chore: Initial port from original codebase

fix: Reference correct path for db.rb
chore: Add omniauth support
refac: Use the security app to handle Omniauth routes
chore: Add up and down db migrations
refac: Link users to identities
chore: Clean up config and documents
fix: Link to registration from sidebar
fix: Logout functionality
refac: Make the views easier to customize
refac: Proper load order for DB and models
refac: Use Base Roda app
fix: Allow admin users to create users
fix: Properly handle authentication failure

Author: jrgns

.gitignore

@@ -7,3 +7,5 @@
 /pkg/
 /spec/reports/
 /tmp/
+*_secret
+/node_modules

.ruby-version

@@ -0,0 +1 @@
+2.3.1

.travis.yml

@@ -2,4 +2,8 @@ sudo: false
 language: ruby
 rvm:
   - 2.3.1
+services:
+  - elasticsearch
+before_script:
+  - sleep 10
 before_install: gem install bundler -v 1.12.5

LICENSE.txt

@@ -1,21 +1,8 @@
-The MIT License (MIT)
+Copyright (c) Jade IT cc
 
-Copyright (c) 2016 TODO: Write your name
+ProxES is an Open Source project licensed under the terms of
+the LGPLv3 license.  Please see <http://www.gnu.org/licenses/lgpl-3.0.html>
+for license text.
 
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+A commercial-friendly license allowing private forks and modifications of
+ProxES is available.  Please contact [email protected] more detail.

README.md

@@ -1,8 +1,26 @@
-# Proxes
+[![Build Status](https://travis-ci.org/EagerELK/proxes.svg?branch=master)](https://travis-ci.org/EagerELK/proxes)
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/proxes`. To experiment with that code, run `bin/console` for an interactive prompt.
+# ProxES
 
-TODO: Delete this and the text above, and describe your gem
+ProxES provides a couple of components to allow you to embed and wrap
+Elasticsearch within your Rack app.
+
+## Components
+
+ProxES has two main components that works together, but can be used separately
+as well: 
+
+### 1. Management Interface
+
+This interface gives you the ability to manage your Elasticsearch users and get
+and overview of your Elasticsearch cluster.
+
+### 2. Security Middleware
+
+The Rack middleware checks all requests going to your Elasticsearch cluster
+against the users and permissions you've set up in the Management Interface. It
+uses a combination of [Pundit](https://github.com/elabs/pundit) and
+[OmniAuth](https://github.com/omniauth/omniauth) to secure your cluster.
 
 ## Installation
 
@@ -22,7 +40,15 @@ Or install it yourself as:
 
 ## Usage
 
-TODO: Write usage instructions here
+Check the included [`config.ru`](https://github.com/EagerELK/proxes/blob/master/config.ru) file for an example setup.
+
+At a minimum, you need to
+
+* Set up Session Middleware
+* Set up OmniAuth to Authenticate the user
+* Mount the `ProxES::App`
+* Proxy all Elasticsearch requests after running it through the `ProxES::Security`
+middleware
 
 ## Development
 
@@ -34,8 +60,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/proxes.
 
-
 ## License
 
-The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+The gem is available as open source under the terms of the [LGPLv3 license](http://www.gnu.org/licenses/lgpl-3.0.html).
 

Rakefile

@@ -1,5 +1,6 @@
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
+require 'rubygems'
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
 
 RSpec::Core::RakeTask.new(:spec)
 

Vagrantfile

@@ -0,0 +1,45 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure(2) do |config|
+  config.vm.box = "ubuntu/trusty64"
+
+  config.vm.network :private_network, ip: '172.16.248.110'
+
+  config.vm.provider "virtualbox" do |vb|
+    vb.memory = "2048"
+  end
+
+  config.vm.provision "shell", privileged: false, inline: <<-SHELL
+    # Dependencies / Utilities
+    sudo apt-get update
+    sudo apt-get install -y screen curl git build-essential libssl-dev
+
+    # Ruby
+    sudo apt-get install ruby2.0
+    # if [ ! -f /home/vagrant/.rvm/scripts/rvm ]
+    # then
+    #     gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
+    #     \\curl -sSL https://get.rvm.io | bash
+    # fi
+    # source /home/vagrant/.rvm/scripts/rvm
+
+    # Ruby and it's Gems
+    cd /vagrant
+    # rvm use $(cat .ruby-version) --install
+    gem install bundler --no-rdoc --no-ri
+    bundle install
+
+    # Node
+    # if [ ! -f /home/vagrant/.nvm/nvm.sh ]
+    # then
+    #   \\curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.32.0/install.sh | bash
+    # fi
+    # export NVM_DIR="/home/vagrant/.nvm"
+    # [ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh"
+
+    # # Node and it's packages
+    # nvm install `cat .nvmrc`
+    # npm install --no-bin-links
+  SHELL
+end

config.ru

@@ -0,0 +1,55 @@
+#\-o 0.0.0.0 -p 9292
+libdir = File.expand_path(File.dirname(__FILE__) + '/lib')
+$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
+
+require 'proxes'
+require 'proxes/db'
+
+use Rack::Session::Pool
+# use Rack::Session::Cookie,
+#   :key => '_ProxES_session',
+#   #:secure=>!TEST_MODE, # Uncomment if only allowing https:// access
+#   :secret=>File.read('.session_secret')
+
+require 'omniauth'
+require 'omniauth-identity'
+# OmniAuth.config.test_mode = true
+
+use OmniAuth::Builder do
+  # The identity provider is used by the App.
+  provider :identity,
+    fields: [:username],
+    model: ProxES::Identity,
+    on_login: ProxES::Security,
+    on_registration: ProxES::Security,
+    locate_conditions: lambda{|req| {username: req['username']} }
+end
+
+OmniAuth.config.on_failure = Proc.new { |env|
+  OmniAuth::FailureEndpoint.new(env).redirect_to_failure
+}
+
+require 'warden'
+require 'proxes/strategies/jwt_token'
+use Warden::Manager do |manager|
+  manager.default_strategies :jwt_token
+  manager.scope_defaults :default, action: '_proxes/unauthenticated'
+  manager.failure_app = ProxES::Security
+end
+
+Warden::Manager.serialize_into_session { |user| user.id }
+Warden::Manager.serialize_from_session { |id| ProxES::User[id] }
+
+# Proxy all Elasticsearch requests
+map '/' do
+  # Security
+  use ProxES::Security
+
+  # Forward requests to ES
+  run Rack::Proxy.new(backend: ENV['ELASTICSEARCH_URL'])
+end
+
+# Management App
+map '/_proxes' do
+  run ProxES::App
+end

lib/proxes.rb

@@ -1,5 +1,5 @@
-require "proxes/version"
-
-module Proxes
-  # Your code goes here...
-end
+require 'proxes/version'
+require 'proxes/base'
+require 'proxes/app'
+require 'proxes/security'
+require 'proxes/es_request'

lib/proxes/app.rb

@@ -0,0 +1,30 @@
+require 'proxes/base'
+require 'proxes/routes'
+
+module ProxES
+  # Manage your Elasticsearch cluster, user and user sessions
+  class App < ProxES::Base
+    plugin :multi_route
+
+    def logger
+      require 'logger'
+      @logger ||= Logger.new($stdout)
+    end
+
+    def root_url
+      @root_url = opts[:root_url] || '/_proxes'
+    end
+
+    route do |r|
+      r.multi_route
+
+      r.public
+
+      r.get do
+        authenticate!
+
+        view 'index'
+      end
+    end
+  end
+end