Merge branch 'main' of https://github.com/solver-it-sro/govbox-pro

.github/workflows/workflow.yml

@@ -5,9 +5,20 @@ on:
     branches: '**'
 
 jobs:
-  test:
-    if: ${{github.repository == 'solver-it-sro/govbox-pro'}}
+  brakeman:
+    name: Brakeman
+
+    runs-on: ubuntu-latest
 
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+
+      - run: bundle exec brakeman
+
+  test:
     runs-on: ubuntu-latest
 
     env:

.gitlab/auto-deploy-values.yaml

@@ -6,6 +6,9 @@ image:
   secrets:
   - name: skdigital-bonet-registry
 application.migrateCommand: ["bundle", "exec", "rails", "db:migrate"]
+ingress:
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: 256m
 livenessProbe:
   initialDelaySeconds: 5
   timeoutSeconds: 5

.gitlab/prod-auto-deploy-values.yaml

@@ -6,6 +6,9 @@ image:
   secrets:
   - name: skdigital-bonet-registry
 application.migrateCommand: ["bundle", "exec", "rails", "db:migrate"]
+ingress:
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: 256m
 livenessProbe:
   initialDelaySeconds: 5
   timeoutSeconds: 5

Gemfile

@@ -47,6 +47,7 @@ gem 'pg_search'
 gem 'bootsnap', '>= 1.4.4', require: false
 
 group :development, :test do
+  gem "brakeman"
   gem 'dotenv-rails'
   gem 'pry-rails'
   gem 'pry-byebug'

Gemfile.lock

@@ -77,6 +77,7 @@ GEM
     bindex (0.8.1)
     bootsnap (1.16.0)
       msgpack (~> 1.2)
+    brakeman (6.0.1)
     builder (3.2.4)
     byebug (11.1.3)
     capybara (3.39.1)
@@ -385,6 +386,7 @@ PLATFORMS
 DEPENDENCIES
   annotate
   bootsnap (>= 1.4.4)
+  brakeman
   capybara
   capybara-screenshot
   clockwork

app/components/message_threads_table_component.html.erb

@@ -1,6 +1,6 @@
 <div class="flex flex-col justify-stretch items-stretch gap-4 p-4">
   <div class="flex flex-col justify-stretch items-stretch rounded-md bg-white border border-gray-200">
-    <%= form_with(url: merge_message_threads_path, local: true) do |form|%>
+    <%= form_with(url: merge_message_threads_path) do |form|%>
       <div class="flex justify-stretch items-center gap-4 p-4 border-t-0 border-r-0 border-b border-l-0 border-gray-200">
         <div class="todo flex justify-start items-start   pr-[100px]">
           <div class="  w-4 h-4 relative">

app/controllers/message_threads_controller.rb

@@ -1,5 +1,6 @@
 class MessageThreadsController < ApplicationController
   before_action :set_message_thread, only: %i[show update]
+  before_action :load_threads, only: %i[index scroll]
 
   def show
     authorize @message_thread
@@ -18,24 +19,26 @@ def update
 
   def index
     authorize MessageThread
+  end
+
+  def scroll
+    authorize MessageThread
+  end
 
+  def load_threads
     cursor = MessageThreadCollection.init_cursor(search_params[:cursor])
 
-    @message_threads, @next_cursor = MessageThreadCollection.all(
-      scope: message_thread_policy_scope.includes(:tags, :box),
-      search_permissions: search_permissions,
-      query: search_params[:q],
-      no_visible_tags: search_params[:no_visible_tags] == '1' && Current.user.admin?,
-      cursor: cursor
-    )
+    @message_threads, @next_cursor =
+      MessageThreadCollection.all(
+        scope: message_thread_policy_scope.includes(:tags, :box),
+        search_permissions: search_permissions,
+        query: search_params[:q],
+        no_visible_tags: search_params[:no_visible_tags] == "1" && Current.user.admin?,
+        cursor: cursor
+      )
 
     @next_cursor = MessageThreadCollection.serialize_cursor(@next_cursor)
     @next_page_params = search_params.to_h.merge(cursor: @next_cursor).merge(format: :turbo_stream)
-
-    respond_to do |format|
-      format.html # GET
-      format.turbo_stream # POST
-    end
   end
 
   def merge

app/jobs/govbox/process_message_job.rb

@@ -4,7 +4,7 @@ module Govbox
   class ProcessMessageJob < ApplicationJob
     queue_as :default
 
-    retry_on ::Govbox::Message::FailedToAcquireLockError, wait: :exponentially_longer, attempts: Float::INFINITY
+    retry_on ::ApplicationRecord::FailedToAcquireLockError, wait: :exponentially_longer, attempts: Float::INFINITY
 
     def perform(govbox_message)
       ActiveRecord::Base.transaction do

app/jobs/searchable/reindex_message_thread_job.rb

@@ -1,7 +1,21 @@
 class Searchable::ReindexMessageThreadJob < ApplicationJob
   queue_as :default
 
+  include GoodJob::ActiveJobExtensions::Concurrency
+
+  good_job_control_concurrency_with(
+    # Maximum number of unfinished jobs to allow with the concurrency key
+    # Can be an Integer or Lambda/Proc that is invoked in the context of the job
+    total_limit: 1,
+
+    key: -> { "Searchable::ReindexMessageThreadJob-#{arguments.first.try(:id)}" }
+  )
+
+  discard_on ActiveJob::DeserializationError
+
   def perform(message_thread)
+    return if message_thread.nil?
+
     ::Searchable::MessageThread.index_record(message_thread)
   end
 end

app/models/application_record.rb

@@ -1,3 +1,15 @@
 class ApplicationRecord < ActiveRecord::Base
   self.abstract_class = true
+
+  class FailedToAcquireLockError < StandardError
+  end
+
+  def self.with_advisory_lock!(lock_name, options = {}, &block)
+    result = with_advisory_lock_result(lock_name, options, &block)
+    if result.lock_was_acquired?
+      result.result
+    else
+      raise FailedToAcquireLockError
+    end
+  end
 end

app/models/govbox/message.rb

@@ -27,7 +27,7 @@ def replyable?
   end
 
   def self.create_message_with_thread!(govbox_message)
-    message = MessageThread.with_advisory_lock(govbox_message.correlation_id, transaction: true, timeout_seconds: 10) do
+    message = MessageThread.with_advisory_lock!(govbox_message.correlation_id, transaction: true, timeout_seconds: 10) do
       folder = Folder.find_or_create_by!(
         name: "Inbox",
         box: govbox_message.box
@@ -55,14 +55,9 @@ def self.create_message_with_thread!(govbox_message)
       message
     end
 
-    raise FailedToAcquireLockError unless message
-
     self.create_message_objects(message, govbox_message.payload)
   end
 
-  class FailedToAcquireLockError < StandardError
-  end
-
   private
 
   def self.create_message(govbox_message)

app/policies/message_thread_policy.rb

@@ -31,6 +31,10 @@ def index?
     true
   end
 
+  def scroll?
+    true
+  end
+
   def update?
     true
   end

app/views/message_threads/index.html.erb

@@ -8,7 +8,7 @@
   <% component.with_next_page_area do %>
     <%= render Turbo::NextPageAreaComponent.new(
       id: @next_cursor,
-      url: message_threads_url(@next_page_params)
+      url: scroll_message_threads_url(@next_page_params)
       )
     %>
   <% end %>

app/views/message_threads/index.turbo_stream.erb → app/views/message_threads/scroll.turbo_stream.erb

@@ -7,7 +7,7 @@
   <%= turbo_stream.append "next_page_area" do %>
     <%= render Turbo::NextPageComponent.new(
     id:@next_cursor, 
-    url: message_threads_url(@next_page_params)
+    url: scroll_message_threads_url(@next_page_params)
     ) %>
   <% end %>
 <% else %>

config/brakeman.ignore

@@ -0,0 +1,108 @@
+{
+  "ignored_warnings": [
+    {
+      "warning_type": "Dynamic Render Path",
+      "warning_code": 15,
+      "fingerprint": "0d7a447e47382893b06895c67cb02fc7084b4904e795f2488049b4083d5ef829",
+      "check_name": "Render",
+      "message": "Render path contains parameter value",
+      "file": "app/views/admin/tags/show.html.erb",
+      "line": 6,
+      "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
+      "code": "render(action => policy_scope([:admin, Tag]).find(params[:id]), {})",
+      "render_path": [
+        {
+          "type": "controller",
+          "class": "Admin::TagsController",
+          "method": "show",
+          "line": 12,
+          "file": "app/controllers/admin/tags_controller.rb",
+          "rendered": {
+            "name": "admin/tags/show",
+            "file": "app/views/admin/tags/show.html.erb"
+          }
+        }
+      ],
+      "location": {
+        "type": "template",
+        "template": "admin/tags/show"
+      },
+      "user_input": "params[:id]",
+      "confidence": "Weak",
+      "cwe_id": [
+        22
+      ],
+      "note": ""
+    },
+    {
+      "warning_type": "Dynamic Render Path",
+      "warning_code": 15,
+      "fingerprint": "206fab310dd6225cc18046a3fa3d8d2e15898077ebf7140753f6104ac8952297",
+      "check_name": "Render",
+      "message": "Render path contains parameter value",
+      "file": "app/views/admin/boxes/show.html.erb",
+      "line": 6,
+      "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
+      "code": "render(action => policy_scope([:admin, Box]).find(params[:id]), {})",
+      "render_path": [
+        {
+          "type": "controller",
+          "class": "Admin::BoxesController",
+          "method": "show",
+          "line": 12,
+          "file": "app/controllers/admin/boxes_controller.rb",
+          "rendered": {
+            "name": "admin/boxes/show",
+            "file": "app/views/admin/boxes/show.html.erb"
+          }
+        }
+      ],
+      "location": {
+        "type": "template",
+        "template": "admin/boxes/show"
+      },
+      "user_input": "params[:id]",
+      "confidence": "Weak",
+      "cwe_id": [
+        22
+      ],
+      "note": ""
+    },
+    {
+      "warning_type": "Dynamic Render Path",
+      "warning_code": 15,
+      "fingerprint": "b8a2fb69d5ae58b1a2ef3054ed2a602436392f1db28b5ef31c0ec249e0fec16a",
+      "check_name": "Render",
+      "message": "Render path contains parameter value",
+      "file": "app/views/admin/tenants/show.html.erb",
+      "line": 14,
+      "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
+      "code": "render(action => policy_scope([:admin, Tenant]).find(params[:id]), {})",
+      "render_path": [
+        {
+          "type": "controller",
+          "class": "Admin::TenantsController",
+          "method": "show",
+          "line": 14,
+          "file": "app/controllers/admin/tenants_controller.rb",
+          "rendered": {
+            "name": "admin/tenants/show",
+            "file": "app/views/admin/tenants/show.html.erb"
+          }
+        }
+      ],
+      "location": {
+        "type": "template",
+        "template": "admin/tenants/show"
+      },
+      "user_input": "params[:id]",
+      "confidence": "Weak",
+      "cwe_id": [
+        22
+      ],
+      "note": ""
+    }
+  ],
+  "updated": "2023-09-22 12:38:37 +0200",
+  "brakeman_version": "6.0.1"
+}

config/routes.rb

@@ -50,7 +50,8 @@
 
   resources :message_threads do
     collection do
-      post 'merge'
+      post :merge
+      get :scroll
     end
     resources :messages
   end