waxx 0.1.2

data/skel/app/usr/usr.rb

@@ -0,0 +1,277 @@
+module App::Usr 
+  extend Waxx::Pg
+  extend self
+
+   has(
+    id:                   {type: "integer",label:"ID"},
+    usr_name:             {type: "character",label:""},
+    password_sha256:      {type: "character",label:""},
+    salt_aes256:          {type: "character",label:""},
+    failed_login_count:   {type: "smallint",label:""},
+    require_new_password: {type: "smallint",label:""},
+    password_mod_date:    {type: "date",label:""},
+    last_login_host:      {type: "character",label:""},
+    last_login_date:      {type: "timestamp",label:""},
+    create_date:          {type: "timestamp",label:""},
+    mod_date:             {type: "timestamp",label:""},
+    create_by_id:         {type: "integer",label:""},
+    mod_by_id:            {type: "integer",label:""},
+    key:                  {type: "character",label:""},
+    key_sent_date:        {type: "timestamp",label:""}
+  )
+
+  # Create the first usr (or any usr). Run from the console: App::Usr.init(x)
+  def init(x)
+    data = {}
+    puts "Create a new user"
+    print "Email: "
+    data[:usr_name] = gets.chomp
+    print "Password: "
+    data[:password] = gets.chomp
+    salt, encrypted_password = salt_password(x, data/:password)
+    data[:salt_aes256] = salt
+    data[:password_sha256] = encrypted_password
+    u = post(x, data, returning: 'id')
+    puts "User #{data/:usr_name} added (usr.id: #{u['id']})"
+  end
+
+  def login(x, usr_name, password)
+    u = usr(x, usr_name:usr_name)
+    return false, "Invalid user name", {} if u.nil? or u['id'].nil?
+    pass = password?(u, password, u['salt_aes256'])
+    return false, "Invalid password", {} if pass == false
+    login_successful(x, u)
+    return true, "Login successful", u
+  end
+
+  def record(x, id:0)
+    get_by_id(x, id, "id, usr_name, password_sha256, last_login_date, last_login_host, password_mod_date")
+  end
+
+  def usr(x, usr_name:'', id:0)
+    x.db.exec("
+      SELECT id, company_id, usr_name, password_sha256, salt_aes256, last_login_date, last_login_host
+      FROM usr 
+      WHERE usr_name = $1 
+      OR usr.id = $2 
+      LIMIT 1", [usr_name, id]).first #rescue {}
+  end
+  
+  def password?(u, password, salt)
+    #u['password_sha256'] == Digest::SHA256.hexdigest(App.decrypt(salt) + password)
+    u['password_sha256'] == Digest::SHA256.hexdigest(Conf['encryption']['old_key'] + password)
+  end
+
+  def salt_password(x, password)
+    salt = Waxx.random_string(32, :any)
+    [App.encrypt(salt), Digest::SHA256.hexdigest(salt + password)]
+  end
+
+  def set_password(x, id, password)
+    salt, epw = salt_password(x, password)
+    put(x, id, {salt_aes256: salt, password_sha256: epw})
+  end
+
+  def create(x, data={}, returning: "id")
+    data = blk.call if block_given?
+    salt, encrypted_password = salt_password(x, data/:password)
+    data[:salt_aes256] = salt
+    data[:password_sha256] = encrypted_password
+    post(x, data, returning: returning)
+  end
+
+  def login_successful(x, usr)
+    Waxx.debug "login_successful"
+    x.db.exec("
+      update usr set 
+      last_login_date = now(), 
+      last_login_host = $1,
+      failed_login_count = 0
+      where usr_name = $2", 
+      [
+        x.req.env['X-Forwarded-For'], 
+        usr['usr_name']
+      ]
+    )
+    set_cookies(x, usr)
+    debug x.ua.inspect
+  end                  
+
+  def key_for_reset(x, id)
+    x.db.exec("
+      update usr set 
+      key = generate_key(), 
+      key_sent_date = now()
+      where id = $1
+      returning key", 
+      [ id ]
+    ).first['key']
+  end                  
+
+  def set_cookies(x, usr)
+    x.usr['id'] = usr['id']
+    x.usr['cid'] = usr['company_id']
+    x.usr['grp'] = groups(x, usr['id']).push("user")
+    x.usr['uk'] = Waxx.random_string(20) # The Update Key is used to protect against CSRF
+    x.usr['la'] = Time.now.to_i # Last Activity used for session expiration
+    x.ua['id'] = usr['id'] 
+    x.ua['cid'] = usr['company_id']
+    x.ua['un'] = usr['usr_name'] 
+    x.ua['rm'] = x['remember_me'].to_i # Remember the user name for the login or UI features 
+    x.ua['ll'] = Time.now.to_i # Last Login used for session expiration and welcome back
+  end
+
+  def groups(x, usr_id)
+    x.db.exec("
+    SELECT name 
+    FROM grp JOIN usr_grp ON grp.id = usr_grp.grp_id
+    WHERE usr_grp.usr_id = $1",[usr_id]).column_values(0)
+  end
+
+  runs(
+    default: "list",
+    home: {
+      desc: "The home page of a logged in usr",
+      acl: "user",
+      get: proc{|x, *args|
+        usr = App::Usr.record(x, id: x.usr['id'])
+        person = App::Person.record(x, id: x.usr['id']).first
+        App::Html.render(x, 
+          title: "#{person['first_name'].h} #{person['last_name'].h}", 
+          content: App::Usr::Html.home(x, usr: usr, person: person)
+        )
+      }
+    },
+    list: {
+      desc: "List users",
+      acl: %w(admin),
+      get: lambda{|x| List.run(x) }
+    },
+    record: {
+      desc: "Edit a usr record",
+      acl: %w(admin),
+      get: lambda{|x, id, *args| Record.run(x, id:id) },
+      post: lambda{|x, id, *args| Record.save(x, id:id, data:x.req.post) }
+    },
+    login: {
+      desc: "Login",
+      get: proc{|x, *args|
+        #App::Html.page(x, title: "Login to #{Conf['site']['name']}", content: App::Usr::Html.login(x))
+        x.res.redirect "/app/login?return_to=#{Waxx::Html.qs x.req.uri}"
+      },
+      post: proc{|x, *args|
+        success, message, u = login(x, x['usr_name'], x['password'])
+        if success
+          if x.ext == 'json'
+            x.res['Content-Type'] = "application/json"
+            x << { success: success, message: message, usr: usr, key: key }.to_json
+          else
+            if x['return_to'].to_s[0] == '/'
+              x << %(<html><script>location = '#{x['return_to']}';</script></html>)
+            else
+              x << %(<html>Error: Must return to a local path. Attempted return_to: #{x['return_to'].to_s.h}</html>)
+            end
+            # Some browsers not storing cookies on redirect
+            #x.res.status = 302
+            #x.res['Location'] = x['return_to']
+          end
+        else
+          if x.ext == 'json'
+            x.res['Content-Type'] = "application/json"
+            x << { success: success, message: message, usr: usr, key: key }.to_json
+          else
+            App::Html.page(x, title: "Login Error", message:{type:"danger", message: message}, content: App::Usr::Html.login(x, return_to:x['return_to']))
+          end
+        end
+      }
+    },
+    logout: {
+      desc: "Logout of the app",
+      get: proc{|x|
+        x.usr['id'] = nil
+        x.usr['grp'] = nil
+        if x.ext == "json"
+          x << %({"success":true})
+        else
+          x.res.status = 302
+          x.res['Location'] = '/'
+        end
+      }
+    },
+    password_reset:{
+      desc: "Send the user a password reset link.",
+      post: proc{|x, *args|
+        # See if the user exists
+        u = App::Usr.usr(x, usr_name: x['email'])
+        if u.nil?
+          # Send an email that we do not have an account for that user
+          App::Email.post(x, Email.email_not_found(x, x['email']))
+        else
+          # Send the password reset email
+          k = App::Usr.key_for_reset(x, u['id'])
+          App::Email.post(x, Email.password_reset(x, u, k))
+        end
+        App::Html.page(x, title:"Password Reset Sent", content:"A link to reset your password has been sent to #{x['email'].h}. Please check your email. (It may be in your Spam or Junk folder.)")
+      }
+    },
+    password: {
+      desc: "Form to select a new password",
+      get: lambda{|x, id=nil, key=nil, *args|
+        if id.nil? and not x.usr?
+          return App.login_needed(x)
+        end
+        if key.nil? and not x.usr?
+          return App.login_needed(x)
+        end
+        if x.usr?
+          App::Html.render(x, title: "Reset Password", content:Html.change_password(x))
+        else
+          u = App::Usr.get_by_id(x, id, "usr_name, key, key_sent_date")
+          if u['key'] != key
+            return App.error(x, title:"Link Invalid", 
+              message:"The link you are using does not match our records. 
+              If you requested a password reset multiple times today, 
+              please use the most recent link that you received. If that does 
+              not work, please request another link on the login page.")
+          end
+          if u['key_sent_date'] < Time.new - 21600 # 6 hours
+            return App.error(x, title:"Link Expired", 
+              message:"The link you are using expired after 6 hours to protect 
+              your account. Please request another link on the login page.")
+          end
+          App::Html.page(x, title: "Reset Password", content:Html.change_password(x, u, key))
+        end
+      },
+      post: lambda{|x, id=nil, key=nil, *args|
+        if x['password1'] != x['password2']
+          return App::Html.render(x, title: "Reset Password", content:Html.password_form(x), message:{type:"danger", message:"Your passwords do not match. Please try again."})
+        end
+        if x['password1'] =~ /[a-z]|[A-Z]/
+          return App::Html.render(x, title: "Reset Password", content:Html.password_form(x), message:{type:"danger", message:"Your passwords do not match. Please try again."})
+        end
+        if id.nil? and x.usr?
+          App::Usr.set_password(x, x.usr['id'], x["password1"])
+          App::Html.page(x, title:"Password Reset Successful", content:"Your password has been reset.")
+        elsif id and key
+          u = App::Usr.get_by_id(x, id, "usr_name, key, key_sent_date")
+          if u['key'] != key
+            return App.error(x, title:"Link Invalid", 
+              message:"The link you are using does not match our records. 
+              If you requested a password reset multiple times today, 
+              please use the most recent link that you received. If that does 
+              not work, please request another link on the login page.")
+          end
+          App::Usr.set_password(x, id, x["password1"])
+          success, message, u = App::Usr.login(x, u['usr_name'], x['password1'])
+          App::Html.page(x, title:"Password Reset Successful", content:"Your password has been reset and you have been logged in.")
+        end
+      }
+    }
+  )
+end
+
+require_relative 'html'
+require_relative 'email'
+require_relative 'password'
+require_relative 'record'
+require_relative 'list'

data/skel/app/waxx/waxx.rb

@@ -0,0 +1,109 @@
+module App::Waxx
+  extend Waxx::Object
+  extend self
+
+  runs(
+    ok: {
+      desc: "Ping the app database to see if it is ok",
+      get: -> (x) {
+        x << (x.db.app.exec("select 1+1 as two").first['two'] == 2)
+      }
+    },
+    sleep: {
+      desc: "Sleep for seconds in args",
+      acl: %w(dev),
+      run: -> (x, secs=1) {
+        sleep(secs.to_i)
+        x.res.as :txt
+        x << "Done sleeping for #{secs.to_i} seconds"
+      }
+    },
+    error: {
+      desc: "Raise an Error (to see what the error looks like and send email if configured)",
+      acl: %w(dev),
+      run: ->(x, *args){ 
+        raise "test error"
+      }
+    },
+    env: {
+      desc: "Output all the input variables",
+      acl: "dev",
+      run: ->(x, *args) {  
+        x.res.as :txt
+        x << {"x" => {
+          "meth" => x.meth,
+          "app" => x.app,
+          "act" => x.act,
+          "oid" => x.oid,
+          "args" => x.args,
+          "ext" => x.ext,
+          "usr" => x.usr,
+          "ua" => x.ua,
+          "req" => {
+            "meth" => x.req.meth,
+            "get" => x.req.get,
+            "post" => x.req.post,
+            "env" => x.req.env,
+            "cookies" => x.req.cookies,
+            "data" => x.req.data,
+          }
+        }}.to_yaml
+      }
+    },
+    raw: {
+      desc: "Output all the input variables",
+      run: -> (x, *args) {  
+        x.res.as :txt
+        x << x.req.env.map{|n,v| "#{n}: #{v}"}.join("\r\n")
+        x << "\r\n\r\n"
+        x << x.req.data
+      }
+    },
+    desc: {
+      desc: "Describes all of the applications interfaces.",
+      acl: "dev",
+      get: ->(x, app="all"){
+        return App.error(x, status: 300, title: 'Request Error', message: 'This method only return json or yaml') unless %w(json yaml).include? x.ext
+        re = {}
+        describe = -> (ap) {
+          re[ap.to_s] = {}
+          return nil if App[ap].nil?
+          App[ap].each{|act,props|
+            re[ap.to_s][act.to_s] = {}
+            if props.respond_to?('each')
+              props.each{|n, v|
+                if Proc === v
+                  re[ap.to_s][act.to_s][n.to_s] = Hash[v.parameters.map{|param| [param[1].to_s, param[0].to_s]}]
+                else
+                  re[ap.to_s][act.to_s][n.to_s] = v
+                end
+              }
+            else
+              re[ap.to_s][act.to_s] = props
+            end
+          }
+        }
+        if app == "all"
+          App.runs.keys.each{|k|
+            describe[k]
+          }
+        else
+          describe[app]
+        end
+        x << re.send("to_#{x.ext}")
+      }
+    },
+    threads: {
+      desc: "Show the status of all threads",
+      acl: "dev",
+      get: -> (x) {
+        x.res.as :txt
+        Thread.list.each{|t|
+          next if t[:name] == "main"
+          x << "#{t[:name]}: #{t[:status]}\n"
+        }
+      }
+    },
+  )
+
+end

data/skel/bin/README.md

@@ -0,0 +1 @@
+Put executable files like deploy scripts or maintenance scripts here.

data/skel/db/README.md

@@ -0,0 +1,11 @@
+waxx migration files are stored in a folderf or each database.
+
+To generate a migration file, run:
+
+`waxx migration app migration-name`
+
+replace `app` with the database name defined in config.yaml
+
+To migrate the database run: 
+
+`waxx migrate` for all databases of `waxx migrate app` for only the app database. Replace `app` with the name of any defined database connection.

data/skel/db/app/0-init.sql

@@ -0,0 +1,88 @@
+BEGIN;
+CREATE FUNCTION generate_key() RETURNS character varying
+    LANGUAGE sql IMMUTABLE
+        AS $$select md5(now()::varchar||random()::varchar||random()::varchar);$$;
+CREATE TABLE app_log (
+	id serial primary key,
+	date_time timestamp without time zone DEFAULT now(),
+	usr_id integer,
+	category character varying(32),
+	name character varying(64),
+	value character varying(254),
+	related_id integer,
+	ip_address character varying(39),
+	user_agent character varying(1000)
+);
+CREATE TABLE email (
+	id seriall primary key,
+	to_email character varying(254) NOT NULL,
+	to_name character varying(254),
+	to_person_id integer,
+	from_email character varying(254) NOT NULL,
+	from_name character varying(254),
+	from_person_id integer,
+	reply_to_name character varying(254),
+	reply_to_email character varying(254),
+	subject character varying(254) NOT NULL,
+	body_text text,
+	body_html text,
+	headers text,
+	email_type character varying(254),
+	document_id integer,
+	process_status character varying(32) DEFAULT 'draft'::character varying NOT NULL,
+	process_id integer,
+	process_start timestamp with time zone,
+	process_end timestamp with time zone,
+	process_error text,
+	create_date timestamp without time zone DEFAULT now() NOT NULL,
+	mod_date timestamp without time zone DEFAULT now() NOT NULL,
+	create_by_id integer,
+	mod_by_id integer,
+	cc character varying(4000),
+	bcc character varying(4000)
+);
+CREATE TABLE grp (
+	id serial primary key,
+	name character varying(64),
+	description character varying(254),
+	create_date timestamp without time zone DEFAULT now(),
+	mod_date timestamp without time zone DEFAULT now(),
+	create_by_id integer,
+	mod_by_id integer,
+	CONSTRAINT grp_uniq UNIQUE(name)
+);
+INSERT INTO grp (name, description, create_by_id, mod_by_id) 
+  VALUES ('admin', 'People who can do everything', 1, 1),
+         ('dev', 'People who can do everything else', 1, 1);
+CREATE TABLE usr (
+	id serial primary key,
+	usr_name character varying(254) NOT NULL,
+	password_sha256 character varying(64),
+	salt_aes256 character varying(254),
+	failed_login_count smallint DEFAULT 0 NOT NULL,
+	require_new_password boolean NOT NULL DEFAULT false,
+	password_mod_date date DEFAULT now() NOT NULL,
+	last_login_host character varying(254),
+	last_login_date timestamp without time zone,
+	create_date timestamp without time zone DEFAULT now(),
+	mod_date timestamp without time zone DEFAULT now(),
+	create_by_id integer,
+	mod_by_id integer,
+	key character varying(32) DEFAULT generate_key(),
+	key_sent_date timestamp without time zone,
+	CONSTRAINT usr_uniq UNIQUE(usr_name)
+);  
+CREATE TABLE usr_grp (
+	id serial primary key,
+	usr_id integer NOT NULL,
+	grp_id integer NOT NULL,
+	create_date timestamp without time zone DEFAULT now(),
+	mod_date timestamp without time zone DEFAULT now(),
+	create_by_id integer,
+	mod_by_id integer,
+	CONSTRAINT usr_grp_uniq UNIQUE(usr_id, grp_id)
+);
+INSERT INTO usr_grp (usr_id, grp_id, create_by_id, mod_by_id) 
+  VALUES (1, 1, 1, 1),
+         (1, 2, 1, 1);
+COMMIT;

data/skel/lib/README.md

@@ -0,0 +1 @@
+Put locally install libs here.

data/skel/log/README.md

@@ -0,0 +1 @@
+waxx log files are stored here.

data/skel/opt/dev/config.yaml

@@ -0,0 +1 @@
+---

data/skel/opt/prod/config.yaml

@@ -0,0 +1 @@
+---

data/skel/opt/stage/config.yaml

@@ -0,0 +1 @@
+---

data/skel/opt/test/config.yaml

@@ -0,0 +1 @@
+---

data/skel/private/README.md

@@ -0,0 +1 @@
+Use this to store files that will be uploaded and downloaded privately (requiring a password or something).