WIP

source/.gitignore

@@ -14,3 +14,6 @@
 # Ignore all logfiles and tempfiles.
 /log/*.log
 /tmp
+
+# Ignore Vim swapfiles
+.*.swp

source/.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

source/Gemfile

@@ -27,7 +27,7 @@ gem 'sdoc', '~> 0.4.0',          group: :doc
 gem 'spring',        group: :development
 
 # Use ActiveModel has_secure_password
-# gem 'bcrypt', '~> 3.1.7'
+gem 'bcrypt', '~> 3.1.7'
 
 # Use unicorn as the app server
 # gem 'unicorn'

source/Gemfile.lock

@@ -28,6 +28,7 @@ GEM
       thread_safe (~> 0.1)
       tzinfo (~> 1.1)
     arel (5.0.1.20140414130214)
+    bcrypt (3.1.10)
     builder (3.2.2)
     coffee-rails (4.0.1)
       coffee-script (>= 2.2.0)
@@ -125,6 +126,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  bcrypt (~> 3.1.7)
   coffee-rails (~> 4.0.0)
   jbuilder (~> 2.0)
   jquery-rails
@@ -136,3 +138,6 @@ DEPENDENCIES
   sqlite3
   turbolinks
   uglifier (>= 1.3.0)
+
+BUNDLED WITH
+   1.10.6

source/app/assets/stylesheets/scaffolds.css.scss

@@ -0,0 +1,69 @@
+body {
+  background-color: #fff;
+  color: #333;
+  font-family: verdana, arial, helvetica, sans-serif;
+  font-size: 13px;
+  line-height: 18px;
+}
+
+p, ol, ul, td {
+  font-family: verdana, arial, helvetica, sans-serif;
+  font-size: 13px;
+  line-height: 18px;
+}
+
+pre {
+  background-color: #eee;
+  padding: 10px;
+  font-size: 11px;
+}
+
+a {
+  color: #000;
+  &:visited {
+    color: #666;
+  }
+  &:hover {
+    color: #fff;
+    background-color: #000;
+  }
+}
+
+div {
+  &.field, &.actions {
+    margin-bottom: 10px;
+  }
+}
+
+#notice {
+  color: green;
+}
+
+.field_with_errors {
+  padding: 2px;
+  background-color: red;
+  display: table;
+}
+
+#error_explanation {
+  width: 450px;
+  border: 2px solid red;
+  padding: 7px;
+  padding-bottom: 0;
+  margin-bottom: 20px;
+  background-color: #f0f0f0;
+  h2 {
+    text-align: left;
+    font-weight: bold;
+    padding: 5px 5px 5px 15px;
+    font-size: 12px;
+    margin: -7px;
+    margin-bottom: 0px;
+    background-color: #c00;
+    color: #fff;
+  }
+  ul li {
+    font-size: 12px;
+    list-style: square;
+  }
+}

source/app/controllers/application_controller.rb

@@ -2,4 +2,6 @@ class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
+  include ApplicationHelper
+  include SessionsHelper
 end

source/app/controllers/sessions_controller.rb

@@ -1,2 +1,20 @@
 class SessionsController < ApplicationController
+  def new
+  end
+
+  def create
+    user = User.find_by(email: params[:session][:email].downcase)
+    if user && user.authenticate(params[:session][:password])
+      log_in user
+      redirect_to root_url
+    else
+      flash[:danger] = 'Invalid email/password combination'
+      render 'new'
+    end
+  end
+
+  def destroy
+    log_out
+    redirect_to login_path
+  end
 end

source/app/controllers/urls_controller.rb

@@ -1,2 +1,46 @@
 class UrlsController < ApplicationController
+  before_action :logged_in_user, except: [:show]
+
+  # GET /urls
+  # GET /urls.json
+  def index
+    @urls = Url.all
+  end
+
+  # GET /urls/1
+  # GET /urls/1.json
+  def show
+    url = Url.find_by!(short_url: params[:id])
+    url.click_count += 1
+    url.save
+    redirect_to url.real_url
+  end
+
+  # GET /urls/new
+  def new
+    @url = Url.new
+  end
+
+  # POST /urls
+  # POST /urls.json
+  def create
+    @url = Url.new(url_params)
+
+    respond_to do |format|
+      if @url.save
+        @urls = Url.all
+        format.html { render :index, notice: 'Url was successfully created.' }
+        format.json { render :show, status: :created, location: @url }
+      else
+        format.html { render :new }
+        format.json { render json: @url.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  private
+    # Never trust parameters from the scary internet, only allow the white list through.
+    def url_params
+      params.require(:url).permit(:short_url, :real_url)
+    end
 end

source/app/controllers/users_controller.rb

@@ -1,2 +1,76 @@
 class UsersController < ApplicationController
+  before_action :set_user, only: [:show, :edit, :update, :destroy]
+  before_action :logged_in_user, except: [:create, :new]
+
+  # GET /users
+  # GET /users.json
+  def index
+    @users = User.all
+  end
+
+  # GET /users/1
+  # GET /users/1.json
+  def show
+  end
+
+  # GET /users/new
+  def new
+    @user = User.new
+  end
+
+  # GET /users/1/edit
+  def edit
+  end
+
+  # POST /users
+  # POST /users.json
+  def create
+    @user = User.new(user_params)
+
+    respond_to do |format|
+      if @user.save
+        log_in @user
+        format.html { redirect_to @user, notice: 'User was successfully created.' }
+        format.json { render :show, status: :created, location: @user }
+      else
+        format.html { render :new }
+        format.json { render json: @user.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  # PATCH/PUT /users/1
+  # PATCH/PUT /users/1.json
+  def update
+    respond_to do |format|
+      if @user.update(user_params)
+        format.html { redirect_to @user, notice: 'User was successfully updated.' }
+        format.json { render :show, status: :ok, location: @user }
+      else
+        format.html { render :edit }
+        format.json { render json: @user.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  # DELETE /users/1
+  # DELETE /users/1.json
+  def destroy
+    @user.destroy
+    respond_to do |format|
+      format.html { redirect_to users_url, notice: 'User was successfully destroyed.' }
+      format.json { head :no_content }
+    end
+  end
+
+  private
+    # Use callbacks to share common setup or constraints between actions.
+    def set_user
+      @user = User.find(params[:id])
+    end
+
+    # Never trust parameters from the scary internet, only allow the white list through.
+    def user_params
+      params.require(:user).permit(:name, :email, :password, :password_confirmation)
+    end
 end

source/app/helpers/application_helper.rb

@@ -1,2 +1,5 @@
 module ApplicationHelper
+  def logged_in_user
+    redirect_to login_path and return if !logged_in?
+  end
 end

source/app/helpers/sessions_helper.rb

@@ -1,2 +1,18 @@
 module SessionsHelper
+  def log_in(user)
+    session[:user_id] = user.id
+  end
+
+  def log_out
+    session.delete(:user_id)
+    @current_user = nil
+  end
+
+  def current_user
+    @current_user ||= User.find_by(id: session[:user_id])
+  end
+
+  def logged_in?
+    !current_user.nil?
+  end
 end

source/app/models/url.rb

@@ -0,0 +1,28 @@
+require 'uri'
+require 'open-uri'
+
+class Url < ActiveRecord::Base
+  before_save :make_short_url
+  validates :real_url, presence: true
+  validate :test_url
+
+  private
+    def make_short_url
+      self.short_url = SecureRandom.hex(4) if self.short_url.blank?
+    end
+
+    def test_url
+      # validate url is http or https
+      uri = URI(self.real_url)
+      if self.real_url !~ /\A#{URI::regexp(['http', 'https'])}\z/
+        errors.add(:real_url, 'is not http or https')
+      end
+
+      # validate url is accessible
+      begin
+        open(uri.to_s)
+      rescue
+        errors.add(:real_url, 'is not accessible')
+      end
+    end
+end

source/app/models/user.rb

@@ -0,0 +1,10 @@
+class User < ActiveRecord::Base
+  before_save { self.email = email.downcase }
+  validates :name, presence: true, length: { maximum: 50 }
+  VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
+  validates :email, presence: true, length: { maximum: 255 },
+                    format: { with: VALID_EMAIL_REGEX },
+                    uniqueness: { case_sensitive: false }
+  has_secure_password
+  validates :password, presence: true, length: { minimum: 6 }
+end

source/app/views/layouts/application.html.erb

@@ -7,6 +7,13 @@
   <%= csrf_meta_tags %>
 </head>
 <body>
+  <nav>
+    <% if logged_in? %>
+      <%= link_to "Log out #{current_user.email}", logout_path, method: 'delete' %>
+    <% else %>
+      <%= link_to 'Log in', login_path %>
+    <% end %>
+  </nav>
 
 <%= yield %>
 

source/app/views/sessions/new.html.erb

@@ -0,0 +1,19 @@
+<% provide(:title, "Log in") %>
+<h1>Log in</h1>
+
+<div class="row">
+  <div class="col-md-6 col-md-offset-3">
+    <%= form_for(:session, url: login_path) do |f| %>
+
+      <%= f.label :email %>
+      <%= f.email_field :email, class: 'form-control' %>
+
+      <%= f.label :password %>
+      <%= f.password_field :password, class: 'form-control' %>
+
+      <%= f.submit "Log in", class: "btn btn-primary" %>
+    <% end %>
+
+    <p>New user? <%= link_to "Sign up now!", signup_path %></p>
+  </div>
+</div>

source/app/views/urls/_form.html.erb

@@ -0,0 +1,21 @@
+<%= form_for(@url) do |f| %>
+  <% if @url.errors.any? %>
+    <div id="error_explanation">
+      <h2><%= pluralize(@url.errors.count, "error") %> prohibited this url from being saved:</h2>
+
+      <ul>
+      <% @url.errors.full_messages.each do |message| %>
+        <li><%= message %></li>
+      <% end %>
+      </ul>
+    </div>
+  <% end %>
+
+  <div class="field">
+    <%= f.label :real_url %><br>
+    <%= f.text_field :real_url %>
+  </div>
+  <div class="actions">
+    <%= f.submit %>
+  </div>
+<% end %>

source/app/views/urls/edit.html.erb

@@ -0,0 +1,6 @@
+<h1>Editing url</h1>
+
+<%= render 'form' %>
+
+<%= link_to 'Show', @url %> |
+<%= link_to 'Back', urls_path %>