RubyGems - unsakini - Versions diffs - 0.0.4.pre.1 → 0.0.4 - Mend

unsakini 0.0.4.pre.1 → 0.0.4

Files changed (223) hide show

data/app/controllers/unsakini/share_board_controller.rb DELETED Viewed

@@ -1,122 +0,0 @@
-module Unsakini
-  class ShareBoardController < BaseController
-    include LoggedInControllerConcern
-    include BoardOwnerControllerConcern
-    include PostOwnerControllerConcern
-    include CommentOwnerControllerConcern
-    before_action :validate_params
-    # Shares a board to other users. Example payload param:
-    #
-    # `POST /api/share/board`
-    #
-    # ```
-    # {
-    #   board: {
-    #     id: 1,
-    #     name: 'some encrypted text',
-    #   },
-    #   posts: [
-    #     {
-    #       board_id: 1,
-    #       title: 'some encrypted text',
-    #       content: 'some encrypted text',
-    #       comments: [
-    #         {
-    #           id: 1,
-    #           content: 'some encrypted text',
-    #           user_id: 1,
-    #           post_id: 1,
-    #         }
-    #       ]
-    #     }
-    #   ],
-    #   shared_user_ids: [1, 2, 3, 4],
-    #   encrypted_password: 'some encrypted password'
-    # }
-    # ```
-    # The `encrypted_password` param will be used to decrypt contents of this board. The encryption happens in the client so
-    # the server don't really know what is the original password. The board creator will have to share it privately to other users whom he/she shared it with so they can access the board.
-    #
-    # `posts` and `comments` fields can be empty.
-    def index
-      ActiveRecord::Base.transaction do
-        if params[:posts]
-          params[:posts].each do |post|
-            p = Post.find(post[:id])
-            p.title = post[:title]
-            p.content = post[:content]
-            p.save!
-            if post[:comments] and p.valid?
-              post[:comments].each do |comment|
-                c = Comment.find(comment[:id])
-                c.content = comment[:content]
-                c.save!
-              end
-            end
-          end
-        end
-        if @user_board.share(params[:shared_user_ids], params[:encrypted_password])
-          render json: {}, status: :ok
-        else
-          raise "An error occured"
-        end
-      end
-    rescue
-      # clean up the created {UserBoard}s
-      render json: ["Some of the data can't be saved."], status: 422
-    end
-    # Validates the contents of params against the database records.
-    def validate_params
-      if params[:encrypted_password].nil? or params[:shared_user_ids].nil? or params[:board].nil?
-        render json: {}, status: 422
-        return
-      end
-      result = has_board_access(params[:board][:id])
-      if result[:status] != :ok
-        render json: {}, status: result[:status]
-        return
-      else
-        if !result[:user_board].is_admin
-          render json: {}, status: :forbidden
-          return
-        end
-        @board = result[:board]
-        @user_board = result[:user_board]
-      end
-      if params[:posts]
-        params[:posts].each do |post|
-          s = has_post_access(params[:board][:id], post[:id])[:status]
-          if s != :ok
-            render json: {}, status: s
-            return
-          end
-          if post[:comments]
-            post[:comments].each do |comment|
-              s = has_comment_access(post[:id], comment[:id])[:status]
-              if s != :ok
-                render json: {}, status: s
-                return
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/app/controllers/unsakini/user_token_controller.rb DELETED Viewed

@@ -1,17 +0,0 @@
-module Unsakini
-  class UserTokenController < Knock::AuthTokenController
-    def create
-      if entity.confirmed_at?
-        render json: auth_token, status: :created
-      else
-        res = {message: "Your account needs confirmation. Please follow the confirmation instructions sent to #{auth_params[:email]}"}
-        render status: 401, json: res
-      end
-    end
-    def entity_name
-      self.class.name.split('TokenController').first
-    end
-  end
-end

data/app/controllers/unsakini/users_controller.rb DELETED Viewed

@@ -1,69 +0,0 @@
-module Unsakini
-  class UsersController < BaseController
-    include LoggedInControllerConcern
-    include ::ActionController::Serialization
-    skip_before_action :ensure_logged_in, only: [:create, :confirm]
-    #Creates a new user
-    def create
-      user = User.new(user_params)
-      if user.save
-        UserMailer.confirm_account(user).deliver_now
-        render json: user, status: :created
-      else
-        render json: user.errors, status: 422
-      end
-    end
-    # confirm user account
-    def confirm
-      token = params[:token].to_s
-      user = User.find_by(confirmation_token: token)
-      if user.present? && user.confirmation_token_valid?
-        if user.mark_as_confirmed!
-          render json: {status: 'User confirmed successfully'}, status: :ok
-        else
-          render json: user.errors, status: 422
-        end
-      else
-        render json: ['Invalid token'], status: :not_found
-      end
-    end
-    # Renders the current user as json
-    #
-    # `GET /api/user/:id`
-    #
-    def show
-      render json: @user
-    end
-    # Returns the user with matching email
-    #
-    # `GET /api/users/search?email=xxx`
-    #
-    def search
-      user = User.where("email = ? AND id != ?", params[:email], @user.id).first
-      if user
-        render json: user
-      else
-        render json: {}, status: :not_found
-      end
-    end
-    private
-    def user_params
-      params.permit(:name, :email, :password, :password_confirmation)
-    end
-  end
-end

data/app/controllers/unsakini/web_controller.rb DELETED Viewed

@@ -1,27 +0,0 @@
-# Base controller for web pages
-module Unsakini
-  class WebController < ActionController::Base
-    include ActionController::ImplicitRender
-    include ActionView::Layouts
-    # Renders welcome page
-    def index
-      @project = 'Unsakini'
-      @description = 'Privacy. Confidentiality. Security.'
-      @version = VERSION
-      @author = 'Adones Pitogo'
-      @repository = 'https://github.com/adonespitogo/unsakini'
-      @title = "#{@project} | #{@description}"
-      @tagline = "Created by and for online activists, information security enthusiasts and government surveillance evaders."
-      @keywords = "unsakini, encrypted, bulletin board, BB, ruby, rails"
-    end
-    # Renders the angular index view when request url is /app/* to enable html5 pushState capability of angularjs
-    def app
-      gem_root = File.expand_path '../../../..', __FILE__
-      render file: "#{gem_root}/public/unsakini/app/index.html", layout: false
-    end
-  end
-end

data/app/mailers/unsakini/user_mailer.rb DELETED Viewed

@@ -1,13 +0,0 @@
-module Unsakini
-  class UserMailer < ::ActionMailer::Base
-    default from: 'notifications@example.com'
-    def confirm_account(user)
-      @user = user
-      @url  = "#{root_url}app/account/confirm/#{@user.confirmation_token}"
-      mail(to: @user.email, subject: 'Unsakini - Account Confirmation')
-    end
-  end
-end

data/app/models/concerns/unsakini/encryptable_model_concern.rb DELETED Viewed

@@ -1,97 +0,0 @@
-require 'openssl'
-require 'base64'
-# Responsible for encryption and decryption of certain model attributes
-module Unsakini
-  module EncryptableModelConcern
-    extend ActiveSupport::Concern
-    included do
-      before_save :encrypt_encryptable_attributes
-      after_save :decrypt_encryptable_attributes
-      after_find :decrypt_encryptable_attributes
-    end
-    module ClassMethods
-      # Sets the `encryptable_attributes` class instance variable in the model.
-      #
-      # Encryptable attributes are encrypted before saving using `before_save` hook and decrypted using `after_save` and `after_find` hooks.
-      #
-      # Example:
-      # ```
-      #   class Board < BaseModel
-      #     encryptable_attributes :name, :title, :content
-      #   end
-      # ```
-      # @param attrs [Symbol] model attributes
-      #
-      def encryptable_attributes(*attrs)
-        @encryptable_attributes = attrs
-      end
-    end
-    # Returns the model's `encryptable_attributes` class instance variable.
-    #
-    def encryptable_attributes
-      self.class.instance_variable_get(:@encryptable_attributes) || []
-    end
-    private
-    # Encryptes the model's encryptable attributes before saving using Rails' `before_save` hook.
-    #
-    # **Note: Be careful in calling this method manually as it can corrupt the data.**
-    def encrypt_encryptable_attributes
-      encryptable_attributes.each do |k|
-        self[k] = encrypt(self[k])
-      end
-    end
-    # Decrypts the model's encryptable attributes using Rails' `after_save` and `after_find` hooks.
-    #
-    # **Note: Be careful in calling this method manually as it can corrupt the data.**
-    def decrypt_encryptable_attributes
-      encryptable_attributes.each do |k|
-        self[k] = decrypt(self[k])
-      end
-    end
-    # Determins if the value being encrypted/decryped is empty.
-    def is_empty_val(value)
-      !value or value.nil? or value == ""
-    end
-    # Returns the cipher algorithm used
-    def cipher
-      OpenSSL::Cipher::Cipher.new('aes-256-cbc')
-    end
-    # Returns the encryption key from the `unsakini_crypto_key` config
-    def cipher_key
-      begin
-        Rails.configuration.unsakini_crypto_key
-      rescue Exception => e
-        raise 'Encryption key is not set! Please run `rails g unsakini:config` before you proceed.'
-      end
-    end
-    # Encrypts model attribute value
-    def encrypt(value)
-      return value if is_empty_val(value)
-      c = cipher.encrypt
-      c.key = Digest::SHA256.digest(cipher_key)
-      c.iv = iv = c.random_iv
-      Base64.encode64(iv) + Base64.encode64(c.update(value.to_s) + c.final)
-    end
-    # Decrypts model attribute value
-    def decrypt(value)
-      return value if is_empty_val(value)
-      c = cipher.decrypt
-      c.key = Digest::SHA256.digest(cipher_key)
-      c.iv = Base64.decode64 value.slice!(0,25)
-      c.update(Base64.decode64(value.to_s)) + c.final
-    end
-  end
-end

data/app/models/unsakini/application_record.rb DELETED Viewed

@@ -1,7 +0,0 @@
-# Base application model
-require_dependency 'unsakini'
-module Unsakini
-  class ApplicationRecord < ActiveRecord::Base
-    self.abstract_class = true
-  end
-end

data/app/models/unsakini/board.rb DELETED Viewed

@@ -1,16 +0,0 @@
-#Board model
-module Unsakini
-  class Board < ApplicationRecord
-    include EncryptableModelConcern
-    encryptable_attributes :name
-    validates :name, presence: true
-    has_many :users, through: :user_boards
-    has_many :user_boards, :dependent => :delete_all
-    has_many :posts, :dependent => :destroy
-  end
-end

data/app/models/unsakini/comment.rb DELETED Viewed

@@ -1,12 +0,0 @@
-#Comment model
-module Unsakini
-  class Comment < ApplicationRecord
-    include EncryptableModelConcern
-    encryptable_attributes :content
-    validates :content, presence: true
-    belongs_to :post
-    belongs_to :user
-  end
-end

data/app/models/unsakini/post.rb DELETED Viewed

@@ -1,15 +0,0 @@
-#Post model
-module Unsakini
-  class Post < ApplicationRecord
-    include EncryptableModelConcern
-    encryptable_attributes :title, :content
-    validates :title, presence: true
-    validates :content, presence: true
-    belongs_to :user
-    belongs_to :board
-    has_many :comments, :dependent => :delete_all
-  end
-end

data/app/models/unsakini/user.rb DELETED Viewed

@@ -1,43 +0,0 @@
-# module Unsakini
-module Unsakini
-  class User < ApplicationRecord
-    has_secure_password
-    validates_uniqueness_of :email, case_sensitive: false, on: [:create]
-    validates_format_of :email, with: /@/
-    validates :name, :email, presence: true
-    validates :password, :presence     => true,
-      :confirmation => true,
-      :length       => { :minimum => 6 },
-      :if           => :password # only validate if password changed!
-    has_many :user_boards
-    has_many :boards, through: :user_boards
-    before_save :downcase_email
-    before_create :generate_confirmation_instructions
-    def downcase_email
-      self.email = self.email.delete(' ').downcase
-    end
-    def generate_confirmation_instructions
-      self.confirmation_token = SecureRandom.hex(10)
-      self.confirmation_sent_at = Time.now.utc
-    end
-    def confirmation_token_valid?
-      (self.confirmation_sent_at + 30.days) > Time.now.utc
-    end
-    def mark_as_confirmed!
-      self.confirmation_token = nil
-      self.confirmed_at = Time.now.utc
-      save
-    end
-  end
-end
-# end

data/app/models/unsakini/user_board.rb DELETED Viewed

@@ -1,84 +0,0 @@
-# UserBoard model, links the user and it's boards
-module Unsakini
-  class UserBoard < ApplicationRecord
-    include EncryptableModelConcern
-    encryptable_attributes :encrypted_password
-    validates :encrypted_password, :presence => true, if: :is_admin
-    before_validation :validate_before_create, on: :create
-    before_validation :validate_before_update, on: :update
-    belongs_to :user
-    belongs_to :board
-    scope :admin, -> { where(is_admin: true) }
-    def name=(str)
-      @name = str
-    end
-    def name
-      if !@name.nil?
-        @name
-      else
-        self.board.name
-      end
-    end
-    # Returns user_boards where {Board} is `is_shared`
-    #
-    # @param is_shared [Boolean] wether to return shared or not shared boards
-    def self.shared(is_shared)
-      joins("LEFT JOIN #{Board.table_name} ON #{self.table_name}.board_id = #{Board.table_name}.id")
-      .where("#{Board.table_name}.is_shared = ?", is_shared)
-    end
-    def share(user_ids, new_key)
-      ActiveRecord::Base.transaction do
-        user_ids.each do |usr_id|
-          UserBoard.new({
-                          user_id: usr_id,
-                          board_id: self.board_id,
-                          encrypted_password: nil,
-                          is_admin: false
-          })
-          .save!
-        end
-        self.board.is_shared = true
-        self.encrypted_password = new_key
-        self.save!
-      end
-      true
-    rescue
-      self.errors[:base] << "Unable to share the this board"
-      false
-    end
-    private
-    def reset_user_boards_encrypted_password
-      UserBoard.where("board_id = ? AND user_id != ?", self.board_id, self.user_id).update_all(encrypted_password: nil)
-    end
-    def validate_before_create
-      if self.board.nil?
-        b = Board.new(name: @name)
-        if b.save
-          self.board_id = b.id
-        else
-          self.errors[:base] << "Board name is invalid"
-        end
-      end
-    end
-    def validate_before_update
-      self.board.name = @name if !@name.blank?
-      reset_user_boards_encrypted_password if self.encrypted_password_changed?
-      self.errors[:base] << "Board name is invalid" if !self.board.save
-    end
-  end
-end

data/app/models/unsakini.rb DELETED Viewed

@@ -1,5 +0,0 @@
-module Unsakini
-  def self.table_name_prefix
-    'unsakini_'
-  end
-end

data/app/serializers/unsakini/board_serializer.rb DELETED Viewed

@@ -1,7 +0,0 @@
-module Unsakini
-  class BoardSerializer < ActiveModel::Serializer
-    attributes :id, :name, :created_at, :updated_at
-  end
-end

data/app/serializers/unsakini/post_serializer.rb DELETED Viewed

@@ -1,26 +0,0 @@
-# Serializes the `Post` model instance to json.
-# Read more about active model serializers - https://github.com/rails-api/active_model_serializers
-module Unsakini
-  class PostSerializer < ActiveModel::Serializer
-    attributes :id, :title, :content, :created_at, :updated_at
-    belongs_to :user
-    belongs_to :board do |serializer|
-      user_board = object.board.user_boards.where(user_id: object.user_id).first
-      {
-        "id" => object.board.id,
-        "name" => object.board.name,
-        "is_admin" => user_board.is_admin,
-        "encrypted_password" => user_board.encrypted_password,
-        "created_at" => object.board.created_at,
-        "updated_at" => object.board.updated_at
-      }
-    end
-  end
-end

data/app/serializers/unsakini/user_board_serializer.rb DELETED Viewed

@@ -1,14 +0,0 @@
-# Serializes the `UserBoard` model instance to json.
-# Read more about active model serializers - https://github.com/rails-api/active_model_serializers
-#
-module Unsakini
-  class UserBoardSerializer < ActiveModel::Serializer
-    attributes :id, :is_admin, :encrypted_password, :created_at, :updated_at
-    belongs_to :board
-  end
-end

data/app/views/unsakini/user_mailer/confirm_account.html.erb DELETED Viewed

@@ -1,3 +0,0 @@
-<h1>Confirm Your Account</h1>
-Click the link below: <br>
-<a href="<%= @url %>"><%= @url %></a>

data/db/migrate/20161116114222_create_unsakini_boards.rb DELETED Viewed

@@ -1,10 +0,0 @@
-class CreateUnsakiniBoards < ActiveRecord::Migration[5.0]
-  def change
-    create_table :unsakini_boards do |t|
-      t.text :name
-      t.boolean :is_shared, default: false
-      t.timestamps
-    end
-  end
-end

data/db/migrate/20161126145352_create_unsakini_users.rb DELETED Viewed

@@ -1,15 +0,0 @@
-class CreateUnsakiniUsers < ActiveRecord::Migration[5.0]
-  def change
-    create_table :unsakini_users do |t|
-      t.string :name, null: false
-      t.string :email,              null: false
-      t.string :password_digest,    null: false
-      t.string   :confirmation_token
-      t.datetime :confirmed_at
-      t.datetime :confirmation_sent_at
-      t.timestamps
-    end
-  end
-end

data/lib/generators/unsakini/dependencies/USAGE DELETED Viewed

@@ -1,5 +0,0 @@
-Description:
-    Add the needed dependencies to Gemfile. Review your Gemfile after running this command and before you do bundle install.
-Example:
-    rails generate dependencies

data/lib/generators/unsakini/dependencies/dependencies_generator.rb DELETED Viewed

@@ -1,19 +0,0 @@
-class Unsakini::DependenciesGenerator < Rails::Generators::Base
-  source_root File.expand_path('../templates', __FILE__)
-  def add_dependencies_to_host
-    gem 'active_model_serializers'
-    gem 'rack-cors'
-    gem 'kaminari'
-    gem 'api-pagination'
-    gem 'knock', git: 'https://github.com/adonespitogo/knock'
-    gem_group :development, :test do
-      gem "rb-readline"
-      gem "byebug"
-      gem 'letter_opener'
-    end
-  end
-end