Merge branch 'api' into conflicts

Gemfile

@@ -118,3 +118,6 @@ gem "standard", "~> 1.33"
 gem "standard-rails", "~> 1.0"
 
 gem "syntax_suggest", "~> 2.0"
+gem "doorkeeper", "~> 5.6"
+
+gem "doorkeeper-openid_connect", "~> 1.8"

Gemfile.lock

@@ -126,6 +126,11 @@ GEM
     diff-lcs (1.5.0)
     dnsimple (8.7.1)
       httparty
+    doorkeeper (5.6.8)
+      railties (>= 5)
+    doorkeeper-openid_connect (1.8.7)
+      doorkeeper (>= 5.5, < 5.7)
+      jwt (>= 2.5)
     dotenv (2.8.1)
     dotenv-rails (2.8.1)
       dotenv (= 2.8.1)
@@ -445,6 +450,8 @@ DEPENDENCIES
   dalli (~> 3.2)
   debug
   dnsimple (~> 8.1)
+  doorkeeper (~> 5.6)
+  doorkeeper-openid_connect (~> 1.8)
   dotenv-rails
   erb-formatter
   importmap-rails (~> 1.2)

app/controllers/api/v1/api_controller.rb

@@ -0,0 +1,11 @@
+class Api::V1::ApiController < ActionController::Base
+
+  skip_before_action :verify_authenticity_token
+
+  private
+
+  # Find the user that owns the access token
+  def current_user
+    User::User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
+  end
+end

app/controllers/api/v1/domains/records_controller.rb

@@ -0,0 +1,47 @@
+class Api::V1::Domains::RecordsController < Api::V1::ApiController
+  include DomainAuthorization
+  before_action do
+    doorkeeper_authorize! :domains
+    doorkeeper_authorize! :domains_records
+  end
+
+  before_action only: [:create, :update, :destroy] do
+    doorkeeper_authorize! :domains_records_write
+  end
+
+  def index
+    @records = current_domain.records
+  end
+
+  def create
+    @record = Record.create(domain_id: current_domain.id, name: params["name"], type: params["type"], content: params["content"], ttl: params["ttl"], priority: params["priority"]) # standard:disable all
+    render "show"
+  end
+
+  def show
+    @record = Record.find(params[:id])
+  end
+
+  def update
+    @record = Record.find(params[:id])
+
+    (@record.type = params[:type]) if params[:type]
+    (@record.name = params[:name]) if params[:name]
+    (@record.content = params[:content]) if params[:content]
+    (@record.ttl = params[:ttl]) if params[:ttl]
+    (@record.priority = params[:priority]) if params[:priority]
+
+    @record.save # standard:disable all
+
+    render "show"
+  end
+
+  def destroy
+    @record = Record.find(params[:id])
+
+    @record.destroy! #standard:disable all
+
+    index
+    render "index"
+  end
+end

app/controllers/api/v1/domains_controller.rb

@@ -0,0 +1,43 @@
+class Api::V1::DomainsController < Api::V1::ApiController
+  include DomainAuthorization
+  before_action do
+    doorkeeper_authorize! :domains
+  end
+
+  before_action only: [:create, :destroy] do
+    doorkeeper_authorize! :domains_write
+  end
+
+  skip_before_action :authorize_domain, only: [:index, :create]
+
+  def index
+    @domains = Domain.where(user_users_id: current_user.id)
+    if params[:records]
+      doorkeeper_authorize!(:domains_records)
+    end
+  end
+
+  def show
+    @domain = Domain.find_by(host: params[:host])
+    if params[:records]
+      doorkeeper_authorize!(:domains_records)
+    end
+  end
+
+  def create
+    @domain = Domain.new(host: params[:host], plan: params[:plan], provisional: true, user_users_id: current_user.id)
+    if @domain.save
+      render "show"
+    else
+      render json: @domain.errors, status: 418
+    end
+  end
+
+  def destroy
+    @domain = Domain.find_by(host: params[:host])
+    @domain.destroy!
+
+    index
+    render "index"
+  end
+end

app/controllers/api/v1/user_controller.rb

@@ -0,0 +1,49 @@
+class Api::V1::UserController < Api::V1::ApiController
+  before_action do
+    doorkeeper_authorize! :user
+  end
+
+  def show
+    if doorkeeper_token.scopes.exists?(:name)
+      @name = current_user.name
+    end
+
+    if doorkeeper_token.scopes.exists?(:email)
+      @email = current_user.email
+    end
+
+    @id = current_user.id
+    @created_at = current_user.created_at
+    @updated_at = current_user.updated_at
+    @verified = current_user.verified
+
+    if doorkeeper_token.scopes.exists?(:admin)
+      @admin = current_user.admin
+    end
+  end
+
+  def update
+    redirected = false
+
+    if params[:name]
+      if doorkeeper_authorize! :name_write
+        redirected = true
+      else
+        current_user.update!(name: params[:name])
+      end
+    end
+
+    if params[:email]
+      if doorkeeper_authorize! :email_write
+        redirected = true
+      else
+        current_user.update!(email: params[:email])
+      end
+    end
+
+    if !redirected
+      show
+      render "show"
+    end
+  end
+end

app/controllers/auth_controller.rb

@@ -40,7 +40,7 @@ def verify_code
       session[:authenticated] = true
       session[:current_user_id] = u.id
 
-      redirect_to(root_path, notice: (User::Credential.where(user_users_id: u.id).length == 0) ? "Passkeys are more secure & convienient way to login. Head to Account Settings to add one." : "To disable insecure email code authentication, head to Account Settings.")
+      redirect_to(session[:return_path] || root_path, notice: (User::Credential.where(user_users_id: u.id).length == 0) ? "Passkeys are more secure & convienient way to login. Head to Account Settings to add one." : "To disable insecure email code authentication, head to Account Settings.")
     else
       render inline: "<%= turbo_stream.replace \"error\" do %><p class=\"error\">Invalid OTP</p><% end %>", status: :unprocessable_entity, format: :turbo_stream
     end
@@ -57,7 +57,7 @@ def create_key
       user.verified = true
       user.save!
       session[:authenticated] = true
-      redirect_to(root_path, notice: "To add a passkey in the future, head to Account Settings")
+      redirect_to(session[:return_path] || root_path, notice: "To add a passkey in the future, head to Account Settings")
     end
 
     @options = WebAuthn::Credential.options_for_create(

app/javascript/controllers/webauthn_controller.js

@@ -14,11 +14,15 @@ export default class extends Controller {
 
 	connect() {
 		console.log("hai")
-	  if (typeof(PublicKeyCredential) == "undefined") {
-	    window.location.pathname = "/auth/unsupported"
-	  }
+	  	if (typeof(PublicKeyCredential) == "undefined" && window.location.search != "?force=true") {
+			const url = new URL(window.location);
+			url.searchParams.append("returnpath", window.location.pathname)
+	    	url.pathname = "/auth/unsupported"
 
-	  window.Auth = Auth
+			window.location.href = url.href
+	  	}
+
+	  	window.Auth = Auth
 	}
 
 	async createKey() {

app/models/domain.rb

@@ -1,6 +1,7 @@
 class Domain < ApplicationRecord
   include DnsimpleHelper
   validates :host, uniqueness: true # standard:disable all
+  validates :host, presence: {message: "Host is not present"}
   validates :user_users_id, presence: {message: "User ID is not present"}
 
   after_create ->(d) { Domain::InitializeJob.perform_later(d.id) }, unless: proc { |d| d.provisional }
@@ -38,6 +39,10 @@ def top_records
     records
   end
 
+  def records
+    Record.where_host(host)
+  end
+
   def user
     User::User.find_by(id: user_users_id)
   end

app/models/record.rb

@@ -1,4 +1,4 @@
-include DnsimpleHelper #standard:disable all
+include DnsimpleHelper #standard:disable all  
 
 class Record
   include ActiveModel::Model
@@ -138,6 +138,7 @@ def self.all
   end
 
   def self.find(id)
+    id = id.to_i
     found = nil
     for r in all
       if r.id == id

app/models/user/user.rb

@@ -2,6 +2,16 @@ class User::User < ApplicationRecord
   validates :email, uniqueness: true # standard:disable all
   has_many :user_credentials # standard:disable all
 
+  has_many :access_grants,
+            class_name: 'Doorkeeper::AccessGrant',
+            foreign_key: :resource_owner_id,
+            dependent: :delete_all
+
+  has_many :access_tokens,
+            class_name: 'Doorkeeper::AccessToken',
+            foreign_key: :resource_owner_id,
+            dependent: :delete_all
+
   after_initialize do
     @hotp = ROTP::HOTP.new(hotp_token)
   end

app/views/api/v1/domains/_domain.json.jbuilder

@@ -0,0 +1,10 @@
+json.id d.id
+json.host d.host
+json.created_at d.created_at
+json.updated_at d.updated_at
+json.user_id d.user_users_id
+json.provisional d.provisional
+json.plan d.plan
+if records
+  json.records d.records, partial: "records/record", as: :r
+end

app/views/api/v1/domains/index.json.jbuilder

@@ -0,0 +1 @@
+json.array! @domains, partial: "domain", as: :d, locals: {records: params[:records]}

app/views/api/v1/domains/records/_record.json.jbuilder

@@ -0,0 +1,6 @@
+json.id r.id
+json.name r.name
+json.content r.content
+json.type r.type
+json.ttl r.ttl
+json.domain_id r.domain_id

app/views/api/v1/domains/records/index.json.jbuilder

@@ -0,0 +1 @@
+json.array! @records, partial: "record", as: :r

app/views/api/v1/domains/records/show.json.jbuilder

@@ -0,0 +1 @@
+json.partial! "record", r: @record

app/views/api/v1/domains/show.json.jbuilder

@@ -0,0 +1 @@
+json.partial! "domain", d: @domain, records: params[:records]

app/views/api/v1/user/show.json.jbuilder

@@ -0,0 +1,17 @@
+json.id @id
+
+if @name
+  json.name @name
+end
+
+if @email
+  json.email @email
+end
+
+if @admin
+  json.admin @admin
+end
+
+json.verified @verified
+json.created_at @created_at
+json.updated_at @updated_at

app/views/auth/unsupported.html.erb

@@ -1,3 +1,5 @@
 <h1>Unsupported Browser</h1>
 
-<p>Your browser doesn't support passkeys, how you access your Obl.ong account. Please upgrade to a supported browser [list browsers]</p>
+<p>Your browser doesn't support passkeys, how you access your Obl.ong account. Please upgrade to a supported browser [list browsers]</p>
+
+<a href="<%= params[:returnpath]%>?force=true">Continue anyway</a>

config/application.rb

@@ -21,7 +21,7 @@ class Application < Rails::Application
 
     config.action_mailer.delivery_method = :postmark
 
-    config.sentry = true
+    config.sentry = false
 
     config.action_mailer.postmark_settings = {
       api_token: Rails.application.credentials.postmark_api_token
@@ -36,6 +36,6 @@ class Application < Rails::Application
 
     config.assets.paths << Rails.root.join("app/javascript")
 
-    config.slack_notify = true
+    config.slack_notify = false
   end
 end