clean up ENV vars and fix flash message in login

Author: simonfranzen

README.md

@@ -68,7 +68,7 @@ While this is an API-only application you will not be able to access any routes
 
 Point the GraphQL IDE to `http://0.0.0.0:3000/graphql`
 
-**Note:** Make sure that the `.env` file is included in the root of your project and you have defined `CLIENT_URL` and `DEVISE_JWT_SECRET_KEY`. You can try out the [Demo frontend](https://github.com/zauberware/gatsby-starter-redux-saas) or you implement the actions in any other client. Read more about the JSON Web Token [this](https://github.com/zauberware/rails-devise-graphql). There are plenty of packages available.
+**Note:** Make sure that the `.env` file is included in the root of your project and you have defined `CLIENT_URL` and `DEVISE_SECRET_KEY`. You can try out the [Demo frontend](https://github.com/zauberware/gatsby-starter-redux-saas) or you implement the actions in any other client. Read more about the JSON Web Token [this](https://github.com/zauberware/rails-devise-graphql). There are plenty of packages available.
 
 ## What's included?
 
@@ -114,7 +114,7 @@ Change rails_admin settins under `config/initializers/rails_admin.rb`.
 This app has the default language `en` and already set a secondary language `de`. We included the [rails-i18n](https://github.com/svenfuchs/rails-i18n) to support other languages out of the box. Add more languages under `config/initializers/locale.rb`.
 
 #### Setting locale
-To switch locale just append `?locale=de` at the end of your url.
+To switch locale just append `?locale=de` at the end of your url. If no `locale` param was set it uses browser default language (request env `HTTP_ACCEPT_LANGUAGE`). If this is unknown it takes the default language of the rails app.
 
 #### Devise
 For devise we use [devise-i18n](https://github.com/tigrish/devise-i18n) to support other languages.

app.json

@@ -23,29 +23,29 @@
     "postdeploy": "rake db:migrate && rake db:seed"
   },
   "env": {
-    "CLIENT_URL": {
-      "description": "Enter the client domain for CORS. Choose http://0.0.0.0:8000 when using our gatsby frontend.",
-      "value": "http://0.0.0.0:8000"
+    "DEVISE_SECRET_KEY": {
+      "description": "A secret key for verifying the integrity of signed JWT tokens.",
+      "value": "replace-this-key-with-a-secret"
     },
-    "WEB_CONCURRENCY": {
-      "description": "Specifies the number of `workers` to boot in clustered mode.",
-      "value": "2"
+    "DEFAULT_URL": {
+      "description": "Enter the url of this application. If you deploy to heroku set your heroku address.",
+      "value": "http://...herokuapp.com"
     },
-    "RAILS_MAX_THREADS": {
-      "description": "Puma can serve each request in a thread from an internal thread pool.",
-      "value": "5"
+    "CLIENT_URL": {
+      "description": "Enter the client domain for CORS.",
+      "value": "http://0.0.0.0:8000"
     },
-    "DEVISE_JWT_SECRET_KEY": {
-      "description": "A secret key for verifying the integrity of signed JWT tokens.",
-      "generator": "secret"
+    "DEVISE_MAILER_FROM": {
+      "description": "Set the default from address for mailers.",
+      "value": "[email protected]"
     },
     "ADMIN_EMAIL": {
       "description": "Admin default login.",
       "value": "[email protected]"
     },
     "ADMIN_PASSWORD": {
       "description": "Admin default password.",
-      "value": "demo123"
+      "value": "demo1234"
     },
     "ADMIN_FIRST_NAME": {
       "description": "Admin default firstname.",
@@ -54,6 +54,26 @@
     "ADMIN_LAST_NAME": {
       "description": "Admin default lastname.",
       "value": "Doe"
+    },
+    "IS_HTTP_AUTH_PROTECTED": {
+      "description": "Enable http auth protection with setting this to true.",
+      "value": "false"
+    },
+    "HTTP_AUTH_USER": {
+      "description": "Set user for HTTP Auth protection.",
+      "value": "demo"
+    },
+    "HTTP_AUTH_PASSWORD": {
+      "description": "Set password for HTTP Auth protection.",
+      "value": "demo1234"
+    },
+    "WEB_CONCURRENCY": {
+      "description": "Specifies the number of `workers` to boot in clustered mode.",
+      "value": "2"
+    },
+    "RAILS_MAX_THREADS": {
+      "description": "Puma can serve each request in a thread from an internal thread pool.",
+      "value": "5"
     }
   },
   "image": "heroku/ruby",

app/assets/stylesheets/frontend/_vars.scss

@@ -17,7 +17,6 @@ $brand-warning:         #e1c345;
 $brand-danger:          #e5734b;
 
 
-
 $font-family-sans-serif:  "Roboto",-apple-system,BlinkMacSystemFont,"Segoe UI","Helvetica Neue",Arial,sans-serif;
 $font-family-serif:       "Roboto Slab",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif;
 //** Default monospace fonts for `<code>`, `<kbd>`, and `<pre>`.

app/assets/stylesheets/frontend/main.scss

@@ -80,8 +80,30 @@ h1,h2,h3,h4,h5,h6{
   color: $gray;
 }
 
+.field{
+  text-align: left;
+}
+
 .logo-wrapper{
   background-color: white;
   display: inline-block;
   padding: 15px 10px 10px 10px;
+}
+
+.flash{
+  padding: 10px;
+  text-align: center;
+  background: $brand-info;
+  margin: 10px 0;
+  color: white;
+  border-radius: 3px;
+  font-weight: 700;
+
+  &--error{
+    background: $brand-danger;
+  }
+
+  &--alert{
+    background: $brand-warning;
+  }
 }

app/controllers/application_controller.rb

@@ -3,8 +3,7 @@
 # Base controlller for application
 class ApplicationController < ActionController::Base
   include HttpAuth
-
-  force_ssl if: :ssl_configured?
+  include LocaleWrapper
 
   rescue_from CanCan::AccessDenied do |exception|
     respond_to do |format|
@@ -14,13 +13,6 @@ class ApplicationController < ActionController::Base
     end
   end
 
-  # setting locale from URL parameter
-  around_action :switch_locale
-  def switch_locale(&action)
-    locale = params[:locale] || I18n.default_locale
-    I18n.with_locale(locale, &action)
-  end
-
   protected
 
   def current_superadmin
@@ -32,10 +24,6 @@ def current_superadmin
 
   private
 
-  def ssl_configured?
-    Rails.env.production?
-  end
-
   def after_sign_in_path_for(resource)
     if resource.superadmin? || resource.admin?
       rails_admin_url

app/controllers/concerns/http_auth.rb

@@ -1,16 +1,20 @@
-module HttpAuth  
+# frozen_string_literal: true
+
+# Injects http authentication to a controller.
+module HttpAuth
   extend ActiveSupport::Concern
 
   included do
     before_action :http_authenticate
   end
 
   protected
+
   def http_authenticate
     return true unless ENV['IS_HTTP_AUTH_PROTECTED'] == 'true'
 
     authenticate_or_request_with_http_basic do |username, password|
       username == ENV['HTTP_AUTH_USER'] && password == ENV['HTTP_AUTH_PASSWORD']
     end
   end
-end
+end

app/controllers/concerns/locale_wrapper.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+# Handles setting of locale in your controller.
+module LocaleWrapper
+  extend ActiveSupport::Concern
+
+  included do
+    around_action :switch_locale
+  end
+
+  protected
+
+  def switch_locale(&action)
+    locale = params[:locale] || locale_from_http_accept_lang || I18n.default_locale
+    I18n.with_locale(locale, &action)
+  end
+
+  def locale_from_http_accept_lang
+    return nil if !request || !request.env['HTTP_ACCEPT_LANGUAGE']
+
+    locale = request.env['HTTP_ACCEPT_LANGUAGE'].scan(/^[a-z]{2}/).first
+    return nil unless locale
+
+    # only if match
+    I18n.available_locales.map(&:to_s).include?(locale) ? locale : nil
+  end
+end

app/mailers/application_mailer.rb

@@ -2,6 +2,6 @@
 
 # Base class for all application mailer
 class ApplicationMailer < ActionMailer::Base
-  default from: '[email protected]'
+  default from: ENV['DEVISE_MAILER_FROM']
   layout 'mailer'
 end

app/views/devise/sessions/new.html.erb

@@ -6,6 +6,8 @@
   <h2><%= t('.sign_in') %></h2>
 
   <%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
+    <%= render "devise/shared/error_messages", resource: resource %>
+
     <div class="field">
       <%= f.label :email %><br />
       <%= f.email_field :email, autofocus: true, autocomplete: "email" %>

app/views/devise/shared/_error_messages.html.erb

@@ -13,3 +13,8 @@
     </ul>
   </div>
 <% end %>
+
+<% flash.each do |key, value| %>
+  <% key = (key == 'alert' || key == 'error') ? 'error' : 'info' %>
+  <%= content_tag(:div, value, class: "flash flash--#{key}") %>
+<% end %>