Feature: Allow users to run their own Ruby benchmarks (#267)

* Feature: Allow certain users to run their own benchmarks

* run rubocop

Author: OsamaSayegh

app/assets/javascripts/application/initialize.js

@@ -56,6 +56,48 @@ var onSelectChange = function (event) {
   });
 }
 
+function onRangeTogglerChange() {
+  if (this.checked) {
+    $("#second-sha").parent().removeClass("hidden");
+  } else {
+    $("#second-sha").parent().addClass("hidden");
+  }
+}
+
+function onSubmitScript() {
+  var name = $('#script-name').val();
+  var url = $('#script-url').val();
+  var sha = $('#first-sha').val();
+  var sha2 = $('#second-sha').val();
+
+  var submitButton = $('#submit-script');
+  submitButton.attr("disabled", true);
+
+  var outlet = $('#response-outlet')
+  $.ajax("/user-scripts.json", {
+    type: "POST",
+    data: {
+      name: name,
+      url: url,
+      sha: sha,
+      sha2: sha2
+    },
+    success: function(message) {
+      outlet.removeClass('hidden');
+      outlet.addClass('white');
+      outlet.html(message);
+    },
+    error: function(error) {
+      outlet.removeClass('white');
+      outlet.removeClass('hidden');
+      outlet.html("An error occured, status: " + error.status + "<br>" + error.responseText);
+    },
+    complete: function() {
+      submitButton.attr("disabled", false);
+    }
+  });
+}
+
 $(document).on('turbolinks:load', function() {
   if (location.pathname) {
     $(".navbar-nav a[href='" + location.pathname + "']").addClass('current');
@@ -100,4 +142,6 @@ $(document).on('turbolinks:load', function() {
   });
 
   $('.result-types-form select').change(onSelectChange);
+  $('#range-toggler').on('change', onRangeTogglerChange);
+  $('#submit-script').on('click', onSubmitScript);
 });

app/assets/stylesheets/modules/_user-scripts.scss

@@ -0,0 +1,17 @@
+.user-script-form {
+  width: 70%;
+  .commit-sha {
+    width: 50%;
+  }
+
+  #response-outlet {
+    color: white;
+    background: $brand-primary;
+    border-radius: 4px;
+    padding: 6px;
+    &.white {
+      color: $text-color;
+      background: $pre-bg;
+    }
+  }
+}

app/controllers/benchmark_runs_controller.rb

@@ -13,7 +13,8 @@ def create
 
     benchmark_type = repo.benchmark_types.find_or_create_by!(
       category: benchmark_type_params[:category],
-      script_url: benchmark_type_params[:script_url]
+      script_url: benchmark_type_params[:script_url],
+      from_user: [true, 'true'].include?(benchmark_type_params[:from_user])
     )
 
     benchmark_type.update_attributes(digest: benchmark_type_params[:digest])
@@ -47,7 +48,7 @@ def benchmark_run_params
   end
 
   def benchmark_type_params
-    params.require(:benchmark_type).permit(:category, :script_url, :digest)
+    params.require(:benchmark_type).permit(:category, :script_url, :digest, :from_user)
   end
 
   def benchmark_result_type_params

app/controllers/repos_controller.rb

@@ -195,6 +195,17 @@ def set_display_count
 
   def set_repo_benchmarks
     @benchmarks = @repo.benchmark_types
+    set_rubybench_benchmarks
+    set_users_benchmarks
+    @benchmarks
+  end
+
+  def set_rubybench_benchmarks
+    @rubybench_benchmarks = @benchmarks.where(from_user: false)
+  end
+
+  def set_users_benchmarks
+    @users_benchmarks = @benchmarks.where(from_user: true)
   end
 
   def set_comparable_benchmarks

app/controllers/session_controller.rb

@@ -1,12 +1,15 @@
 class SessionController < ApplicationController
+  USERNAMES = %w{john osama sam tgx patrick}
+  TRUSTED_GROUP_NAME = 'trusted-users'
+
   def sso
     sso = DiscourseApi::SingleSignOn.parse(request.query_string, Rails.application.secrets.sso_secret)
     return_url = $redis.get(sso.nonce)
     if return_url.present?
       session[:user] = {
         username: sso.username,
-        email: sso.email,
-        external_id: sso.external_id
+        external_id: sso.external_id,
+        trusted: is_trusted?(sso)
       }
       redirect_to return_url
     else
@@ -20,7 +23,32 @@ def login
     sso.return_sso_url = "#{request.base_url}/sso"
     sso.nonce = SecureRandom.hex
     sso.sso_url = "#{AppSettings.forum_url}/session/sso_provider"
-    $redis.setex(sso.nonce, 10.minutes.to_i, '/')
+    path = session[:destination_url] || '/'
+    $redis.setex(sso.nonce, 10.minutes.to_i, path)
     redirect_to sso.to_url
   end
+
+  def become
+    if Rails.env.production?
+      render plain: "Can't use this endpoint in production", status: 403
+      return
+    end
+
+    permitted = params.permit([:username, :external_id, :trusted])
+    hash = {
+      username: "#{USERNAMES.sample}#{SecureRandom.random_number(20)}",
+      external_id: SecureRandom.random_number(1000),
+      trusted: false
+    }.merge(permitted.to_h.symbolize_keys.slice(:username, :external_id, :trusted))
+
+    hash[:trusted] = [true, 'true'].include?(hash[:trusted])
+    session[:user] = hash
+    redirect_to '/'
+  end
+
+  private
+
+  def is_trusted?(sso)
+    sso.admin || sso&.groups&.first&.split(',')&.include?(TRUSTED_GROUP_NAME)
+  end
 end

app/controllers/user_scripts_controller.rb

@@ -0,0 +1,36 @@
+class UserScriptsController < ApplicationController
+  before_action :ensure_trusted, except: :index
+
+  def index
+    if !current_user
+      session[:destination_url] = request.fullpath
+    elsif !current_user.trusted
+      render status: 403
+    end
+  end
+
+  def create
+    bench = UserBench.new(
+      params[:name],
+      params[:url],
+      params[:sha],
+      params[:sha2]
+    )
+    bench.validate!
+    if bench.valid?
+      bench.run
+
+      render plain: t('.index.successful_submit', path: "/ruby/ruby/commits?result_type=#{bench.name}")
+    else
+      render plain: bench.errors.join("\n"), status: 422
+    end
+  end
+
+  private
+
+  def ensure_trusted
+    if !current_user || !current_user.trusted
+      render plain: 'Not allowed to post scripts', status: 403
+    end
+  end
+end

app/jobs/remote_server_job.rb

@@ -20,7 +20,7 @@ class RemoteServerJob < ActiveJob::Base
 
   RUBY_COMMIT_DISCOURSE = "#{SCRIPTS_PATH}/ruby/discourse/trunk.sh"
 
-  RUBY_CUSTOM_SCRIPTS = "#{SCRIPTS_PATH}/ruby/custom_scripts/receiver.sh"
+  RUBY_USER_SCRIPTS = "#{SCRIPTS_PATH}/ruby/user_scripts/receiver.sh"
 
   # Use keyword arguments once Rails 4.2.1 has been released.
   def perform(initiator_key, benchmark_group, options = {})
@@ -62,12 +62,12 @@ def ruby_release(ssh, version, options)
     )
   end
 
-  def ruby_custom_scripts(ssh, script_url, options)
-    commit_a = options[:commit_a]
-    commit_b = options[:commit_b]
+  def ruby_user_scripts(ssh, commit, options)
+    name = options[:name]
+    script_url = options[:script_url]
     ssh_exec!(
       ssh,
-      "#{RUBY_CUSTOM_SCRIPTS} #{script_url} #{commit_a} #{commit_b} #{secrets.api_name} #{secrets.api_password}"
+      "#{RUBY_USER_SCRIPTS} #{commit} #{name} #{script_url} #{secrets.api_name} #{secrets.api_password}"
     )
   end
 

app/jobs/run_user_bench.rb

@@ -0,0 +1,46 @@
+class RunUserBench < ActiveJob::Base
+  queue_as :default
+
+  def perform(name, script_url, start_date, stop_sha)
+    commits = fetch_commits(start_date, stop_sha)
+
+    repo = Repo.find_or_create_by!(
+      name: 'ruby',
+      url: 'https://github.com/tgxworld/ruby',
+      organization: Organization.find_or_create_by!(
+        name: 'ruby',
+        url: 'https://github.com/tgxworld/',
+      )
+    )
+
+    CommitsRunner.run(:api, commits, repo, '', smart: true, name: name, script_url: script_url, initiator_type: 'user_scripts')
+  end
+
+  private
+
+  def fetch_commits(start_date, stop_sha)
+    client = Octokit::Client.new(access_token: Rails.application.secrets.github_api_token, per_page: 100)
+    commits = []
+    done = false
+    batch = client.commits('ruby/ruby', until: start_date)
+    response = client.last_response
+    while batch.size > 0 && !done
+      index = -1
+      batch.each_with_index do |c, ind|
+        if c.sha == stop_sha
+          done = true
+          index = ind
+        end
+      end
+      if done
+        commits.push(*batch[0..index])
+        break
+      else
+        commits.push(*batch)
+        response = response.rels[:next]&.get
+        batch = response&.data || []
+      end
+    end
+    commits
+  end
+end

app/services/commits_runner.rb

@@ -1,5 +1,6 @@
 module CommitsRunner
-  def self.run(trigger_source, commits, repo, pattern = '', smart: false)
+  def self.run(trigger_source, commits, repo, pattern = '', opts = {})
+    smart = !!opts[:smart]
     formatted_commits =
       if trigger_source == :webhook
         format_webhook(commits, repo)
@@ -9,7 +10,7 @@ def self.run(trigger_source, commits, repo, pattern = '', smart: false)
 
     formatted_commits = smart_reorder(formatted_commits) if smart
     formatted_commits.select { |commit| valid?(commit) }
-                     .each { |commit| create_and_run(commit, pattern) }
+                     .each { |commit| create_and_run(commit, pattern, opts) }
                      .count
   end
 
@@ -45,7 +46,7 @@ def self.valid?(commit)
     !Commit.merge_or_skip_ci?(commit[:message]) && Commit.valid_author?(commit[:author_name])
   end
 
-  def self.create_and_run(commit, pattern)
+  def self.create_and_run(commit, pattern, opts = {})
     Commit.find_or_create_by!(sha1: commit[:sha]) do |c|
       c.url = commit[:url]
       c.message = commit[:message]
@@ -54,10 +55,10 @@ def self.create_and_run(commit, pattern)
     end
 
     BenchmarkPool.enqueue(
-      :commit,
+      opts[:initiator_type] || :commit,
       commit[:sha],
       commit[:repo].name,
-      include_patterns: pattern
+      opts.merge(include_patterns: pattern)
     )
   end
 

app/services/user_bench.rb

@@ -0,0 +1,87 @@
+class UserBench
+  attr_reader :errors, :name, :url, :sha, :sha2, :commits
+
+  def initialize(name, url, sha, sha2 = nil)
+    @name = name&.strip
+    @url = url&.strip
+    @sha = sha&.strip
+    @sha2 = sha2&.strip
+    @errors = []
+    @commits = []
+    @client = Octokit::Client.new(access_token: Rails.application.secrets.github_api_token)
+  end
+
+  def validate!
+    errors.push(err('missing_name')) if name.blank?
+    errors.push(err('missing_url')) if url.blank?
+    errors.push(err('missing_sha')) if sha.blank?
+    return if !valid?
+
+    errors.push(err('name_already_taken')) if name_taken?
+    errors.push(err('bad_url')) unless valid_url?
+    errors.push(err('unallowed_characters', name: name)) unless valid_name?
+
+    return if !valid?
+
+    validate_sha(sha)
+    validate_sha(sha2) if sha2.present?
+  end
+
+  def valid?
+    @errors.size == 0
+  end
+
+  def run
+    repo = Repo.find_or_create_by!(
+      name: 'ruby',
+      url: 'https://github.com/tgxworld/ruby',
+      organization: Organization.find_or_create_by!(
+        name: 'ruby',
+        url: 'https://github.com/tgxworld/',
+      )
+    )
+    BenchmarkType.create!(
+      category: name,
+      script_url: url,
+      from_user: true,
+      repo: repo
+    )
+
+    RunUserBench.perform_later(name, url, commits.last.commit.committer.date.iso8601, commits.first.sha)
+  end
+
+  private
+
+  def valid_url?
+    uri = URI.parse(url)
+    URI::HTTP === uri || URI::HTTPS === uri
+  rescue URI::InvalidURIError
+    false
+  end
+
+  def name_taken?
+    BenchmarkType.exists?(category: name)
+  end
+
+  def valid_name?
+    name.match?(/^[a-zA-Z0-9\-_]+$/)
+  end
+
+  def validate_sha(sha)
+    commit = @client.commit('ruby/ruby', sha)
+    add_commit(commit)
+  rescue Octokit::UnprocessableEntity
+    errors.push(err('bad_sha', sha: sha))
+  end
+
+  def add_commit(commit)
+    if commits.all? { |c| c.sha != commit.sha }
+      commits.push(commit)
+      commits.sort_by! { |c| c.commit.committer.date }
+    end
+  end
+
+  def err(key, *args)
+    I18n.t("user_scripts.errors.#{key}", *args)
+  end
+end