Merge pull request #346 from joyofrails/feat/record-events

Add ApplicationEvent model

Author: rossta

Gemfile

@@ -22,42 +22,42 @@ gem "turbo-rails" # Hotwire's SPA-like page accelerator [https://turbo.hotwired.
 gem "vite_rails" # Leverage Vite to power the frontend of your Rails app [https://vite-ruby.netlify.app/guide/rails.html]
 
 # Utilities
+gem "addressable" # Addressable is an alternative implementation to URI [https://github.com/sporkmonger/addressable]
 gem "bcrypt", "~> 3.1.7" # Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]
+gem "color_conversion" # A ruby gem to perform color conversions [https://github.com/devrieda/color_conversion]
+gem "commonmarker", require: false
+gem "device_detector" # DeviceDetector is a precise and fast user agent parser and device detector written in Ruby [https://github.com/podigee/device_detector]
+gem "fastimage", require: false # FastImage finds the size or type of an image given its uri by fetching as little as needed [https://github.com/sdsykes/fastimage]
 gem "flipper" # Feature flipping for Ruby [https://www.flippercloud.io/]
 gem "flipper-active_record" # ActiveRecord adapter for Flipper [https://www.flippercloud.io/docs/adapters/active-record]
-gem "device_detector" # DeviceDetector is a precise and fast user agent parser and device detector written in Ruby [https://github.com/podigee/device_detector]
-gem "warden" # General Rack Authentication Framework [https://github.com/wardencommunity/warden]
-gem "postmark-rails" # Postmark Rails gem [https://github.com/ActiveCampaign/postmark-rails]
-gem "scout_apm" # Scout APM Ruby Agent [https://scoutapm.com]
-gem "rails_admin" # RailsAdmin is a Rails engine that provides an easy-to-use interface for managing your data [https://github.com/railsadminteam/rails_admin]
-gem "addressable" # Addressable is an alternative implementation to URI [https://github.com/sporkmonger/addressable]
+gem "invisible_captcha" # Unobtrusive and flexible spam protection for Rails apps [https://github.com/markets/invisible_captcha]
+gem "json-schema" # JSON Schema validation [https://github.com/voxpupuli/json-schema]
 gem "ostruct" # OpenStruct is a data structure, similar to a Hash, that allows the definition of arbitrary attributes with their accompanying values
 gem "parslet" # Parslet is a small Ruby library for constructing parsers [https://github.com/kschiess/parslet]
+gem "postmark-rails" # Postmark Rails gem [https://github.com/ActiveCampaign/postmark-rails]
+gem "rails_admin" # RailsAdmin is a Rails engine that provides an easy-to-use interface for managing your data [https://github.com/railsadminteam/rails_admin]
+gem "scout_apm" # Scout APM Ruby Agent [https://scoutapm.com]
+gem "warden" # General Rack Authentication Framework [https://github.com/wardencommunity/warden]
 
 # Rendering
 gem "image_processing" # Use Active Storage variants [https://guides.rubyonrails.org/active_storage_overview.html#transforming-images]
 gem "inline_svg" # Embed SVGs in Rails views and style them with CSS [https://github.com/jamesmartin/inline_svg
+gem "meta-tags" # Search Engine Optimization (SEO) for Ruby on Rails applications. [https://github.com/kpumuk/meta-tags]
 gem "rouge" # Pure Ruby syntax highlighter [https://github.com/rouge-ruby/rouge
 gem "sitepress-rails" # Static site generator for Rails [https://sitepress.cc/getting-started/rails]
 
 gem "phlex", "2.0.0.rc1" # An object-oriented view layer. [https://github.com/phlex-ruby/phlex]
 gem "phlex-rails", "2.0.0.rc1" # Rails integration for Phlex [https://github.com/phlex-ruby/phlex-rails]
 
-gem "commonmarker", require: false
-gem "invisible_captcha" # Unobtrusive and flexible spam protection for Rails apps [https://github.com/markets/invisible_captcha]
-gem "color_conversion" # A ruby gem to perform color conversions [https://github.com/devrieda/color_conversion]
-gem "meta-tags" # Search Engine Optimization (SEO) for Ruby on Rails applications. [https://github.com/kpumuk/meta-tags]
-gem "fastimage", require: false # FastImage finds the size or type of an image given its uri by fetching as little as needed [https://github.com/sdsykes/fastimage]
-
 gem "bootsnap", require: false # Reduces boot times through caching; required in config/boot.rb [https://github.com/Shopify/bootsnap]
 
 # Clients
-gem "httpx" # An HTTP client library for Ruby [https://gitlab.com/os85/httpx]
+gem "aws-sdk-s3" # Official AWS Ruby gem for Amazon S3 [https://github.com/aws/aws-sdk-ruby]
 gem "honeybadger", require: false # Error monitoring and uptime reporting [https://www.honeybadger.io]
+gem "httpx" # An HTTP client library for Ruby [https://gitlab.com/os85/httpx]
 gem "litestream" # Standalone streaming replication for SQLite [https://litestream.io]
-gem "web-push" # Web Push library for Ruby [https://github.com/pushpad/web-push]
-gem "aws-sdk-s3" # Official AWS Ruby gem for Amazon S3 [https://github.com/aws/aws-sdk-ruby]
 gem "ruby-openai" # Use OpenAI in Ruby [https://github.com/alexrudall/ruby-openai]
+gem "web-push" # Web Push library for Ruby [https://github.com/pushpad/web-push]
 
 # Admin
 gem "flipper-ui" # UI for the Flipper gem [https://www.flippercloud.io/docs/ui]
@@ -75,18 +75,18 @@ group :test do
   gem "capybara" # Acceptance test framework for web applications [https://github.com/teamcapybara/capybara]
   gem "cuprite" # Headless Chrome driver for Capybara [https://github.com/rubycdp/cuprite]
   gem "simplecov", require: false # Code coverage for Ruby [https://github.com/simplecov-ruby/simplecov]
-  gem "simplecov-tailwindcss", require: false # Alternative HTML formatter for SimpleCov [https://github.com/chiefpansancolt/simplecov-tailwindcss]
   gem "simplecov-cobertura", require: false # Produces Cobertura formatted XML from SimpleCov. [https://github.com/dashingrocket/simplecov-cobertura]
+  gem "simplecov-tailwindcss", require: false # Alternative HTML formatter for SimpleCov [https://github.com/chiefpansancolt/simplecov-tailwindcss]
   gem "webmock", require: false # Library for stubbing HTTP requests [https://github.com/bblimke/webmock]
 
   # Uncomment the following line and bundle to use Selenium with Firefox
   # gem "selenium-webdriver" # Ruby bindings for Selenium [https://www.rubydoc.info/gems/selenium-webdriver/frames]
 end
 
 group :development, :test do
-  gem "css_parser", require: false # A pure Ruby CSS parser based on the CSS Syntax Level 3 specification [https://github.com/rgrove/crass]
   gem "brakeman", require: false # A static analysis security vulnerability scanner for Ruby on Rails applications [https://github.com/presidentbeef/brakeman]
   gem "bundle-audit", require: false # Patch level verification for Bundler [https://github.com/rubysec/bundler-audit]
+  gem "css_parser", require: false # A pure Ruby CSS parser based on the CSS Syntax Level 3 specification [https://github.com/rgrove/crass]
   gem "debug", platforms: %i[mri windows] # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
   gem "dotenv" # A Ruby gem to load environment variables from `.env` [https://github.com/bkeepers/dotenv]
   gem "factory_bot_rails", require: false # A library for setting up Ruby objects as test data [https://github.com/thoughtbot/factory_bot_rails]

Gemfile.lock

@@ -289,6 +289,9 @@ GEM
       reline (>= 0.4.2)
     jmespath (1.6.2)
     json (2.9.1)
+    json-schema (5.1.1)
+      addressable (~> 2.8)
+      bigdecimal (~> 3.1)
     jwt (2.9.3)
       base64
     kaminari (1.2.2)
@@ -652,6 +655,7 @@ DEPENDENCIES
   image_processing
   inline_svg
   invisible_captcha
+  json-schema
   letter_opener
   litestream
   meta-tags

app/models/application_event.rb

@@ -0,0 +1,19 @@
+# == Schema Information
+#
+# Table name: application_events
+#
+#  id         :string           not null, primary key
+#  data       :text             not null
+#  metadata   :text
+#  type       :string           not null
+#  created_at :datetime         not null
+#  updated_at :datetime         not null
+#
+# Indexes
+#
+#  index_application_events_on_created_at  (created_at)
+#
+class ApplicationEvent < ApplicationRecord
+  serialize :data, coder: JSON
+  serialize :metadata, coder: JSON
+end

app/models/application_events/deploy.rb

@@ -0,0 +1,42 @@
+# == Schema Information
+#
+# Table name: application_events
+#
+#  id         :string           not null, primary key
+#  data       :text             not null
+#  metadata   :text
+#  type       :string           not null
+#  created_at :datetime         not null
+#  updated_at :datetime         not null
+#
+# Indexes
+#
+#  index_application_events_on_created_at  (created_at)
+#
+module ApplicationEvents
+  class Deploy < ::ApplicationEvent
+    DATA_SCHEMA = {
+      "type" => "object",
+      "required" => ["sha"],
+      "properties" => {
+        "sha" => {"type" => "string"}
+      }
+    }.freeze
+
+    validates_with Validators::SchemaValidator, field: :data, schema: DATA_SCHEMA
+
+    def self.record!(sha: nil)
+      sha = current_sha if sha.nil?
+
+      create! data: {sha: sha}
+    end
+
+    def self.current_sha
+      Repo.new.rev_parse("HEAD")
+    rescue => e
+      Honeybadger.notify(e)
+
+      "UNKNOWN"
+    end
+  end
+end

app/models/examples/app_file.rb

@@ -59,7 +59,7 @@ def extname
     alias_method :extension, :extname
 
     def repo_url
-      "https://github.com/joyofrails/joyofrails.com/blob/#{revision}/#{app_path}"
+      repo.url("blob/#{revision}/#{app_path}")
     end
 
     def source(lines: nil)
@@ -87,8 +87,11 @@ def file_read
     end
 
     def git_read
-      git_dir = ENV.fetch("REPOSITORY_ROOT", ".")
-      `(cd #{git_dir} && git show #{@revision}:#{@path}) 2>/dev/null`
+      repo.read_file(@path, revision: @revision)
+    end
+
+    def repo
+      @repo ||= Repo.new
     end
   end
 end

app/models/repo.rb

@@ -0,0 +1,23 @@
+# We take advantage of the fact that our deployment tool is Hatchbox which uses
+# git on the server as part of the deploy process. We abstract git commands so callers
+# don’t need to be aware of the fact that the git repository is in a different location.
+class Repo
+  def root = ENV.fetch("REPOSITORY_ROOT", ".")
+
+  def read_file(path, revision: "HEAD")
+    run "git show #{revision}:#{path}"
+  end
+
+  def rev_parse(revision = "HEAD")
+    run("git rev-parse #{revision}").strip
+  end
+
+  def url(path = "")
+    path = path.drop(1) if path.start_with?("/")
+    "https://github.com/joyofrails/joyofrails.com/#{path}"
+  end
+
+  def run(command)
+    `(cd #{root} && #{command}) 2>/dev/null`
+  end
+end

app/models/validators/schema_validator.rb

@@ -0,0 +1,14 @@
+require "json-schema"
+module Validators
+  class SchemaValidator < ActiveModel::Validator
+    def validate(record)
+      schema = options.fetch(:schema)
+      field_name = options.fetch(:field)
+      value = record.send(field_name)
+
+      unless JSON::Validator.validate(schema, value)
+        record.errors.add(field_name, "does not comply to JSON Schema: #{schema.inspect}")
+      end
+    end
+  end
+end

config/brakeman.ignore

@@ -1,96 +1,62 @@
 {
   "ignored_warnings": [
+    {
+      "warning_type": "Command Injection",
+      "warning_code": 14,
+      "fingerprint": "386b18e7b0e504ea42e4ba89ee6cb1b353a9177c7fa58439553cb92abb3d5364",
+      "check_name": "Execute",
+      "message": "Possible command injection",
+      "file": "app/models/repo.rb",
+      "line": 21,
+      "link": "https://brakemanscanner.org/docs/warning_types/command_injection/",
+      "code": "`(cd #{root} && #{command}) 2>/dev/null`",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Repo",
+        "method": "run"
+      },
+      "user_input": "root",
+      "confidence": "Medium",
+      "cwe_id": [
+        77
+      ],
+      "note": ""
+    },
     {
       "warning_type": "Dynamic Render Path",
       "warning_code": 15,
-      "fingerprint": "690098d85fc8739353285debac5a26f57148c6150eac806a1ce8574d8b3db76f",
+      "fingerprint": "8fef72728237431ad41e05126612820980b845a5fb952aac35e89b120b93c59b",
       "check_name": "Render",
       "message": "Render path contains parameter value",
-      "file": "app/views/pwa/installation_instructions/_installation_instructions.html.erb",
-      "line": 6,
+      "file": "app/views/author/polls/show.html.erb",
+      "line": 8,
       "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
-      "code": "render(action => (if params[:user_agent_nickname] then\n  Pwa::NamedInstallationInstructions.find(params[:user_agent_nickname])\nelse\n  Honeybadger.event(\"installation_instructions_controller.show\", :user_agent => request.user_agent)\n  Pwa::UserAgentInstallationInstructions.new(request.user_agent)\nend).partial_name, { :installation_instructions => installation_instructions })",
+      "code": "render(action => Current.user.polls.find(params[:id]).questions.includes(:answers).ordered, { :poll => Current.user.polls.find(params[:id]) })",
       "render_path": [
         {
           "type": "controller",
-          "class": "Pwa::InstallationInstructionsController",
+          "class": "Author::PollsController",
           "method": "show",
-          "line": 4,
-          "file": "app/controllers/pwa/installation_instructions_controller.rb",
+          "line": 15,
+          "file": "app/controllers/author/polls_controller.rb",
           "rendered": {
-            "name": "pwa/installation_instructions/show",
-            "file": "app/views/pwa/installation_instructions/show.html.erb"
-          }
-        },
-        {
-          "type": "template",
-          "name": "pwa/installation_instructions/show",
-          "line": 3,
-          "file": "app/views/pwa/installation_instructions/show.html.erb",
-          "rendered": {
-            "name": "pwa/installation_instructions/_installation_instructions",
-            "file": "app/views/pwa/installation_instructions/_installation_instructions.html.erb"
+            "name": "author/polls/show",
+            "file": "app/views/author/polls/show.html.erb"
           }
         }
       ],
       "location": {
         "type": "template",
-        "template": "pwa/installation_instructions/_installation_instructions"
+        "template": "author/polls/show"
       },
-      "user_input": "params[:user_agent_nickname]",
+      "user_input": "params[:id]",
       "confidence": "Weak",
       "cwe_id": [
         22
       ],
       "note": ""
-    },
-    {
-      "warning_type": "SQL Injection",
-      "warning_code": 0,
-      "fingerprint": "75fc982bf0fdc1992076ca5a34bdf947d7cdc80b38d207e9b712fb6d8ae2af38",
-      "check_name": "SQL",
-      "message": "Possible SQL injection",
-      "file": "app/models/concerns/searchable.rb",
-      "line": 47,
-      "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
-      "code": "joins(\"JOIN #{search_table_name} ON #{table_name}.id = #{search_table_name}.#{search_table_foreign_key}\")",
-      "render_path": null,
-      "location": {
-        "type": "method",
-        "class": "Searchable::ClassMethods",
-        "method": "search"
-      },
-      "user_input": "search_table_name",
-      "confidence": "Medium",
-      "cwe_id": [
-        89
-      ],
-      "note": ""
-    },
-    {
-      "warning_type": "Command Injection",
-      "warning_code": 14,
-      "fingerprint": "ee467aaea70b8a7b361ef6e8ee6c5082b3ff265dc67d798ea3f24c1687ff4584",
-      "check_name": "Execute",
-      "message": "Possible command injection",
-      "file": "app/models/examples/app_file.rb",
-      "line": 91,
-      "link": "https://brakemanscanner.org/docs/warning_types/command_injection/",
-      "code": "`(cd #{ENV.fetch(\"REPOSITORY_ROOT\", \".\")} && git show #{@revision}:#{@path}) 2>/dev/null`",
-      "render_path": null,
-      "location": {
-        "type": "method",
-        "class": "Examples::AppFile",
-        "method": "git_read"
-      },
-      "user_input": "ENV.fetch(\"REPOSITORY_ROOT\", \".\")",
-      "confidence": "Medium",
-      "cwe_id": [
-        77
-      ],
-      "note": ""
     }
   ],
-  "updated": "2024-11-01 07:34:07 -0400",
-  "brakeman_version": "6.2.2"
+  "brakeman_version": "7.0.0"
 }

db/migrate/20250123135323_index_application_events_created_at.rb

@@ -0,0 +1,5 @@
+class IndexApplicationEventsCreatedAt < ActiveRecord::Migration[8.1]
+  def change
+    add_index :application_events, :created_at
+  end
+end