0.5.0

Reviewed-on: #110
Reviewed-by: galfert <garret.alfert@gmail.com>

.env.example

@@ -7,6 +7,8 @@ SMTP_DOMAIN=example.com
 SMTP_AUTH_METHOD=plain
 SMTP_ENABLE_STARTTLS=auto
 
+REDIS_URL='redis://localhost:6379/1'
+
 LDAP_HOST=localhost
 LDAP_PORT=389
 LDAP_ADMIN_PASSWORD=passthebutter

.gitea/release-drafter.yml

@@ -0,0 +1,13 @@
+name-template: 'v$RESOLVED_VERSION'
+tag-template: 'v$RESOLVED_VERSION'
+version-resolver:
+  major:
+    labels:
+      - 'release/major'
+  minor:
+    labels:
+      - 'release/minor'
+  patch:
+    labels:
+      - 'release/patch'
+  default: patch

.gitea/workflows/release_drafter.yml

@@ -0,0 +1,11 @@
+name: Release Drafter
+on:
+  pull_request:
+    types: [closed]
+jobs:
+  release_drafter_job:
+    name: Update release notes draft
+    runs-on: ubuntu-latest
+    steps:
+      - name: Release Drafter
+        uses: https://github.com/raucao/gitea-release-drafter@dev

Dockerfile

@@ -1,8 +1,13 @@
 # syntax=docker/dockerfile:1
 FROM ruby:2.7.6
-RUN apt-get update -qq && apt-get install -y curl ldap-utils
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+RUN apt-get update -qq && apt-get install -y --no-install-recommends curl \
+      ldap-utils tini
 RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash -
 RUN apt-get update && apt-get install -y nodejs
+
 WORKDIR /akkounts
 COPY Gemfile /akkounts/Gemfile
 COPY Gemfile.lock /akkounts/Gemfile.lock
@@ -12,11 +17,5 @@ RUN gem install foreman
 RUN npm install -g yarn
 RUN yarn install
 
-# Add a script to be executed every time the container starts.
-COPY docker/entrypoint.sh /usr/bin/
-RUN chmod +x /usr/bin/entrypoint.sh
-ENTRYPOINT ["entrypoint.sh"]
+ENTRYPOINT ["/usr/bin/tini", "--"]
 EXPOSE 3000
-
-# Configure the main process to run when running the image
-CMD ["bin", "dev"]

Gemfile

@@ -48,6 +48,10 @@ gem 'faraday'
 gem 'sidekiq', '< 7'
 gem 'sidekiq-scheduler'
 
+# Monitoring
+gem "sentry-ruby"
+gem "sentry-rails"
+
 group :development, :test do
   # Use sqlite3 as the database for Active Record
   gem 'sqlite3', '~> 1.4'

Gemfile.lock

@@ -254,6 +254,11 @@ GEM
     ruby2_keywords (0.0.5)
     rufus-scheduler (3.8.2)
       fugit (~> 1.1, >= 1.1.6)
+    sentry-rails (5.8.0)
+      railties (>= 5.0)
+      sentry-ruby (~> 5.8.0)
+    sentry-ruby (5.8.0)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
     sidekiq (6.5.5)
       connection_pool (>= 2.2.2)
       rack (~> 2.0)
@@ -335,6 +340,8 @@ DEPENDENCIES
   rails-settings-cached (~> 2.8.3)
   rqrcode (~> 2.0)
   rspec-rails
+  sentry-rails
+  sentry-ruby
   sidekiq (< 7)
   sidekiq-scheduler
   sprockets-rails

README.md

@@ -14,7 +14,7 @@ so:
 
 1. Make sure [Docker Compose is installed][1] and Docker is running (included in
    Docker Desktop)
-2. Uncomment the `web` section in `docker-compose.yml`
+2. Uncomment the `redis`, `web`, and `sidekiq` sections in `docker-compose.yml`
 3. Run `docker compose up` and wait until 389ds announces its successful start
    in the log output
 4. `docker-compose exec ldap dsconf localhost backend create --suffix="dc=kosmos,dc=org" --be-name="dev"`

app/assets/stylesheets/components/links.css

@@ -5,10 +5,4 @@
     &:visited { @apply text-indigo-600; }
     &:active  { @apply text-red-600; }
   }
-
-  .devise-links {
-    a {
-      @apply ks-text-link;
-    }
-  }
 }

app/components/form_elements/toggle_component.html.erb

@@ -1,6 +1,6 @@
 <%= button_tag type: "button", name: "toggle", data: @data,
       role: "switch", aria: { checked: @enabled.to_s },
-      disabled: !@input_enabled,
+      tabindex: @tabindex, disabled: !@input_enabled,
       class: "#{ @enabled ? 'bg-blue-600' : 'bg-gray-200' }
               #{ @class_names.present? ? @class_names : '' }
               relative inline-flex h-6 w-11 flex-shrink-0 cursor-pointer

app/components/form_elements/toggle_component.rb

@@ -2,11 +2,12 @@
 
 module FormElements
   class ToggleComponent < ViewComponent::Base
-    def initialize(enabled:, input_enabled: true, data: nil, class_names: nil)
+    def initialize(enabled:, input_enabled: true, data: nil, class_names: nil, tabindex: nil)
       @enabled = !!enabled
       @input_enabled = input_enabled
       @data = data
       @class_names = class_names
+      @tabindex = tabindex
     end
   end
 end

app/controllers/application_controller.rb

@@ -3,6 +3,18 @@ class ApplicationController < ActionController::Base
     render :text => exception, :status => 500
   end
 
+  before_action :sentry_set_user
+
+  def sentry_set_user
+    return unless Setting.sentry_enabled
+
+    if user_signed_in?
+      Sentry.set_user(id: current_user.id, username: current_user.cn)
+    else
+      Sentry.set_user({})
+    end
+  end
+
   def require_user_signed_in
     unless user_signed_in?
       redirect_to welcome_path and return

app/javascript/controllers/notification_controller.js

@@ -4,6 +4,10 @@ export default class extends Controller {
   static targets = ["buttons", "countdown"]
 
   connect() {
+    // Devise timeoutable ends up adding a second flash message without content
+    // TODO investigate bug
+    if (this.element.textContent.trim() == "true") return;
+
     const timeoutSeconds = parseInt(this.data.get("timeout"));
 
     setTimeout(() => {

app/mailers/custom_mailer.rb

@@ -11,7 +11,7 @@
 #
 # Send email via Sidekiq:
 #
-#     CustomMailer.with(user: u, subject: "Important announcement", body: body).custom_message.deliver_later
+#     CustomMailer.with(user: user, subject: "Important announcement", body: body).custom_message.deliver_later
 #
 class CustomMailer < ApplicationMailer
   def custom_message

app/models/setting.rb

@@ -2,6 +2,13 @@
 class Setting < RailsSettings::Base
   cache_prefix { "v1" }
 
+  #
+  # Internal services
+  #
+
+  field :redis_url, type: :string, readonly: true,
+    default: ENV["REDIS_URL"] || "redis://localhost:6379/0"
+
   #
   # Registrations
   #
@@ -10,6 +17,13 @@ class Setting < RailsSettings::Base
     account accounts donations mail webmaster support
   ]
 
+  #
+  # Sentry
+  #
+
+  field :sentry_enabled, type: :boolean, readonly: true,
+    default: (ENV["SENTRY_DSN"].present?.to_s || false)
+
   #
   # Discourse
   #

app/models/user.rb

@@ -38,7 +38,9 @@ class User < ApplicationRecord
   devise :ldap_authenticatable,
          :confirmable,
          :recoverable,
-         :validatable
+         :validatable,
+         :timeoutable,
+         :rememberable
 
   def ldap_before_save
     self.email = Devise::LDAP::Adapter.get_ldap_param(self.cn, "mail").first
@@ -63,6 +65,10 @@ class User < ApplicationRecord
     end
   end
 
+  def send_devise_notification(notification, *args)
+    devise_mailer.send(notification, self, *args).deliver_later
+  end
+
   def reset_password(new_password, new_password_confirmation)
     self.password = new_password
     self.password_confirmation = new_password_confirmation

app/services/create_account.rb

@@ -11,7 +11,7 @@ class CreateAccount < ApplicationService
   def call
     user = create_user_in_database
     add_ldap_document
-    create_lndhub_account(user)
+    create_lndhub_account(user) if Setting.lndhub_enabled
 
     if @invitation.present?
       update_invitation(user.id)

app/views/devise/sessions/new.html.erb

@@ -7,19 +7,43 @@
       <%= f.label :cn, 'User', class: 'block mb-2 font-bold' %>
       <p class="flex gap-2 items-center">
         <%= f.text_field :cn, autofocus: true, autocomplete: "username",
-                              required: true, class: "relative grow"%>
+              required: true, class: "relative grow", tabindex: "1" %>
         <span class="relative shrink-0 text-gray-500">@ kosmos.org</span>
       </p>
     </div>
-    <p>
+    <p class="mb-8">
       <%= f.label :password, class: 'block mb-2 font-bold' %>
       <%= f.password_field :password, autocomplete: "current-password",
-                                      required: true, class: "w-full"%>
+            required: true, class: "w-full", tabindex: "2" %>
     </p>
-    <p class="mt-8">
-      <%= f.submit "Log in", class: 'btn-md btn-blue w-full' %>
+
+    <%= tag.div class: "flex items-center mb-8 gap-x-3", data: {
+          controller: "settings--toggle",
+          :'settings--toggle-switch-enabled-value' => "false"
+        } do %>
+      <div class="relative inline-flex flex-shrink-0">
+        <%= render FormElements::ToggleComponent.new(
+              enabled: false, input_enabled: true, class_names: "hidden",
+              tabindex: "3", data: {
+                :'settings--toggle-target' => "button",
+                action: "settings--toggle#toggleSwitch"
+              }) %>
+        <%= f.check_box :remember_me, {
+              checked: false,
+              data: { :'settings--toggle-target' => "checkbox" }
+            }, "true", "false" %>
+      </div>
+      <%= f.label :remember_me,
+            class: "text-gray-500 flex flex-col",
+            data: { action: "click->settings--toggle#toggleSwitch" } %>
+      <p class="grow text-sm text-right">
+        <%= link_to "Forgot your password?", new_password_path(resource_name),
+              class: "text-gray-500 underline" %><br />
+      </p>
+    <% end %>
+
+    <p>
+      <%= f.submit "Log in", class: 'btn-md btn-blue w-full', tabindex: "4" %>
     </p>
   <% end %>
-
-  <%= render "devise/shared/links" %>
 <% end %>

app/views/devise/shared/_links.html.erb

@@ -1,25 +1,29 @@
 <div class="devise-links mt-8 text-sm">
   <%- if controller_name != 'sessions' %>
-    <p class="mb-1.5">
-      <%= link_to "Log in", new_session_path(resource_name) %><br />
+    <p class="mb-2">
+      <%= link_to "Log in", new_session_path(resource_name),
+            class: "text-gray-500 underline" %>
     </p>
   <% end %>
 
   <%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %>
-    <p class="mb-1.5">
-      <%= link_to "Forgot your password?", new_password_path(resource_name) %><br />
+    <p class="mb-2">
+      <%= link_to "Forgot your password?", new_password_path(resource_name),
+            class: "text-gray-500 underline" %>
     </p>
   <% end %>
 
-  <%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
-    <p class="mb-1.5">
-      <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
+  <%- if devise_mapping.confirmable? && !controller_name.match(/^(confirmations|sessions)$/) %>
+    <p class="mb-2">
+      <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name),
+            class: "text-gray-500 underline" %>
     </p>
   <% end %>
 
   <%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %>
-    <p class="mb-1.5">
-      <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %><br />
+    <p class="mb-2">
+      <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name),
+            class: "text-gray-500 underline" %>
     </p>
   <% end %>
 </div>

config/application.rb

@@ -8,7 +8,7 @@ require "active_record/railtie"
 # require "active_storage/engine"
 require "action_controller/railtie"
 require "action_mailer/railtie"
-# require "action_mailbox/engine"
+require "action_mailbox/engine"
 # require "action_text/engine"
 require "action_view/railtie"
 require "action_cable/engine"

config/initializers/devise.rb

@@ -186,13 +186,13 @@ Devise.setup do |config|
 
   # ==> Configuration for :rememberable
   # The time the user will be remembered without asking for credentials again.
-  # config.remember_for = 2.weeks
+  config.remember_for = 2.weeks
 
   # Invalidates all the remember me tokens when the user signs out.
   config.expire_all_remember_me_on_sign_out = true
 
   # If true, extends the user's remember period when remembered via cookie.
-  # config.extend_remember_period = false
+  config.extend_remember_period = true
 
   # Options to be passed to the created cookie. For instance, you can set
   # secure: true in order to force SSL only cookies.
@@ -210,7 +210,7 @@ Devise.setup do |config|
   # ==> Configuration for :timeoutable
   # The time you want to timeout the user session without activity. After this
   # time the user will be asked for credentials again. Default is 30 minutes.
-  # config.timeout_in = 30.minutes
+  config.timeout_in = 30.minutes
 
   # ==> Configuration for :lockable
   # Defines which strategy will be used to lock an account.

config/initializers/sentry.rb

@@ -0,0 +1,9 @@
+if ENV["SENTRY_DSN"].present?
+  Sentry.init do |config|
+    config.dsn = ENV["SENTRY_DSN"]
+    config.breadcrumbs_logger = [:active_support_logger, :http_logger]
+    config.traces_sampler = lambda do |context|
+      true
+    end
+  end
+end

config/initializers/sidekiq.rb

@@ -0,0 +1,5 @@
+require_relative "../../app/models/setting"
+
+Sidekiq.configure_server do |config|
+  config.redis = { url: Setting.redis_url }
+end

config/routes.rb

@@ -1,7 +1,7 @@
 require 'sidekiq/web'
 
 Rails.application.routes.draw do
-  devise_for :users, :controllers => { :confirmations => "users/confirmations" }
+  devise_for :users, controllers: { confirmations: "users/confirmations" }
 
   get 'welcome', to: 'welcome#index'
   get 'check_your_email', to: 'welcome#check_your_email'

config/sidekiq.yml

@@ -1,3 +1,4 @@
 :concurrency: 2
 :queues:
   - default
+  - mailers

config/storage.yml

@@ -0,0 +1,7 @@
+test:
+  service: Disk
+  root: <%= Rails.root.join("tmp/storage") %>
+
+local:
+  service: Disk
+  root: <%= Rails.root.join("storage") %>

db/migrate/20230319101128_add_remember_created_at_to_users.rb

@@ -0,0 +1,6 @@
+class AddRememberCreatedAtToUsers < ActiveRecord::Migration[7.0]
+  def change
+    add_column :users, :remember_created_at, :datetime
+    add_column :users, :remember_token, :string
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.0].define(version: 2023_02_23_115536) do
+ActiveRecord::Schema[7.0].define(version: 2023_03_19_101128) do
   create_table "donations", force: :cascade do |t|
     t.integer "user_id"
     t.integer "amount_sats"
@@ -57,6 +57,8 @@ ActiveRecord::Schema[7.0].define(version: 2023_02_23_115536) do
     t.text "ln_login_ciphertext"
     t.text "ln_password_ciphertext"
     t.string "ln_account"
+    t.datetime "remember_created_at"
+    t.string "remember_token"
     t.index ["email"], name: "index_users_on_email", unique: true
     t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
   end

docker-compose.yml

@@ -3,11 +3,67 @@ services:
     image: 4teamwork/389ds:latest
     volumes:
       - ./tmp/389ds:/data
+    networks:
+      - external_network
+      - internal_network
     ports:
       - "389:3389"
     environment:
       DS_DM_PASSWORD: passthebutter
       SUFFIX_NAME: "dc=kosmos,dc=org"
+
+  # redis:
+  #   restart: always
+  #   image: redis:7-alpine
+  #   networks:
+  #     - internal_network
+  #   healthcheck:
+  #     test: ['CMD', 'redis-cli', 'ping']
+  #   volumes:
+  #     - ./tmp/redis:/data
+
+  # web:
+  #   build: .
+  #   tty: true
+  #   command: bash -c "rm -f /akkounts/tmp/pids/server.pid; bin/dev"
+  #   volumes:
+  #     - .:/akkounts
+  #   networks:
+  #     - external_network
+  #     - internal_network
+  #   ports:
+  #     - "3000:3000"
+  #   environment:
+  #     RAILS_ENV: development
+  #     REDIS_URL: redis://redis:6379/0
+  #     LDAP_HOST: ldap
+  #     LDAP_PORT: 3389
+  #     LDAP_ADMIN_PASSWORD: passthebutter
+  #     LDAP_USE_TLS: "false"
+  #   depends_on:
+  #     - ldap
+  #     - redis
+
+  # sidekiq:
+  #   build: .
+  #   command: bash -c "bundle exec sidekiq -C config/sidekiq.yml"
+  #   volumes:
+  #     - .:/akkounts
+  #   networks:
+  #     - internal_network
+  #   environment:
+  #     RAILS_ENV: development
+  #     REDIS_URL: redis://redis:6379/0
+  #     LDAP_HOST: ldap
+  #     LDAP_PORT: 3389
+  #     LDAP_ADMIN_PASSWORD: passthebutter
+  #     LDAP_USE_TLS: "false"
+  #     LAUNCHY_DRY_RUN: true
+  #     BROWSER: /dev/null
+  #   depends_on:
+  #     - ldap
+  #     - redis
+
   # phpldapadmin:
   #   image: osixia/phpldapadmin:0.9.0
   #   ports:
@@ -16,19 +72,8 @@ services:
   #     PHPLDAPADMIN_HTTPS: false
   #     PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'ldap': [{'server': [{'tls': False}, {'port': 3389}]}, {'login': [{'bind_id': 'cn=Directory Manager'}, {'bind_pass': 'passthebutter'}]}]}]"
   #     PHPLDAPADMIN_LDAP_CLIENT_TLS: false
-  # web:
-  #   build: .
-  #   tty: true
-  #   command: bash -c "sleep 5 && rm -f tmp/pids/server.pid && bin/dev"
-  #   volumes:
-  #     - .:/akkounts
-  #   ports:
-  #     - "3000:3000"
-  #   environment:
-  #     RAILS_ENV: development
-  #     LDAP_HOST: ldap
-  #     LDAP_PORT: 3389
-  #     LDAP_ADMIN_PASSWORD: passthebutter
-  #     LDAP_USE_TLS: "false"
-  #   depends_on:
-  #     - ldap
+
+networks:
+  external_network:
+  internal_network:
+    internal: true

docker/entrypoint.sh

@@ -1,8 +0,0 @@
-#!/bin/bash
-set -e
-
-# Remove a potentially pre-existing server.pid for Rails.
-rm -f /myapp/tmp/pids/server.pid
-
-# Then exec the container's main process (what's set as CMD in the Dockerfile).
-exec "$@"

package.json

@@ -11,7 +11,7 @@
     "postcss-preset-env": "^7.8.3",
     "tailwindcss": "^3.2.4"
   },
-  "version": "0.4.0",
+  "version": "0.5.0",
   "scripts": {
     "build:css:tailwind": "tailwindcss --postcss -i ./app/assets/stylesheets/application.tailwind.css -o ./app/assets/builds/application.css",
     "build:css": "yarn run build:css:tailwind"