yodel_production_environment 0.0.1

data/lib/migrations/yodel/12_api_call_model.rb

@@ -0,0 +1,23 @@
+class APICallModelMigration < Migration
+  def self.up(site)
+    site.records.create_model :api_calls do |api_calls|
+      add_field :name, :string
+      add_field :http_method, :string
+      add_field :domain, :string
+      add_field :port, :integer, default: 80
+      add_field :path, :string
+      add_field :username, :string
+      add_field :password, :string
+      add_field :authentication, :enum, options: %w{basic digest}
+      add_field :mime_type, :string, default: 'json'
+      add_field :body, :text
+      add_field :body_layout, :string
+      add_field :function, :string
+      api_calls.record_class_name = 'APICall'
+    end
+  end
+  
+  def self.down(site)
+    site.api_calls.destroy
+  end
+end

data/lib/migrations/yodel/13_redirect_page_model.rb

@@ -0,0 +1,13 @@
+class RedirectPageModelMigration < Migration
+  def self.up(site)
+    site.pages.create_model :redirect_page do |redirect_pages|
+      add_field :url, :string, searchable: false
+      add_one   :page, show_blank: true, blank_text: 'None'
+      redirect_pages.record_class_name = 'RedirectPage'
+    end
+  end
+  
+  def self.down(site)
+    site.redirect_pages.destroy
+  end
+end

data/lib/migrations/yodel/14_menu_model.rb

@@ -0,0 +1,20 @@
+class MenuModelMigration < Migration
+  def self.up(site)
+    site.records.create_model :menu do |menus|
+      add_one   :root, model: :page, validations: {required: {}}
+      add_field :include_root, :boolean, default: false
+      add_field :include_all_children, :boolean, default: true
+      add_field :depth, :integer, default: 0, validations: {required: {}}
+      add_embed_many :exceptions do
+        add_one   :page
+        add_field :show, :boolean, default: false
+        add_field :depth, :integer, default: 0, validations: {required: {}}
+      end
+      menus.record_class_name = 'Menu'
+    end
+  end
+  
+  def self.down(site)
+    site.menus.destroy
+  end
+end

data/lib/models/git_http.rb

@@ -0,0 +1,326 @@
+# (The MIT License)
+# 
+# Copyright (c) 2009 Scott Chacon <schacon@gmail.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# 'Software'), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+# 
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'zlib'
+require 'rack/request'
+require 'rack/response'
+require 'rack/utils'
+require 'time'
+
+class GitHttp
+  class App 
+
+    SERVICES = [
+      ["POST", 'service_rpc',      "(.*?)/git-upload-pack$",  'upload-pack'],
+      ["POST", 'service_rpc',      "(.*?)/git-receive-pack$", 'receive-pack'],
+
+      ["GET",  'get_info_refs',    "(.*?)/info/refs$"],
+      ["GET",  'get_text_file',    "(.*?)/HEAD$"],
+      ["GET",  'get_text_file',    "(.*?)/objects/info/alternates$"],
+      ["GET",  'get_text_file',    "(.*?)/objects/info/http-alternates$"],
+      ["GET",  'get_info_packs',   "(.*?)/objects/info/packs$"],
+      ["GET",  'get_text_file',    "(.*?)/objects/info/[^/]*$"],
+      ["GET",  'get_loose_object', "(.*?)/objects/[0-9a-f]{2}/[0-9a-f]{38}$"],
+      ["GET",  'get_pack_file',    "(.*?)/objects/pack/pack-[0-9a-f]{40}\\.pack$"],
+      ["GET",  'get_idx_file',     "(.*?)/objects/pack/pack-[0-9a-f]{40}\\.idx$"],      
+    ]
+
+    def initialize(config = false)
+      set_config(config)
+    end
+
+    def set_config(config)
+      @config = config || {}
+    end
+
+    def set_config_setting(key, value)
+      @config[key] = value
+    end
+
+    def call(env)
+      @env = env
+      @req = Rack::Request.new(env)
+      cmd, path, @reqfile, @rpc = match_routing
+      
+      return render_method_not_allowed if cmd == 'not_allowed'
+      return render_not_found if !cmd
+      
+      @dir = get_git_dir(path)
+      return render_not_found if !@dir
+
+      Dir.chdir(@dir) do
+        self.method(cmd).call()
+      end
+    end
+
+    # ---------------------------------
+    # actual command handling functions
+    # ---------------------------------
+
+    def service_rpc
+      return render_no_access if !has_access(@rpc, true)
+      input = read_body
+
+      @res = Rack::Response.new
+      @res.status = 200
+      @res["Content-Type"] = "application/x-git-%s-result" % @rpc
+      @res.finish do
+        command = git_command("#{@rpc} --stateless-rpc #{@dir}")
+        IO.popen(command, File::RDWR) do |pipe|
+          pipe.write(input)
+          while !pipe.eof?
+            block = pipe.read(8192) # 8M at a time
+            @res.write block        # steam it to the client
+          end
+        end
+      end
+    end
+
+    def get_info_refs
+      service_name = get_service_type
+
+      if has_access(service_name)
+        cmd = git_command("#{service_name} --stateless-rpc --advertise-refs .")
+        refs = `#{cmd}`
+
+        @res = Rack::Response.new
+        @res.status = 200
+        @res["Content-Type"] = "application/x-git-%s-advertisement" % service_name
+        hdr_nocache
+        @res.write(pkt_write("# service=git-#{service_name}\n"))
+        @res.write(pkt_flush)
+        @res.write(refs)
+        @res.finish
+      else
+        dumb_info_refs
+      end
+    end
+
+    def dumb_info_refs
+      update_server_info
+      send_file(@reqfile, "text/plain; charset=utf-8") do
+        hdr_nocache
+      end
+    end
+
+    def get_info_packs
+      # objects/info/packs
+      send_file(@reqfile, "text/plain; charset=utf-8") do
+        hdr_nocache
+      end
+    end
+
+    def get_loose_object
+      send_file(@reqfile, "application/x-git-loose-object") do
+        hdr_cache_forever
+      end
+    end
+
+    def get_pack_file
+      send_file(@reqfile, "application/x-git-packed-objects") do
+        hdr_cache_forever
+      end
+    end
+
+    def get_idx_file
+      send_file(@reqfile, "application/x-git-packed-objects-toc") do
+        hdr_cache_forever
+      end
+    end
+
+    def get_text_file
+      send_file(@reqfile, "text/plain") do
+        hdr_nocache
+      end
+    end
+
+    # ------------------------
+    # logic helping functions
+    # ------------------------
+
+    F = ::File
+
+    # some of this borrowed from the Rack::File implementation
+    def send_file(reqfile, content_type)
+      reqfile = File.join(@dir, reqfile)
+      return render_not_found if !F.exists?(reqfile)
+
+      @res = Rack::Response.new
+      @res.status = 200
+      @res["Content-Type"]  = content_type
+      @res["Last-Modified"] = F.mtime(reqfile).httpdate
+
+      yield
+
+      if size = F.size?(reqfile)
+        @res["Content-Length"] = size.to_s
+        @res.finish do
+          F.open(reqfile, "rb") do |file|
+            while part = file.read(8192)
+              @res.write part
+            end
+          end
+        end
+      else
+        body = [F.read(reqfile)]
+        size = Rack::Utils.bytesize(body.first)
+        @res["Content-Length"] = size
+        @res.write body
+        @res.finish
+      end
+    end
+
+    def get_git_dir(path)
+      root = @config[:project_root] || `pwd`
+      path = File.join(root, path)
+      if File.exists?(path) # TODO: check is a valid git directory
+        return path
+      end
+      false
+    end
+
+    def get_service_type
+      service_type = @req.params['service']
+      return false if !service_type
+      return false if service_type[0, 4] != 'git-'
+      service_type.gsub('git-', '')
+    end
+
+    def match_routing
+      cmd = nil
+      path = nil
+      SERVICES.each do |method, handler, match, rpc|
+        if m = Regexp.new(match).match(@req.path_info)
+          return ['not_allowed'] if method != @req.request_method
+          cmd = handler
+          path = m[1]
+          file = @req.path_info.sub(path + '/', '')
+          return [cmd, path, file, rpc]
+        end
+      end
+      return nil
+    end
+
+    def has_access(rpc, check_content_type = false)
+      if check_content_type
+        return false if @req.content_type != "application/x-git-%s-request" % rpc
+      end
+      return false if !['upload-pack', 'receive-pack'].include? rpc
+      if rpc == 'receive-pack'
+        return @config[:receive_pack] if @config.include? :receive_pack
+      end
+      if rpc == 'upload-pack'
+        return @config[:upload_pack] if @config.include? :upload_pack
+      end
+      return get_config_setting(rpc)
+    end
+
+    def get_config_setting(service_name)
+      service_name = service_name.gsub('-', '')
+      setting = get_git_config("http.#{service_name}")
+      if service_name == 'uploadpack'
+        return setting != 'false'
+      else
+        return setting == 'true'
+      end
+    end
+
+    def get_git_config(config_name)
+      cmd = git_command("config #{config_name}")
+      `#{cmd}`.chomp
+    end
+
+    def read_body
+      if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/
+        input = Zlib::GzipReader.new(@req.body).read
+      else
+        input = @req.body.read
+      end
+    end
+
+    def update_server_info
+      cmd = git_command("update-server-info")
+      `#{cmd}`
+    end
+
+    def git_command(command)
+      git_bin = @config[:git_path] || 'git'
+      command = "#{git_bin} #{command}"
+      command
+    end
+
+    # --------------------------------------
+    # HTTP error response handling functions
+    # --------------------------------------
+
+    PLAIN_TYPE = {"Content-Type" => "text/plain"}
+
+    def render_method_not_allowed
+      if @env['SERVER_PROTOCOL'] == "HTTP/1.1"
+        [405, PLAIN_TYPE, ["Method Not Allowed"]]
+      else
+        [400, PLAIN_TYPE, ["Bad Request"]]
+      end
+    end
+
+    def render_not_found
+      [404, PLAIN_TYPE, ["Not Found"]]
+    end
+
+    def render_no_access
+      [403, PLAIN_TYPE, ["Forbidden"]]
+    end
+
+
+    # ------------------------------
+    # packet-line handling functions
+    # ------------------------------
+
+    def pkt_flush
+      '0000'
+    end
+
+    def pkt_write(str)
+      (str.size + 4).to_s(base=16).rjust(4, '0') + str
+    end
+
+
+    # ------------------------
+    # header writing functions
+    # ------------------------
+
+    def hdr_nocache
+      @res["Expires"] = "Fri, 01 Jan 1980 00:00:00 GMT"
+      @res["Pragma"] = "no-cache"
+      @res["Cache-Control"] = "no-cache, max-age=0, must-revalidate"
+    end
+
+    def hdr_cache_forever
+      now = Time.now().to_i
+      @res["Date"] = now.to_s
+      @res["Expires"] = (now + 31536000).to_s;
+      @res["Cache-Control"] = "public, max-age=31536000";
+    end
+
+  end
+end

data/lib/models/git_page.rb

@@ -0,0 +1,38 @@
+class GitPage < Page
+  respond_to :get do
+    with :html do
+      process
+    end
+  end
+  
+  respond_to :post do
+    with :html do
+      process
+    end
+  end
+  
+  private
+    def process
+      prompt_login(:basic) and return unless logged_in?(:basic)
+      
+      # path is: /git/SITE_ID/GIT_PATH
+      components = params['glob'].split('/')[1..-1]
+      site_id = components.shift
+      status(404) and return if site_id.blank?
+      
+      # try and load the site and ensure the user is authorised to access it
+      git_site = Site.find(BSON::ObjectId.from_string(site_id))
+      status(404) and return if git_site.nil?
+      status(403) unless current_user.sites.include?(git_site)
+      
+      # reconstruct the path to match the on disk repository structure
+      env['PATH_INFO'] = "/#{site_id}/.git/#{components.join('/')}"
+      @_response = GitHttp::App.new({
+        project_root: Yodel.config.sites_root,
+        git_path: Yodel.config.git_path,
+        upload_pack: true,
+        receive_pack: true
+      }).call(env)
+      @finished = true
+    end
+end

data/lib/models/production_login_page.rb

@@ -0,0 +1,13 @@
+class ProductionLoginPage < LoginPage
+  respond_to :post do
+    with :html do
+      # production user overrides passwords_match? to compare passwords without hashing the
+      # password being tested. Yodel development clients store the password as a hash so
+      # there's no need to hash the password again server side. For html clients logging in,
+      # passwords will be in plain text; the password is hashed here, then control passed up
+      # for login to proceed as normal.
+      params[password_field] = Password.hashed_password(nil, params[password_field])
+      super()
+    end
+  end
+end

data/lib/models/production_sites_page.rb

@@ -0,0 +1,127 @@
+class ProductionSitesPage < RecordProxyPage
+  # record proxy pages deal with site models (site.model_name). Override the methods it uses
+  # to interact with these models we can edit Sites (a non site model)
+  def find_record(id)
+    Site.find(id)
+  end
+  
+  def all_records
+    Site.all.reject {|site| site.name == 'yodel'}
+  end
+  
+  def construct_record
+    Site.new
+  end
+  
+  
+  # get list of sites
+  respond_to :get do
+    with :json do
+      prompt_login and return {success: false, reason: 'Login required'} unless logged_in?
+      
+      if params['id']
+        # authorisation
+        return {success: false, reason: 'Site not found'} if record.nil?
+        return {success: false, reason: 'Unauthorised'} unless current_user.sites.include?(record)
+        
+        # users are represented by name and email address; id is used to distinguish between users
+        # client side when a user's name or email is changed (the id remains constant)
+        site_users = users.where(sites: requested_site.id).all.collect do |user|
+          {id: user.id, name: user.name, email: user.email}
+        end
+        
+        {success: true, domains: requested_site.domains, users: site_users, latest_revision: requested_site.latest_revision}
+        
+      else
+        # if no site is requested, send back a list of sites available to the user
+        {success: true, sites: current_user.sites.collect {|site| {id: site.id, name: site.name}}}
+      end
+    end
+  end
+  
+  
+  # create a site
+  respond_to :post do
+    with :json do
+      prompt_login and return {success: false, reason: 'Login required'} unless logged_in?
+      
+      # create the site record
+      new_site = Site.new
+      new_site.root_directory = File.join(Yodel.config.sites_root, new_site.id.to_s)
+      return {success: false, reason: 'Unable to create site'} unless new_site.save
+      
+      # initialise the root directory as a git repository
+      unless `#{Yodel.config.git_path} init #{new_site.root_directory}` =~ /^Initialized empty Git repository/
+        new_site.destroy
+        return {success: false, reason: 'Unable to create git repository'}
+      end
+      
+      # install the post receive hook to deploy the site on pushes, and
+      # allow pushes to a non bare repository
+      Dir.chdir(new_site.root_directory) do
+        unless `#{Yodel.config.git_path} config 'receive.denyCurrentBranch' 'ignore'`.strip.empty?
+          new_site.destroy
+          return {success: false, reason: 'Unable to configure git repository'}
+        end
+        
+        # FIXME: need error checking here
+        post_receive_script = File.join(new_site.root_directory, '.git', 'hooks', 'post-receive')
+        File.open(post_receive_script, 'w') do |file|
+          file.write "#!/bin/bash
+          cd ..
+          env -i git reset --hard
+          #{Yodel.config.deploy_command} deploy `basename $PWD`
+          "
+        end
+        FileUtils.chmod(0755, post_receive_script)
+      end
+      
+      # allow the current user to administer the new site
+      current_user.sites << new_site
+      unless current_user.save
+        new_site.destroy
+        return {success: false, reason: 'Unable to update user'}
+      end
+      
+      {success: true, id: new_site.id}
+    end
+  end
+  
+  
+  # update a site; currently only supports adding/removing users to a site
+  respond_to :put do
+    with :json do
+      prompt_login and return {success: false, reason: 'Login required'} unless logged_in?
+      
+      # authorisation
+      return {success: false, reason: 'Site not found'} if record.nil?
+      return {success: false, reason: 'Unauthorised'} unless current_user.sites.include?(record)
+      
+      # find the user by id or email
+      if params['user_id']
+        user = site.users.find(BSON::ObjectId.from_string(params['user_id']))
+      elsif params['user_email']
+        user = site.users.where(email: params['user_email']).first
+      else
+        return {success: false, reason: 'No user id or email address provided'}
+      end
+      return {success: false, reason: 'Unknown user'} if user.nil?
+      
+      # add or remove the user from the site
+      case params['action']
+      when 'add'
+        user.sites << record
+      when 'remove'
+        user.sites.delete(record)
+      else
+        return {success: false, reason: 'Unknown action'}
+      end
+      
+      if user.save
+        {success: true}
+      else
+        {success: false, reason: 'Save failed'}
+      end
+    end
+  end
+end