witch_doctor 0.0.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: f73af9aaaf48c0f55ddd920215c0b29fa28f45d6
+  data.tar.gz: c6c58658eb260e4c8ced01a3f48032ce939186e0
+SHA512:
+  metadata.gz: ea8065910e20b6ed1f9e7d807602e0f6afbce62f4413f2cfe1eb907203f140fd60915adb423b240c33b854908c856a13f77361f84a1afc95415b8baabd145418
+  data.tar.gz: d5581753ea307593ca0d78807c2c83120350c4970ed990b8c901f1ead2b1c2870d64f4b61c9030e199af605e28c16e5f138917450d59c1883ca250d5deec40d3

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2015 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,115 @@
+(check BADGES.md for build status & test coverage)
+
+# Witch Doctor
+
+Rails engine that provides simple API so that external antivirus
+script can pull down files that need to be scanned and update their
+results.
+
+
+Engine was designed to work alongside [virus_scan_service gem](https://github.com/equivalent/virus_scan_service),
+to which it provides a list of VirusScans. These are created upon file resource
+create / update events.
+
+
+## CarrierWave
+
+gem is by default assuming you use [Carriewave
+gem](https://github.com/carrierwaveuploader/carrierwave)
+however it's not a dependancy as long as `:mount_point` responds to
+`url` call (look at `spec/dummy/app/models/document.rb`) for more
+details
+
+
+# Setup
+
+In your application:
+
+```ruby
+# Gemfile
+
+# ...
+gem 'witch_doctor', github: 'equivalent/witch_doctor'
+
+```
+
+```ruby
+# config/routes.rb
+MyCoolApplication::Application.routes.draw do
+  mount WitchDoctor::Engine => "/wd", :as => "witch_doctor"
+  # ...
+end
+```
+
+```ruby
+# /config/initializers/witch_doctor.rb
+
+VirusScan.token = Rails
+  .application
+  .secrets
+  .fetch('antivirus_scan')
+  .fetch('token')
+```
+
+
+```sh
+bundle install
+rake db:migrate
+```
+
+## Optional
+
+**Add helper**
+
+```ruby
+# app/helpers/application_helper.rb
+include WitchDoctor::ApplicationHelper
+```
+
+after this you can use the `antivirus` helper
+
+```haml
+= antivirus(@document, :attachment) do
+  - link_to @document.attachment_name, @document.attachment.url
+```
+
+This will show the link when `VirusScan` for `@document` is `Clean`
+
+
+# Overiding WitchDoctor Examples
+
+## extending controller
+
+```ruby
+module WitchDoctor
+  module MyAppControllerExtension
+    def self.included(base)
+      base.force_ssl unless: :development?
+      base.skip_before_filter :do_stuff
+    end
+
+    def development?
+      Rails.env.in? ['test', 'development']
+    end
+  end
+end
+WitchDoctor::VirusScansController.send(:include,WitchDoctor::MyAppControllerExtension)
+```
+
+## extending Antivirus helper
+
+```ruby
+include WitchDoctor::ApplicationHelper
+module ApplicationHelper
+  alias_method :antivirus_without_view_requirement_respect, :antivirus
+  alias_method :antivirus, :antivirus_with_view_requirement_respect
+
+  def antivirus_with_view_requirement_respect(decorated_resource, mount_point)
+    if decorated_resource.send("view_requires_#{mount_point}_virus_check?")
+      antivirus_without_view_requirement_respect(decorated_resource, mount_point)
+    else
+      yield
+    end
+  end
+end
+```

data/Rakefile

@@ -0,0 +1,42 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'WitchDoctor'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+
+desc "Run all specs in spec directory (excluding plugin specs)"
+RSpec::Core::RakeTask.new(:spec => 'app:prepare_test_db')
+
+namespace :app do
+  task :prepare_test_db do
+    Rails.env = "test"
+    Rake::Task["app:db:create"].invoke
+    Rake::Task["app:db:migrate"].invoke
+  end
+end
+
+task :default => :spec
+
+Bundler::GemHelper.install_tasks

data/app/controllers/witch_doctor/application_controller.rb

@@ -0,0 +1,4 @@
+module WitchDoctor
+  class ApplicationController < ActionController::Base
+  end
+end

data/app/controllers/witch_doctor/virus_scans_controller.rb

@@ -0,0 +1,60 @@
+require_dependency "witch_doctor/application_controller"
+
+module WitchDoctor
+  class VirusScansController < ApplicationController
+    respond_to :json
+
+    def index
+      authenticate! do
+        @virus_scans = VirusScan
+          .not_scanned
+          .limit(2)
+        respond_with @virus_scans
+      end
+    end
+
+    def update
+      authenticate! do
+        respond_to do |format|
+          format.json do
+            begin
+              @virus_scan = VirusScan.where(scan_result: nil).find params[:id]
+              @virus_scan.update_attributes params[:virus_scan], as: :scan_update
+              if @virus_scan.errors.any?
+                render json: { errors:  @virus_scan.errors }, status: 400
+              else
+                render json: @virus_scan.reload
+              end
+            rescue ActiveModel::MassAssignmentSecurity::Error => e
+              render json: { errors: { request: [e.to_s] } }, status: 406
+            rescue ActiveRecord::RecordNotFound => e
+              render json: { errors: { request: ['Record not found or already scanned'] } }, status: 404
+            end
+          end
+          format.html do
+            render json: { errors: { request: ['needs to be JSON request'] } }, status: 406
+          end
+        end
+      end
+    end
+
+    private
+
+    def authenticate!
+      if provided_token == nil
+        render json: { errors: { request: ['Not Authenticated'] } }, status: 401
+      elsif provided_token.to_s == VirusScan.token
+        yield
+      else
+        render json: { errors: { request: ['Not Authorized'] } }, status: 403
+      end
+    end
+
+    def provided_token
+      (request.headers['HTTP_AUTHORIZATION'] || request.headers['rack.session']['Authorization'])
+        .to_s
+        .match(/Token\s+(.*)/) { |m| m[1] } \
+        || params[:token]
+    end
+  end
+end

data/app/helpers/witch_doctor/application_helper.rb

@@ -0,0 +1,15 @@
+module WitchDoctor
+  module ApplicationHelper
+    def antivirus(resource, mount_point)
+      catch(:file_not_scanned) do
+        if (av = resource.send("#{mount_point}_antivirus")) && av.clean?
+          yield
+        elsif av.error?
+          "Antivirus scan couldn't be completed"
+        else
+          'File Contains Virus'
+        end
+      end || 'File waiting for Antivirus check'
+    end
+  end
+end

data/app/models/virus_scan.rb

@@ -0,0 +1,41 @@
+class VirusScan < ActiveRecord::Base
+  TokenNotSpecified = Class.new(StandardError)
+
+  class << self
+    attr_writer :token
+
+    def token
+      @token || raise(TokenNotSpecified)
+    end
+  end
+
+  attr_accessible :scan_result, :scanned_at, :mount_point
+  attr_accessible :scan_result, as: :scan_update
+
+  belongs_to :resource, polymorphic: true
+  scope :not_scanned, -> { where scan_result: nil }
+  validates_inclusion_of :scan_result, in: WitchDoctor::Antivirus::RESULTS, allow_nil: true
+
+  before_update :set_scanned_at, if: :scan_updated?
+
+  def as_json(options={})
+    attributes
+      .slice('id', 'scan_result', 'scanned_at')
+      .tap { |hash|
+        hash.merge!('file_url' => file_url)
+      }
+  end
+
+  # S3 will give url, file wil show mount point, we care just about s3
+  def file_url
+    resource.send(mount_point).url
+  end
+
+  def set_scanned_at
+    self.scanned_at = Time.now
+  end
+
+  def scan_updated?
+    scan_result.in? WitchDoctor::Antivirus::RESULTS
+  end
+end

data/config/routes.rb

@@ -0,0 +1,3 @@
+WitchDoctor::Engine.routes.draw do
+  resources :virus_scans
+end

data/db/migrate/20150209121818_create_witch_doctor_virus_scans.rb

@@ -0,0 +1,19 @@
+class CreateWitchDoctorVirusScans < ActiveRecord::Migration
+  def up
+    unless ActiveRecord::Base.connection.table_exists? 'virus_scans'
+      create_table :virus_scans do |t|
+        t.string :resource_type
+        t.integer :resource_id
+        t.string :scan_result
+        t.string :mount_point
+        t.datetime :scanned_at
+
+        t.timestamps
+      end
+    end
+  end
+
+  def down
+    drop_table :virus_scans
+  end
+end

data/lib/tasks/witch_doctor_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :witch_doctor do
+#   # Task goes here
+# end

data/lib/witch_doctor.rb

@@ -0,0 +1,6 @@
+require "witch_doctor/engine"
+require "witch_doctor/antivirus"
+require "witch_doctor/antivirus_concern"
+
+module WitchDoctor
+end

data/lib/witch_doctor/antivirus.rb

@@ -0,0 +1,36 @@
+module WitchDoctor
+  class Antivirus
+    RESULTS = ['Clean', 'VirusInfected', 'FileDownloadError']
+    attr_reader :resource, :mount_point
+
+    def initialize(resource, mount_point)
+      @resource = resource
+      @mount_point = mount_point.to_s
+    end
+
+    def latest_scan
+      resource
+        .virus_scans
+        .select { |vs| vs.mount_point == mount_point }
+        .last
+    end
+
+    def checked?
+      latest_scan.scan_result.present?
+    end
+
+    def infected?
+      !clean? && !error?
+    end
+
+    def error?
+      throw :file_not_scanned unless checked?
+      latest_scan.scan_result == 'FileDownloadError'
+    end
+
+    def clean?
+      throw :file_not_scanned unless checked?
+      latest_scan.scan_result == 'Clean'
+    end
+  end
+end

data/lib/witch_doctor/antivirus_concern.rb

@@ -0,0 +1,32 @@
+module WitchDoctor
+  module AntivirusConcern
+    extend ActiveSupport::Concern
+
+    included do
+      has_many :virus_scans, as: :resource
+    end
+
+    module ClassMethods
+      def schedule_virus_scan(options)
+        mount_point = options.fetch(:on)
+
+        after_save "schedule_#{mount_point}_virus_scan", if: "schedule_#{mount_point}_virus_scan?"
+
+        define_method("schedule_#{mount_point}_virus_scan") do
+          virus_scans.create!(mount_point: mount_point.to_s)
+        end
+
+        define_method("schedule_#{mount_point}_virus_scan?") do
+          # equivalent to: (created_at_changed? && logo.present?) || (logo_changed? && logo.present?)
+          (created_at_changed? && send(mount_point).present?) \
+            || (send("#{mount_point}_changed?") && send(mount_point).present?)
+        end
+
+        define_method("#{mount_point}_antivirus") do
+          instance_variable_get("@#{mount_point}_antivirus") \
+            || instance_variable_set("@#{mount_point}_antivirus", Antivirus.new(self, mount_point))
+        end
+      end
+    end
+  end
+end

data/lib/witch_doctor/engine.rb

@@ -0,0 +1,11 @@
+module WitchDoctor
+  class Engine < ::Rails::Engine
+    isolate_namespace WitchDoctor
+    config.generators do |g|
+      g.test_framework :rspec, :fixture => false
+      g.fixture_replacement :factory_girl, :dir => 'spec/factories'
+      g.assets false
+      g.helper false
+    end
+  end
+end

data/lib/witch_doctor/version.rb

@@ -0,0 +1,3 @@
+module WitchDoctor
+  VERSION = "0.0.3"
+end