umami-read-models 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2c2f6153e25093f6b47ff480dcad0305d3729725541ce61fe814c5551f52ad3f
-  data.tar.gz: e81abfd30bf2a212a5f8ca47847720a3760358c58cf5da14c659519e4d068c35
+  metadata.gz: 3c4f017351c420cd97ca5aecea866a3dee50f818d147a4b60bf6965461763ab7
+  data.tar.gz: 487cdcf1f040fe3d76f323037f4923efacb62064d0026ec8290cc6a2a8fc5065
 SHA512:
-  metadata.gz: 4867b41518f09623a58584e9130aab9314d89366e9d97d0a5b8826d953156d20004ba3df88087e459bd0757e263331bb71bb14a149d6eb49caf6e8159ef63d15
-  data.tar.gz: 30676022f6642b95b55658364d072a1bb282e0df36c5c01e4f158cefac29af0465d7697b813b5b40814cba45c444bd99edfee818e1c3555a456d46b5eaa91b01
+  metadata.gz: d18c796d4242d5710c53a1c7325c2938128a7fb91875742ab7e7cbfe706ccb3ee0b703e83067f6a6ab434812d628f3c336822720b4cdbdc6ac3c9f552f5600e2
+  data.tar.gz: 290bec88c2684b6d348350348c121e270bf85edda4e36c15d958b5f13e7564305ebaee4a8cf650391af4e486c0b940c3fad0f7987afb973bc9632ba564825dc4

data/.env.example

@@ -0,0 +1,5 @@
+# PostgreSQL connection URL for Umami database
+DATABASE_URL=postgresql://username:password@localhost:5432/umami_db
+
+# Or with more options:
+# DATABASE_URL=postgresql://username:password@host:5432/database?sslmode=require&connect_timeout=10

data/CHANGELOG.md

@@ -7,6 +7,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.1.1] - 2024-01-26
+
+### Fixed
+- Removed non-functional table prefix feature that was documented but didn't work
+- Fixed database connection configuration to properly work with Rails multi-database
+- Enhanced read-only protection to prevent all write operations (create, update, delete)
+- Fixed SQL injection vulnerability in README raw SQL example
+- Updated documentation to accurately reflect actual gem functionality
+
+### Changed
+- Simplified database configuration to use standard Rails patterns
+- Improved error messages for read-only violations
+- Database configuration now properly converts simple symbols to Rails multi-db format
+
+### Removed
+- Removed broken `table_prefix` configuration option
+- Removed misleading "thread-safe connection management" claim
+
 ## [0.1.0] - 2024-01-26
 
 ### Added

data/README.md

@@ -5,11 +5,9 @@ A Ruby gem that provides read-only ActiveRecord models for accessing Umami Analy
 ## Features
 
 - Read-only ActiveRecord models for all Umami database tables
-- Support for PostgreSQL connections
+- Support for PostgreSQL connections  
 - Built-in query scopes for common analytics queries
 - Association mappings between models
-- Configurable table prefix support
-- Thread-safe connection management
 
 ## Installation
 
@@ -47,31 +45,23 @@ production:
     password: <%= ENV['UMAMI_DB_PASSWORD'] %>
 ```
 
-Then configure the gem in an initializer (e.g., `config/initializers/umami_read_models.rb`):
+Configure the gem in an initializer (e.g., `config/initializers/umami_read_models.rb`):
 
 ```ruby
+# For a simple setup with one database
 Umami::Models.configure do |config|
-  # Specify which database configuration to use
   config.database = :umami
-  
-  # Optional: Set a table prefix if your Umami tables use one
-  config.table_prefix = "umami_"
 end
-```
-
-### Advanced Multi-Database Configuration
 
-For read replicas:
-
-```ruby
+# Or for read replicas
 Umami::Models.configure do |config|
   config.database = { writing: :umami, reading: :umami_replica }
 end
 ```
 
-This uses Rails' built-in database roles. Even though the models are read-only, Rails still requires 
-a `:writing` connection to be defined. Both connections can point to the same database, or you can 
-use a read replica for the `:reading` connection for better performance.
+**Important**: The configuration must be set during application initialization, not in an `after_initialize` block.
+
+**Note about read replicas**: Even though the models are read-only, Rails still requires a `:writing` connection to be defined. Both connections can point to the same database if you don't have a read replica.
 
 ## Usage
 
@@ -197,15 +187,19 @@ params = report.parsed_parameters
 
 ## Read-Only Protection
 
-All models are read-only by default. Any attempt to create, update, or delete records will fail:
+All models are read-only. Any attempt to create, update, or delete records will raise an error:
 
 ```ruby
-# This will raise an error
+# Creating records will raise an error
 website = Umami::Models::Website.new(name: "Test")
 website.save # => raises ActiveRecord::ReadOnlyRecord
 
-# This will also raise an error
-Umami::Models::Website.find(id).update(name: "New Name")
+# Updating records will raise an error
+website = Umami::Models::Website.find(id)
+website.update(name: "New Name") # => raises ActiveRecord::ReadOnlyRecord
+
+# Deleting records will raise an error
+website.destroy # => raises ActiveRecord::ReadOnlyRecord
 ```
 
 ## Advanced Usage
@@ -228,20 +222,26 @@ Umami::Models::WebsiteEvent
 
 ### Raw SQL
 
-For complex analytics queries, you can use raw SQL:
+For complex analytics queries, you can use raw SQL with proper parameterization:
 
 ```ruby
-results = Umami::Models::Base.connection.execute(<<-SQL)
+sql = <<-SQL
   SELECT 
     DATE(created_at) as date,
     COUNT(DISTINCT session_id) as visitors,
     COUNT(*) as page_views
   FROM website_event
-  WHERE website_id = '#{website_id}'
-    AND created_at >= '#{30.days.ago}'
+  WHERE website_id = ?
+    AND created_at >= ?
   GROUP BY DATE(created_at)
   ORDER BY date DESC
 SQL
+
+results = Umami::Models::Base.connection.exec_query(
+  sql, 
+  'SQL', 
+  [[nil, website_id], [nil, 30.days.ago]]
+)
 ```
 
 ## Development

data/lib/umami/models/version.rb

@@ -2,6 +2,6 @@
 
 module Umami
   module Models
-    VERSION = "0.1.0"
+    VERSION = "0.1.1"
   end
 end

data/lib/umami/models.rb

@@ -9,34 +9,43 @@ module Umami
     class Error < StandardError; end
 
     class << self
-      attr_accessor :table_prefix, :database
+      attr_accessor :database
 
       def configure
         yield self
+        apply_configuration! if database
+      end
+
+      def apply_configuration!
+        return unless database
+
+        # Apply to Base and all its descendants
+        if database.is_a?(Hash)
+          Base.connects_to database: database
+        else
+          Base.connects_to database: { writing: database, reading: database }
+        end
       end
     end
 
-    self.table_prefix = ""
     self.database = nil
 
     # Base class for all Umami models with read-only enforcement
     class Base < ActiveRecord::Base
       self.abstract_class = true
 
-      def self.inherited(subclass)
-        super
-        # Apply the database configuration when a model inherits from Base
-        return unless Umami::Models.database
-
-        subclass.connects_to database: Umami::Models.database
-      end
-
       def readonly?
         true
       end
 
-      def self.table_name
-        "#{Umami::Models.table_prefix}#{super}"
+      # Prevent any write operations
+      before_save :prevent_writes
+      before_destroy :prevent_writes
+
+      private
+
+      def prevent_writes
+        raise ActiveRecord::ReadOnlyRecord, "Umami models are read-only"
       end
     end
   end

data/scripts/README.md

@@ -0,0 +1,35 @@
+# Scripts
+
+## validate_connection.rb
+
+A validation script to test the umami-read-models gem functionality against a real Umami database.
+
+### Setup
+
+1. Create a `.env` file in the gem root directory:
+   ```bash
+   DATABASE_URL=postgresql://user:password@host:port/umami_database
+   ```
+
+2. Install dependencies:
+   ```bash
+   bundle install
+   ```
+
+### Usage
+
+```bash
+ruby scripts/validate_connection.rb
+```
+
+### What it tests
+
+- Database connectivity
+- Model loading
+- Basic queries (record counts)
+- Associations between models
+- Query scopes
+- Read-only protection
+- Complex analytical queries
+
+The script provides colored output showing pass/fail status for each test.

data/scripts/validate_connection.rb

@@ -0,0 +1,228 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+# Script to validate umami-read-models gem functionality
+# Usage: ruby scripts/validate_connection.rb
+# Requires: DATABASE_URL environment variable
+
+require "bundler/setup"
+require "umami/models"
+require "active_record"
+require "dotenv/load"
+require "uri"
+
+# Colors for output
+class String
+  def green = "\e[32m#{self}\e[0m"
+  def red = "\e[31m#{self}\e[0m"
+  def yellow = "\e[33m#{self}\e[0m"
+  def blue = "\e[34m#{self}\e[0m"
+end
+
+puts "Umami Read Models - Connection Validation".blue
+puts "=" * 50
+
+# Check for DATABASE_URL
+unless ENV["DATABASE_URL"]
+  puts "ERROR: DATABASE_URL not found in environment".red
+  puts "Please create a .env file with:"
+  puts "DATABASE_URL=postgresql://user:password@host:port/database"
+  exit 1
+end
+
+puts "✓ DATABASE_URL found".green
+
+# Since we're using DATABASE_URL directly, we don't need Rails database config
+# Just use the default connection
+ActiveRecord::Base.establish_connection(ENV.fetch("DATABASE_URL", nil))
+
+# Test configuration - skip this since we're not in a Rails app with named databases
+puts "\n1. Testing database connection...".yellow
+begin
+  ActiveRecord::Base.connection.execute("SELECT 1")
+  puts "✓ Database connection working".green
+rescue StandardError => e
+  puts "✗ Database connection failed: #{e.message}".red
+  exit 1
+end
+
+# Test Rails-style configuration (for use in Rails apps)
+puts "\n2. Testing Rails-style database configuration...".yellow
+begin
+  # Parse the DATABASE_URL to get connection parameters
+  uri = URI.parse(ENV.fetch("DATABASE_URL", nil))
+  db_config_hash = {
+    adapter: uri.scheme == "postgres" ? "postgresql" : uri.scheme,
+    host: uri.host,
+    port: uri.port || 5432,
+    database: uri.path[1..], # Remove leading slash
+    username: uri.user,
+    password: uri.password
+  }
+
+  # Add any query parameters (like sslmode, channel_binding, etc.)
+  if uri.query
+    URI.decode_www_form(uri.query).each do |key, value|
+      db_config_hash[key.to_sym] = value
+    end
+  end
+
+  # Create the configuration using the current environment
+  current_env = ActiveRecord::ConnectionHandling::DEFAULT_ENV.call
+  db_config = ActiveRecord::DatabaseConfigurations::HashConfig.new(
+    current_env,
+    "umami",
+    db_config_hash
+  )
+
+  # Register this configuration
+  ActiveRecord::Base.configurations = {
+    current_env => { "umami" => db_config.configuration_hash }
+  }
+
+  # Now test the gem's configuration
+  Umami::Models.configure do |config|
+    config.database = :umami
+  end
+
+  # Verify it works by testing a query
+  Umami::Models::Website.connection.execute("SELECT 1")
+  puts "✓ Rails-style configuration working".green
+  puts "  (In a Rails app, use: config.database = :umami)".green
+
+  # Also test multi-database configuration
+  Umami::Models.configure do |config|
+    config.database = { writing: :umami, reading: :umami }
+  end
+  Umami::Models::Website.connection.execute("SELECT 1")
+  puts "✓ Multi-database configuration also works".green
+  puts "  (For read replicas: { writing: :umami, reading: :umami_replica })".green
+rescue StandardError => e
+  puts "✗ Rails-style configuration failed: #{e.message}".red
+  puts "  Note: This is optional - direct DATABASE_URL connection still works".yellow
+end
+
+# Test model loading
+puts "\n3. Testing model loading...".yellow
+models = [
+  Umami::Models::User,
+  Umami::Models::Website,
+  Umami::Models::Session,
+  Umami::Models::WebsiteEvent,
+  Umami::Models::EventData,
+  Umami::Models::SessionData,
+  Umami::Models::Team,
+  Umami::Models::TeamUser,
+  Umami::Models::Report
+]
+
+models.each do |model|
+  puts "   ✓ #{model.name} loaded".green
+end
+
+# Test basic queries
+puts "\n4. Testing basic queries...".yellow
+begin
+  # Count records
+  puts "   Users: #{Umami::Models::User.count}"
+  puts "   Websites: #{Umami::Models::Website.count}"
+  puts "   Sessions: #{Umami::Models::Session.count}"
+  puts "   Events: #{Umami::Models::WebsiteEvent.count}"
+  puts "✓ Basic queries working".green
+rescue StandardError => e
+  puts "✗ Query failed: #{e.message}".red
+  puts "  Make sure the Umami database schema is set up correctly".yellow
+end
+
+# Test associations
+puts "\n4. Testing associations...".yellow
+begin
+  if (website = Umami::Models::Website.first)
+    puts "   Testing website: #{website.name || "Unnamed"}"
+    puts "   - Sessions count: #{website.sessions.count}"
+    puts "   - Events count: #{website.website_events.count}"
+    puts "   - Has user: #{website.user ? "Yes" : "No"}"
+    puts "✓ Associations working".green
+  else
+    puts "   No websites found to test associations".yellow
+  end
+rescue StandardError => e
+  puts "✗ Association test failed: #{e.message}".red
+end
+
+# Test scopes
+puts "\n5. Testing scopes...".yellow
+begin
+  # Test various scopes
+  puts "   Active websites: #{Umami::Models::Website.active.count}"
+  puts "   Recent sessions: #{Umami::Models::Session.recent.limit(5).count}"
+  puts "   Page views: #{Umami::Models::WebsiteEvent.page_views.count}"
+  puts "✓ Scopes working".green
+rescue StandardError => e
+  puts "✗ Scope test failed: #{e.message}".red
+end
+
+# Test read-only protection
+puts "\n6. Testing read-only protection...".yellow
+begin
+  # Test create
+  begin
+    user = Umami::Models::User.new(username: "test")
+    user.save!
+    puts "✗ ERROR: Create should have been blocked!".red
+  rescue ActiveRecord::ReadOnlyRecord => e
+    puts "   ✓ Create blocked: #{e.message}".green
+  end
+
+  # Test update
+  if (user = Umami::Models::User.first)
+    begin
+      user.update!(username: "changed")
+      puts "✗ ERROR: Update should have been blocked!".red
+    rescue ActiveRecord::ReadOnlyRecord => e
+      puts "   ✓ Update blocked: #{e.message}".green
+    end
+
+    # Test delete
+    begin
+      user.destroy!
+      puts "✗ ERROR: Delete should have been blocked!".red
+    rescue ActiveRecord::ReadOnlyRecord => e
+      puts "   ✓ Delete blocked: #{e.message}".green
+    end
+  else
+    puts "   No users found to test update/delete protection".yellow
+  end
+rescue StandardError => e
+  puts "✗ Read-only test failed: #{e.message}".red
+end
+
+# Test complex queries
+puts "\n7. Testing complex queries...".yellow
+begin
+  # Get top pages for the last 30 days
+  if (website = Umami::Models::Website.first)
+    top_pages = Umami::Models::WebsiteEvent
+                .by_website(website.website_id)
+                .page_views
+                .by_date_range(30.days.ago, Time.current)
+                .group(:url_path)
+                .order("count_all DESC")
+                .limit(5)
+                .count
+
+    puts "   Top 5 pages (last 30 days):"
+    top_pages.each do |path, count|
+      puts "   - #{path}: #{count} views"
+    end
+    puts "✓ Complex queries working".green if top_pages.any?
+    puts "   No page views in the last 30 days".yellow if top_pages.empty?
+  else
+    puts "   No websites found for complex query test".yellow
+  end
+rescue StandardError => e
+  puts "✗ Complex query failed: #{e.message}".red
+end
+
+puts "\n#{"=" * 50}"
+puts "Test completed!".blue

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: umami-read-models
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Andreas Zeitler
@@ -46,6 +46,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".env.example"
 - ".rubocop.yml"
 - CHANGELOG.md
 - LICENSE.txt
@@ -62,6 +63,8 @@ files:
 - lib/umami/models/version.rb
 - lib/umami/models/website.rb
 - lib/umami/models/website_event.rb
+- scripts/README.md
+- scripts/validate_connection.rb
 - sig/umami/models.rbs
 homepage: https://github.com/azeitler/umami-read-models
 licenses: []