the changed_by column and add an association
+    # on this model `belongs_to :user, class_name: "User", foreign_key: :changed_by` and then
+    # define this method as `user.name`.
+    # @return [String]
+    def changed_by_display
+      changed_by
+    end
+  end
+end