RubyGems - trackguard - Versions diffs - 0.15.1 - Mend

trackguard 0.15.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

checksums.yaml +7 -0
data/app/assets/javascripts/controllers/page_tracker_controller.js +41 -0
data/app/assets/stylesheets/trackguard/admin.css +479 -0
data/app/controllers/concerns/trackguard/page_tracker.rb +41 -0
data/app/controllers/trackguard/admin/analytics_controller.rb +85 -0
data/app/controllers/trackguard/admin/base_controller.rb +25 -0
data/app/controllers/trackguard/admin/blocked_user_agents_controller.rb +27 -0
data/app/controllers/trackguard/admin/dashboards_controller.rb +17 -0
data/app/controllers/trackguard/admin/visitors_controller.rb +57 -0
data/app/controllers/trackguard/admin/visits_controller.rb +17 -0
data/app/controllers/trackguard/admin/whitelisted_ips_controller.rb +64 -0
data/app/controllers/trackguard/page_views_controller.rb +18 -0
data/app/helpers/trackguard/application_helper.rb +10 -0
data/app/jobs/trackguard/detect_suspicious_visitors_job.rb +130 -0
data/app/jobs/trackguard/track_page_view_job.rb +29 -0
data/app/models/trackguard/blocked_user_agent.rb +16 -0
data/app/models/trackguard/page_view.rb +17 -0
data/app/models/trackguard/visitor.rb +24 -0
data/app/models/trackguard/whitelisted_ip.rb +26 -0
data/app/services/trackguard/application_service.rb +7 -0
data/app/services/trackguard/page_view_recorder.rb +39 -0
data/app/views/layouts/trackguard/admin.html.erb +68 -0
data/app/views/trackguard/admin/dashboards/show.html.erb +234 -0
data/app/views/trackguard/admin/visits/_pagination.html.erb +48 -0
data/app/views/trackguard/admin/visits/index.html.erb +148 -0
data/config/importmap.rb +1 -0
data/config/routes.rb +14 -0
data/lib/generators/trackguard/install_generator.rb +24 -0
data/lib/generators/trackguard/templates/create_trackguard_tables.rb +48 -0
data/lib/tasks/trackguard.rake +32 -0
data/lib/trackguard/engine.rb +25 -0
data/lib/trackguard/rack_attack.rb +31 -0
data/lib/trackguard/version.rb +3 -0
data/lib/trackguard.rb +40 -0
data/trackguard.gemspec +18 -0
metadata +102 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 0de5b2d1e0a03f4935d196a8485f5a919c65a766f43a2f6c1d116c489a71fa47
+  data.tar.gz: 1c78129586cdd55b4498374e8116ae99655354e938b5b439a76791188bf02379
+SHA512:
+  metadata.gz: '0758f1a980d0e3fca8f6bf787f2a313ff785defcbd9057f3d7fb05b4814f77e0401a5d15e01e6bc8b9b15469f2e9b3cec1cf70e45bf7ab182de93c2bf4950d40'
+  data.tar.gz: 92526230b8ae4edbe68f39dfc9560243c702da99ae542db8c051151186edb45e36618d0ecfce63b2eafdae21711a778fbebe87c9464ce56d7b8ed700d49c7369

data/app/assets/javascripts/controllers/page_tracker_controller.js ADDED Viewed

@@ -0,0 +1,41 @@
+import { Controller } from "@hotwired/stimulus"
+export default class extends Controller {
+  static values = { url: { type: String, default: "" } }
+  connect() {
+    this.lastTracked = null
+    this.boundLoad = () => this.trackCurrent()
+    this.boundHash = () => this.trackCurrent()
+    document.addEventListener("turbo:load", this.boundLoad)
+    window.addEventListener("hashchange", this.boundHash)
+    // Cover initial load if turbo:load already fired before connect()
+    // Pass initial=true so the job can deduplicate/enrich against the server-side record
+    this.trackCurrent(true)
+  }
+  disconnect() {
+    document.removeEventListener("turbo:load", this.boundLoad)
+    window.removeEventListener("hashchange", this.boundHash)
+  }
+  trackCurrent(initial = false) {
+    const path = window.location.pathname + window.location.hash
+    if (path === this.lastTracked) return
+    this.lastTracked = path
+    this.track(path, initial)
+  }
+  track(path, initial = false) {
+    const token = document.querySelector('meta[name="csrf-token"]')?.content
+    const traceId = document.querySelector('meta[name="trace-id"]')?.content
+    const url = this.urlValue || document.querySelector('meta[name="trackguard-url"]')?.content
+    const ref = new URLSearchParams(window.location.search).get("ref")
+    fetch(url, {
+      method: "POST",
+      headers: { "Content-Type": "application/json", "X-CSRF-Token": token || "" },
+      body: JSON.stringify({ path, trace_id: traceId, ref, initial })
+    })
+  }
+}

data/app/assets/stylesheets/trackguard/admin.css ADDED Viewed

@@ -0,0 +1,479 @@
+/* ── Reset ─────────────────────────────────────────────────────────── */
+*, *::before, *::after { box-sizing: border-box; }
+/* ── Base ──────────────────────────────────────────────────────────── */
+.tg-body {
+  margin: 0;
+  font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Inter", sans-serif;
+  font-size: 16px;
+  line-height: 1.5;
+  background-color: #07101f;
+  color: #e0e0e0;
+  -webkit-font-smoothing: antialiased;
+  min-height: 100vh;
+}
+/* ── Layout ────────────────────────────────────────────────────────── */
+.tg-container {
+  max-width: 1100px;
+  margin: 0 auto;
+  padding: 0 1.5rem;
+}
+/* ── Header ────────────────────────────────────────────────────────── */
+.tg-header {
+  background: #0d1829;
+  border-bottom: 1px solid #1c2d4a;
+  padding: 0.875rem 0;
+}
+.tg-header__inner {
+  display: flex;
+  align-items: center;
+  gap: 0.5rem;
+}
+.tg-brand {
+  display: flex;
+  align-items: center;
+  gap: 0.5rem;
+  font-size: 0.9375rem;
+  font-weight: 600;
+  letter-spacing: 0.03em;
+  color: #60a5fa;
+  text-decoration: none;
+  flex: 1;
+}
+.tg-brand__logo {
+  width: 20px;
+  height: 22px;
+  flex-shrink: 0;
+  filter: drop-shadow(0 0 4px rgba(59, 130, 246, 0.35));
+}
+/* ── Back link ─────────────────────────────────────────────────────── */
+.tg-back-link {
+  display: flex;
+  align-items: center;
+  gap: 0.3rem;
+  font-size: 0.8125rem;
+  color: #666666;
+  text-decoration: none;
+  transition: color 0.15s;
+  white-space: nowrap;
+}
+.tg-back-link svg {
+  width: 14px;
+  height: 14px;
+  flex-shrink: 0;
+}
+.tg-back-link:hover {
+  color: #e0e0e0;
+}
+/* ── Nav ───────────────────────────────────────────────────────────── */
+.tg-nav {
+  background: #0d1829;
+  border-bottom: 1px solid #1c2d4a;
+}
+.tg-nav > .tg-container {
+  display: flex;
+}
+.tg-nav__link {
+  display: inline-block;
+  padding: 0.5rem 1rem;
+  font-size: 0.8125rem;
+  color: #666666;
+  text-decoration: none;
+  border-bottom: 2px solid transparent;
+  transition: color 0.15s;
+}
+.tg-nav__link:hover { color: #e0e0e0; }
+.tg-nav__link--active {
+  color: #60a5fa;
+  border-bottom-color: #60a5fa;
+}
+/* ── Main ──────────────────────────────────────────────────────────── */
+.tg-main {
+  padding: 1.25rem 0 4rem;
+}
+/* ── Page header ───────────────────────────────────────────────────── */
+.tg-page-header {
+  margin-bottom: 1.75rem;
+}
+.tg-page-title {
+  margin: 0;
+  font-size: 1.25rem;
+  font-weight: 700;
+  letter-spacing: -0.02em;
+  color: #f0f0f0;
+}
+/* ── Stats ─────────────────────────────────────────────────────────── */
+.tg-stats {
+  display: grid;
+  grid-template-columns: repeat(3, 1fr);
+  gap: 1rem;
+  margin-bottom: 2rem;
+}
+.tg-stat {
+  background: #0d1829;
+  border: 1px solid #1c2d4a;
+  border-radius: 8px;
+  padding: 1.25rem;
+}
+.tg-stat__label {
+  font-size: 0.6875rem;
+  font-weight: 500;
+  text-transform: uppercase;
+  letter-spacing: 0.08em;
+  color: #666666;
+  margin: 0 0 0.25rem;
+}
+.tg-stat__value {
+  font-size: 1.625rem;
+  font-weight: 700;
+  color: #f0f0f0;
+  margin: 0;
+}
+/* ── Page title count ──────────────────────────────────────────────── */
+.tg-page-title__count {
+  font-size: 0.9375rem;
+  font-weight: 400;
+  color: #666666;
+  margin-left: 0.5rem;
+}
+/* ── Panel grid ────────────────────────────────────────────────────── */
+.tg-panels {
+  display: grid;
+  grid-template-columns: repeat(3, 1fr);
+  gap: 1rem;
+  margin-bottom: 1rem;
+}
+.tg-panel {
+  background: #0d1829;
+  border: 1px solid #1c2d4a;
+  border-radius: 8px;
+  padding: 1rem;
+  margin-bottom: 1rem;
+  overflow: hidden;
+}
+.tg-panel__heading {
+  font-size: 0.6875rem;
+  font-weight: 600;
+  text-transform: uppercase;
+  letter-spacing: 0.08em;
+  color: #f0f0f0;
+  margin: 0 0 0.75rem;
+}
+.tg-panel__sub {
+  font-weight: 400;
+  color: #666666;
+  text-transform: none;
+  letter-spacing: 0;
+}
+.tg-panel .tg-table { margin-bottom: 0; }
+.tg-panel tr:last-child .tg-td,
+.tg-panel tr:last-child .tg-td--bare { border-bottom: none; }
+/* ── Pagination ────────────────────────────────────────────────────── */
+.tg-pagination {
+  display: flex;
+  align-items: center;
+  gap: 0.25rem;
+  padding: 1rem 0 0;
+  flex-wrap: wrap;
+}
+.tg-pagination__link {
+  padding: 0.25rem 0.625rem;
+  border-radius: 4px;
+  font-size: 0.8125rem;
+  color: #e0e0e0;
+  text-decoration: none;
+  background: #1c2d4a;
+}
+.tg-pagination__link:hover { background: #243a5e; }
+.tg-pagination__link--active {
+  background: #60a5fa;
+  color: #07101f;
+  font-weight: 600;
+}
+.tg-pagination__link--disabled {
+  opacity: 0.4;
+  pointer-events: none;
+}
+.tg-pagination__ellipsis {
+  padding: 0.25rem 0.25rem;
+  font-size: 0.8125rem;
+  color: #666666;
+}
+/* ── Table ─────────────────────────────────────────────────────────── */
+.tg-table {
+  width: 100%;
+  border-collapse: collapse;
+  font-size: 0.875rem;
+  margin-bottom: 2rem;
+}
+.tg-th {
+  text-align: left;
+  padding: 0.625rem 0.875rem;
+  font-size: 0.6875rem;
+  font-weight: 500;
+  text-transform: uppercase;
+  letter-spacing: 0.08em;
+  color: #666666;
+  border-bottom: 1px solid #1c2d4a;
+}
+.tg-th--right { text-align: right; }
+.tg-td {
+  padding: 0.75rem 0.875rem;
+  border-bottom: 1px solid #1c2d4a;
+  color: #f0f0f0;
+  font-weight: 500;
+}
+.tg-td--num {
+  text-align: right;
+  color: #e0e0e0;
+  font-weight: 400;
+}
+.tg-td--break { word-break: break-all; }
+.tg-td--bare {
+  padding: 0;
+  border-bottom: 1px solid #1c2d4a;
+}
+/* ── Empty state ───────────────────────────────────────────────────── */
+.tg-empty {
+  font-size: 0.9375rem;
+  color: #666666;
+  padding: 1rem 0 2rem;
+  margin: 0;
+}
+/* ── Accordion row ─────────────────────────────────────────────────── */
+.tg-row--flagged {
+  background: rgba(127, 29, 29, 0.15);
+}
+.tg-row--whitelisted {
+  background: rgba(6, 78, 59, 0.15);
+}
+.tg-summary {
+  display: flex;
+  align-items: center;
+  gap: 0.75rem;
+  padding: 0.875rem;
+  cursor: pointer;
+  list-style: none;
+}
+.tg-summary::-webkit-details-marker { display: none; }
+.tg-summary__path {
+  flex: 1;
+  min-width: 0;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  color: #f0f0f0;
+  font-weight: 500;
+  font-size: 0.875rem;
+}
+.tg-summary__ip {
+  font-family: "JetBrains Mono", "Fira Code", "Cascadia Code", monospace;
+  font-size: 0.75rem;
+  color: #e0e0e0;
+  width: 8.5rem;
+  flex-shrink: 0;
+}
+.tg-summary__flag {
+  width: 1.5rem;
+  text-align: center;
+  flex-shrink: 0;
+  color: #666666;
+  font-size: 0.875rem;
+}
+.tg-summary__whitelist {
+  width: 1.5rem;
+  text-align: center;
+  flex-shrink: 0;
+  color: #666666;
+  font-size: 0.875rem;
+}
+.tg-summary__time {
+  font-size: 0.8125rem;
+  color: #e0e0e0;
+  width: 7.5rem;
+  flex-shrink: 0;
+}
+.tg-flag-icon {
+  width: 1rem;
+  height: 1rem;
+  color: #ef4444;
+  vertical-align: middle;
+}
+.tg-whitelist-icon {
+  width: 1rem;
+  height: 1rem;
+  color: #22c55e;
+  vertical-align: middle;
+}
+/* ── Detail panel ──────────────────────────────────────────────────── */
+.tg-detail {
+  padding: 0 1rem 1rem 1rem;
+  background: #0d1829;
+}
+.tg-detail__grid {
+  display: grid;
+  grid-template-columns: repeat(2, 1fr);
+  gap: 1.25rem;
+  padding-top: 0.75rem;
+}
+.tg-detail__group-label {
+  font-size: 0.6875rem;
+  font-weight: 500;
+  text-transform: uppercase;
+  letter-spacing: 0.08em;
+  color: #666666;
+  margin: 0 0 0.5rem;
+}
+/* ── Definition list ───────────────────────────────────────────────── */
+.tg-dl {
+  display: flex;
+  flex-direction: column;
+  gap: 0.3rem;
+}
+.tg-dl__row {
+  display: flex;
+  gap: 0.5rem;
+  font-size: 0.75rem;
+}
+.tg-dl__term {
+  color: #666666;
+  width: 6rem;
+  flex-shrink: 0;
+}
+.tg-dl__def {
+  color: #e0e0e0;
+  margin: 0;
+}
+.tg-dl__def--mono {
+  font-family: "JetBrains Mono", "Fira Code", "Cascadia Code", monospace;
+  word-break: break-all;
+}
+.tg-dl__def--break { word-break: break-all; }
+.tg-dl__def--flagged { color: #fca5a5; }
+.tg-dl__def--muted { color: #666666; }
+.tg-dl__def--whitelisted { color: #6ee7b7; }
+/* ── Flag actions ──────────────────────────────────────────────────── */
+.tg-detail__actions {
+  display: flex;
+  align-items: center;
+  gap: 0.5rem;
+  padding: 0.75rem 0 0;
+  border-top: 1px solid #1c2d4a;
+  margin-top: 0.75rem;
+}
+.tg-flag-form {
+  display: flex;
+  align-items: center;
+  gap: 0.5rem;
+  flex: 1;
+}
+.tg-input {
+  flex: 1;
+  background: #07101f;
+  border: 1px solid #1c2d4a;
+  border-radius: 4px;
+  color: #e0e0e0;
+  font-size: 0.8125rem;
+  padding: 0.375rem 0.625rem;
+  outline: none;
+}
+.tg-input:focus { border-color: #60a5fa; }
+.tg-input::placeholder { color: #444; }
+.tg-btn {
+  border: none;
+  border-radius: 4px;
+  cursor: pointer;
+  font-size: 0.8125rem;
+  font-weight: 500;
+  padding: 0.375rem 0.75rem;
+  white-space: nowrap;
+}
+.tg-btn--danger { background: #7f1d1d; color: #fca5a5; }
+.tg-btn--danger:hover { background: #991b1b; }
+.tg-btn--ghost { background: #1c2d4a; color: #e0e0e0; }
+.tg-btn--ghost:hover { background: #243a5e; }
+.tg-btn--whitelist { background: #064e3b; color: #6ee7b7; }
+.tg-btn--whitelist:hover { background: #065f46; }
+/* ── Responsive ────────────────────────────────────────────────────── */
+@media (max-width: 900px) {
+  .tg-panels { grid-template-columns: 1fr; }
+}
+@media (max-width: 640px) {
+  .tg-stats { grid-template-columns: 1fr; }
+  .tg-detail__grid { grid-template-columns: 1fr; }
+  .tg-summary__ip { display: none; }
+}

data/app/controllers/concerns/trackguard/page_tracker.rb ADDED Viewed

@@ -0,0 +1,41 @@
+module Trackguard
+  module PageTracker
+    extend ActiveSupport::Concern
+    included do
+      before_action :set_trace_id
+    end
+    module ClassMethods
+      def track_page_views(**)
+        after_action(:track_page_view, **)
+      end
+    end
+    private
+    def set_trace_id
+      @trace_id = SecureRandom.uuid
+    end
+    def track_page_view
+      return unless request.get? || request.head?
+      return unless request.format.html?
+      PageViewRecorder.call(
+        path: request.path,
+        ip: request.remote_ip,
+        user_agent: request.user_agent.to_s,
+        referer: request.referer,
+        session_id: session.id.to_s,
+        trace_id: @trace_id,
+        source: extract_source
+      )
+    end
+    def extract_source
+      raw = params[:ref].presence || params[:utm_source].presence
+      raw && raw.strip.downcase.first(64)
+    end
+  end
+end

data/app/controllers/trackguard/admin/analytics_controller.rb ADDED Viewed

@@ -0,0 +1,85 @@
+module Trackguard
+  module Admin
+    class AnalyticsController < BaseController
+      skip_before_action :verify_authenticity_token, if: :valid_api_token?
+      # rubocop:disable Metrics/AbcSize
+      def show
+        @total_today  = PageView.today.count
+        @total_week   = PageView.this_week.count
+        @total_month  = PageView.this_month.count
+        base = time_scope
+        @top_pages     = base.group(:path).order("count_all DESC").limit(10).count
+        @top_referrers = base.with_referrer.group(:referer).order("count_all DESC").limit(10).count
+        @top_sources   = base.with_source.group(:source).order("count_all DESC").limit(10).count
+        @recent = visitor_filtered(
+          time_scope(PageView.order(created_at: :desc).limit(20).includes(visitor: :whitelisted_ip))
+        )
+        render json: {
+          totals: { today: @total_today, week: @total_week, month: @total_month },
+          top_pages: @top_pages,
+          top_referrers: @top_referrers,
+          top_sources: @top_sources,
+          recent: @recent.map do |pv|
+            {
+              path: pv.path,
+              ip: pv.visitor&.ip,
+              flagged_at: pv.visitor.flagged_at,
+              flagged_by: pv.visitor.flagged_by,
+              whitelisted: pv.visitor.whitelisted_ip&.active? || false,
+              user_agent: pv.user_agent,
+              session_id: pv.session_id,
+              trace_id: pv.trace_id,
+              referer: pv.referer,
+              source: pv.source,
+              created_at: pv.created_at
+            }
+          end
+        }
+      end
+      # rubocop:enable Metrics/AbcSize
+      private
+      def authenticate_admin!
+        return if valid_api_token?
+        super
+      end
+      def time_scope(base = PageView.all)
+        params[:since].present? ? base.where(created_at: parsed_since..) : base.last_30
+      end
+      def parsed_since
+        @parsed_since ||= begin
+          Date.parse(params[:since])
+        rescue ArgumentError, TypeError
+          30.days.ago.to_date
+        end
+      end
+      def visitor_filtered(scope)
+        if params.key?(:flagged)
+          visitor_scope = cast_bool(params[:flagged]) ? Visitor.flagged : Visitor.unflagged
+          scope = scope.joins(:visitor).merge(visitor_scope)
+        end
+        if params.key?(:whitelisted)
+          scope = if cast_bool(params[:whitelisted])
+                    scope.joins(visitor: :whitelisted_ip).merge(WhitelistedIp.active)
+                  else
+                    scope.where.not(visitor_id: Visitor.joins(:whitelisted_ip).merge(WhitelistedIp.active).select(:id))
+                  end
+        end
+        scope
+      end
+      def cast_bool(val)
+        ActiveRecord::Type::Boolean.new.cast(val)
+      end
+    end
+  end
+end

data/app/controllers/trackguard/admin/base_controller.rb ADDED Viewed

@@ -0,0 +1,25 @@
+module Trackguard
+  module Admin
+    class BaseController < ActionController::Base
+      layout -> { Trackguard.admin_layout }
+      before_action :authenticate_admin!
+      private
+      def authenticate_admin!
+        instance_exec(&Trackguard.authenticate_admin_with)
+      end
+      def valid_api_token?
+        expected = Trackguard.api_token
+        return false unless expected.present?
+        token = request.headers["Authorization"]&.then { |h| h[/\ABearer (.+)\z/, 1] }
+        return false unless token.present?
+        ActiveSupport::SecurityUtils.secure_compare(token, expected)
+      end
+    end
+  end
+end

data/app/controllers/trackguard/admin/blocked_user_agents_controller.rb ADDED Viewed

@@ -0,0 +1,27 @@
+module Trackguard
+  module Admin
+    class BlockedUserAgentsController < BaseController
+      skip_before_action :verify_authenticity_token, if: :valid_api_token?
+      def index
+        render json: BlockedUserAgent.order(:pattern).pluck(:pattern)
+      end
+      def create
+        record = BlockedUserAgent.find_or_create_by!(pattern: params.fetch(:pattern))
+        Rails.cache.delete(BlockedUserAgent::CACHE_KEY)
+        render json: { status: "ok", pattern: record.pattern }
+      rescue ActionController::ParameterMissing, ActiveRecord::RecordInvalid => e
+        render json: { status: "error", message: e.message }, status: :unprocessable_entity
+      end
+      private
+      def authenticate_admin!
+        return if valid_api_token?
+        super
+      end
+    end
+  end
+end