surikat 0.2.2

data/lib/surikat/session.rb

@@ -0,0 +1,35 @@
+module Surikat
+
+  require 'surikat/session_manager'
+
+  class Session
+
+    def initialize(session_key)
+      @manager = Surikat::SessionManager.new
+      @session_key = session_key
+      @this_session = @manager[session_key] || {}
+
+      if @this_session.blank? && !@session_key.blank?
+        @manager.merge! @session_key, {created_at: Time.now}
+      end
+    end
+
+    def [](key)
+      @this_session[key]
+    end
+
+    def []=(key, value)
+      @manager.merge! @session_key, {key => value}
+    end
+
+    def delete(key)
+      @manager.delete_key! @session_key, key
+    end
+
+    def to_h
+      @this_session
+    end
+
+  end
+
+end

data/lib/surikat/session_manager.rb

@@ -0,0 +1,92 @@
+module Surikat
+  class SessionManager
+    def initialize
+      @config = Surikat.config.app['session']
+
+      #puts "Session manager configured with #{@config.inspect}"
+
+      case @config['storage']
+      when 'redis'
+        @store = Redis.new url: @config['redis_url']
+      when 'file'
+        @filename = @config['file'] || 'surikat_session_store'
+        @store = Marshal.load(File.read(@filename)) rescue {}
+      end
+
+    end
+
+    attr_reader :config
+
+    def [](key)
+      case @config['storage']
+      when 'file'
+        @store[key]
+      when 'redis'
+        existing = @store.get("surikat_session_key_#{key}")
+        existing ? Marshal.load(existing) : {}
+      end
+    end
+
+    # def create
+    #   key = SecureRandom.hex(30)
+    #   merge! key, {created_at: Time.now}
+    #   key
+    # end
+
+    def merge!(key, hash)
+      return if key.nil?
+
+      case @config['storage']
+
+      when 'redis'
+        redis_key = "surikat_session_key_#{key}"
+        if existing = @store.get(redis_key)
+          existing_object = Marshal.load(existing)
+          new_object      = existing_object.merge(hash)
+        else
+          new_object = hash
+        end
+        new_data = Marshal.dump(new_object)
+        @store.set(redis_key, new_data)
+
+      when 'file'
+        if @store[key]
+          @store[key].merge!(hash)
+        else
+          @store[key] = hash
+        end
+        File.open(@filename, 'w') {|f| f.write Marshal.dump(@store)}
+      end
+
+      true
+    end
+
+    def destroy!(skey)
+      case @config['storage']
+      when 'redis'
+        @store.del("surikat_session_key_#{skey}")
+      when 'file'
+        @store.delete(skey)
+        File.open(@filename, 'w') {|f| f.write Marshal.dump(@store)}
+      end
+    end
+
+    def delete_key!(skey, key)
+      case @config['storage']
+      when 'redis'
+        redis_key = "surikat_session_key_#{key}"
+        if existing = @store.get(redis_key)
+          existing_object = Marshal.load(existing)
+          new_object      = existing_object.delete(key)
+
+          new_data = Marshal.dump(new_object)
+        end
+        @store.set(redis_key, new_data)
+      when 'file'
+        @store[skey].delete(key)
+        File.open(@filename, 'w') {|f| f.write Marshal.dump(@store)}
+      end
+    end
+
+  end
+end

data/lib/surikat/templates/.rspec.tmpl

@@ -0,0 +1 @@
+--require spec_helper

data/lib/surikat/templates/.standalone_migrations.tmpl

@@ -0,0 +1,6 @@
+db:
+    seeds: db/seeds.rb
+    migrate: db/migrate
+    schema: db/schema.rb
+config:
+    database: config/database.yml

data/lib/surikat/templates/Gemfile.tmpl

@@ -0,0 +1,31 @@
+source 'https://rubygems.org'
+
+# This is a rack app
+gem 'rack-app'
+
+# ActiveRecord is used as a database layer
+gem 'activerecord'
+
+# ActiveSupport for various duties
+gem 'activesupport'
+
+# Surikat is the engine of the app
+gem 'surikat'
+
+# The web server
+gem 'passenger', ">= 5.0.25", require: "phusion_passenger/rack_handler"
+
+# The GraphQL parser
+gem 'graphql-libgraphqlparser', ">= 1.2.0"
+
+# A faster JSON parser
+gem 'oj'
+
+# The initial database is SQLite
+gem 'sqlite3'
+
+# Database migrations for both schema and data
+gem 'standalone_migrations'
+
+# Filtering
+gem 'ransack', ">= 1.8.8"

data/lib/surikat/templates/Rakefile.tmpl

@@ -0,0 +1,2 @@
+require 'standalone_migrations'
+StandaloneMigrations::Tasks.load_tasks

data/lib/surikat/templates/aaa_queries.rb.tmpl

@@ -0,0 +1,124 @@
+=begin
+This class was generated by the scaffold generator.
+It contains methods to handle authentication, authorization and access, using the User model.
+Default routes are created for each of this method (use 'surikat list routes' or look inside config/routes.yml to see them).
+Example queries/mutations can be found in the comments for each method.
+Generated at:: %{time}
+
+To test these queries, run 'rspec -f d spec/aaa_spec.rb'
+=end
+
+class AAAQueries < Surikat::BaseQueries
+=begin
+Description: Authenticate a user. On successful authentication, Surikat will save the +id+ of the user in the
+session, and then return the session key, which the frontend client must then carry to the next request.
+If the authentication was not successful, a nil value is returned.
+Query Name: Authenticate
+
+Input: { 'email' => String, 'password' => String }
+
+OutputType: Boolean
+
+Query Example:
+{ Authenticate(email: 'a@b.c', password: 'abc') }
+=end
+  def authenticate
+    user = User.authenticate(arguments)
+    return nil unless user
+
+    session[:user_id] = user.id
+    true
+  end
+
+
+=begin
+Description: Log a user out. The user's session is destroyed.
+Query Name: Logout
+
+OutputType: Boolean (always true)
+
+Query Example:
+{ Logout }
+=end
+  def logout
+    session.delete :user_id
+    true
+  end
+
+
+=begin
+Description: Returns the current user. Normally there's little reason to call this; the
+assumption is that the frontend remembers who the current user is.
+Query Name: CurrentUser
+
+OutputType: User
+
+Query Example:
+{ CurrentUser {
+    id
+    email
+  }
+}
+=end
+  def current_user
+    User.where(id: session[:user_id]).first
+  end
+
+=begin
+Description: Login as another user. The route for this query should have a +permitted_roles+ value of ['superadmin']
+or something similar, so that only superadmins may login as somebody else. The +id+ of the current user is preserved
+in the session inside +superadmin_id+ and is used by another query, +BackFromLoginAs+.
+Query Name: LoginAs
+
+OutputType: Boolean
+
+Query Example:
+{ LoginAs(user_id: 2) }
+=end
+  def login_as
+    new_user = User.where(id: arguments['user_id']).first
+    if new_user
+      current_user_id         = session[:user_id]
+      session[:user_id]       = new_user.id
+      session[:logged_in_at]  = Time.now
+      session[:superadmin_id] = current_user_id
+    end
+  end
+
+=begin
+Description: After having logged in as someone else, the superadmin can become again his own self.
+Query Name: BackFromLoginAs
+
+OutputType: Boolean
+
+Query Example:
+{ BackFromLoginAs }
+=end
+  def back_from_login_as
+    superadmin = User.where(id: session[:superadmin_id]).first
+    if superadmin
+      session[:user_id]       = superadmin.id
+      session[:superadmin_id] = nil
+    end
+  end
+
+
+=begin
+Just some demo queries used by the rspec tests. If you delete them, make sure to also delete the relevant tests in +spec/aaa_spec.rb+.
+=end
+  def demo_one
+    u = User.where(id: session['user_id']).first
+    "if you see this, you are logged in as #{u&.email} since #{session[:logged_in_at]}."
+  end
+
+  def demo_two
+    u = User.where(id: session['user_id']).first
+    "if you see this, you are logged in as #{u&.email} since #{session[:logged_in_at]} (and you have an acceptable user role)."
+  end
+
+  def demo_three
+    u = User.where(id: session['user_id']).first
+    "if you see this, you are logged in as #{u&.email} since #{session[:logged_in_at]} (and you have an acceptable user role)."
+  end
+
+end

data/lib/surikat/templates/aaa_spec.rb.tmpl

@@ -0,0 +1,151 @@
+require 'test_helper'
+
+describe AAAQueries do
+
+  before :all do
+    @user = User.create email:'a@b.com', password: 'onetwothree', roleids: 'worker'
+    @superadmin = User.create email:'super@a.com', password: 'onetwothree', roleids: 'superadmin'
+  end
+
+  before :each do
+    @session_key = SecureRandom.hex(5)
+  end
+
+  context "When testing Authentication, Authorization and Access" do
+    describe "#authentication" do
+
+      it "should correctly authenticate User" do
+        query = "{ Authenticate(email: \"a@b.com\", password: \"onetwothree\") }"
+        response = Surikat::run query
+
+        expect(response['Authenticate']).to be true
+      end
+
+      it "should incorrectly authenticate User" do
+        query = "{ Authenticate(email: \"a@b.com\", password: \"definitely not onetwothree\") }"
+        response = Surikat::run query
+
+        expect(response['Authenticate']).to eq :error => 'No result'
+      end
+    end
+
+    describe "#authorization" do
+
+      it "should allow a logged in user to access a private route" do
+        # First, log a user in
+        query = "{ Authenticate(email: \"a@b.com\", password: \"onetwothree\") }"
+        Surikat::run query, {}, session_key: @session_key
+
+        # Then, make sure they have access to a private query
+        query    = "{ DemoOne }"
+        response = Surikat::run query, {}, session_key: @session_key
+
+        expect(response['DemoOne']).to include "if you see this"
+      end
+
+      it "should not allow a non-logged in user to access a private route" do
+        query    = "{ DemoOne }"
+        response = Surikat::run query
+        expect(response['DemoOne']).to_not include "if you see this"
+      end
+
+
+      it "should log out a user" do
+        # First, log a user in
+        query = "{ Authenticate(email: \"a@b.com\", password: \"onetwothree\") }"
+        Surikat::run query, {}, session_key: @session_key
+
+        # Then, log them out
+        query = "{ Logout }"
+        response = Surikat::run query, {}, {session_key: @session_key}
+        expect(response['Logout']).to be true
+
+        # Then, check that they don't have access to a private query
+        query    = "{ DemoOne }"
+        response = Surikat::run query, {}, {session_key: @session_key}
+
+        expect(response['DemoOne']).not_to include "if you see this"
+      end
+
+      it "should retrieve the current user" do
+        # First, log a user in
+        query       = "{ Authenticate(email: \"a@b.com\", password: \"onetwothree\") }"
+        Surikat::run query, {}, {session_key: @session_key}
+
+        query    = "{ CurrentUser {id} }"
+        response = Surikat::run query, {}, {session_key: @session_key}
+
+        expect(response['CurrentUser']).to eq 'id' => @user.id
+      end
+    end
+
+    describe "#access" do
+      it "should not allow a user of the wrong role to a route protected by roles" do
+        # First, log a user in
+        query = "{ Authenticate(email: \"a@b.com\", password: \"onetwothree\") }"
+        Surikat::run query, {}, session_key: @session_key
+
+        # Then, make sure they do not have access to a private query
+        query    = "{ DemoTwo }"
+        response = Surikat::run query, {}, {session_key: @session_key}
+
+        expect(response['DemoTwo']).to_not include 'if you see this'
+      end
+
+      it "should allow a user of the right role to a route protected by roles" do
+        # First, log a user in
+        query = "{ Authenticate(email: \"a@b.com\", password: \"onetwothree\") }"
+        Surikat::run query, {}, session_key: @session_key
+
+        # Then, make sure they have access to a private query
+        query    = "{ DemoThree }"
+        response = Surikat::run query, {}, {session_key: @session_key}
+
+        expect(response['DemoThree']).to include "if you see this"
+      end
+
+      it "should allow a superadmin to login as another user" do
+        # First, log a superadmin in
+        query       = "{ Authenticate(email: \"#{@superadmin.email}\", password: \"onetwothree\") }"
+        response    = Surikat::run query, {}, session_key: @session_key
+        session_key = response['Authenticate']
+
+        # Then, create another user and login as them
+        user = User.create_random
+
+        query = "{ LoginAs(user_id: #{user.id}) }"
+        Surikat::run query, {}, {session_key: @session_key}
+
+        # To test, use the CurrentUser query
+        query    = "{ CurrentUser {id} }"
+        response = Surikat::run query, {}, {session_key: @session_key}
+
+        expect(response['CurrentUser']).to include 'id' => user.id
+      end
+
+      it "should allow a superadmin to return after having logged in as someone else" do
+        # First, log a superadmin in
+        query       = "{ Authenticate(email: \"#{@superadmin.email}\", password: \"onetwothree\") }"
+        Surikat::run query, {}, session_key: @session_key
+
+        # Then, create another user and login as them
+        user = User.create_random
+
+        query = "{ LoginAs(user_id: #{user.id}) }"
+        Surikat::run query, {}, {session_key: @session_key}
+
+        # Then, go back as the superadmin
+        query = " { BackFromLoginAs }"
+        Surikat::run query, {}, {session_key: @session_key}
+
+        # To test, use the CurrentUser query
+        query    = "{ CurrentUser {id} }"
+        response = Surikat::run query, {}, {session_key: @session_key}
+
+        expect(response['CurrentUser']).to include 'id' => @superadmin.id
+      end
+
+    end
+  end
+
+end