+
+
+ <% if alert = flash[:alert] %>
+
+ <%= alert %>
+
+ <% end %>
-
Update your password
+
+
+
+
+
+
Profile Information
+
+
+ Email:
+ <%= @user.email_address %>
+
+
+ Role:
+ <%= @user.role %>
+
+ Authentication:
+
+ <% if @user.password_digest.present? %>
+ Local Password
+ <% else %>
+ OIDC
+ <% end %>
+
+
+
+ Active Sessions:
+ <%= @user.sessions.count %>
+
+
+ Member Since:
+ <%= @user.created_at.strftime('%B %d, %Y') %>
+
+
+
- <%= form_with url: password_path(params[:token]), method: :put, class: "contents" do |form| %>
-
- <%= form.password_field :password, required: true, autocomplete: "new-password", placeholder: "Enter new password", maxlength: 72, class: "block shadow-sm rounded-md border border-gray-400 focus:outline-solid focus:outline-blue-600 px-3 py-2 mt-2 w-full" %>
+ <% if @user.password_digest.present? %>
+
+
+
Change Password
+
Changing your password will log you out of all other devices.
+
+ <%= form_with model: @user, url: password_path, method: :patch, class: "row g-3" do |form| %>
+
+ <%= form.label :current_password, "Current Password", class: "form-label" %>
+ <%= form.password_field :current_password, required: true, autocomplete: "current-password", class: "form-control" %>
+
+
+
+ <%= form.label :password, "New Password", class: "form-label" %>
+ <%= form.password_field :password, required: true, autocomplete: "new-password", minlength: 8, class: "form-control" %>
+
Minimum 8 characters
+
+
+
+ <%= form.label :password_confirmation, "Confirm New Password", class: "form-label" %>
+ <%= form.password_field :password_confirmation, required: true, autocomplete: "new-password", minlength: 8, class: "form-control" %>
+
+
+
+ <%= form.submit "Update Password", class: "btn btn-primary" %>
+ <%= link_to "Cancel", root_path, class: "btn btn-secondary ms-2" %>
+
+ <% end %>
+
+ <% else %>
+
+
+
+
🔐 OIDC Authentication
+
Your account is managed through your OIDC provider. To change your password, please use your provider's account management tools.
+
+
+ <% end %>
+
+
-
-
- <%= form.password_field :password_confirmation, required: true, autocomplete: "new-password", placeholder: "Repeat new password", maxlength: 72, class: "block shadow-sm rounded-md border border-gray-400 focus:outline-solid focus:outline-blue-600 px-3 py-2 mt-2 w-full" %>
-
-
-
- <%= form.submit "Save", class: "w-full sm:w-auto text-center rounded-md px-3.5 py-2.5 bg-blue-600 hover:bg-blue-500 text-white inline-block font-medium cursor-pointer" %>
-
- <% end %>
+
diff --git a/app/views/passwords/new.html.erb b/app/views/passwords/new.html.erb
deleted file mode 100644
index 8360e02..0000000
--- a/app/views/passwords/new.html.erb
+++ /dev/null
@@ -1,17 +0,0 @@
-
- <% if alert = flash[:alert] %>
-
<%= alert %>
- <% end %>
-
-
Forgot your password?
-
- <%= form_with url: passwords_path, class: "contents" do |form| %>
-
- <%= form.email_field :email_address, required: true, autofocus: true, autocomplete: "username", placeholder: "Enter your email address", value: params[:email_address], class: "block shadow-sm rounded-md border border-gray-400 focus:outline-solid focus:outline-blue-600 px-3 py-2 mt-2 w-full" %>
-
-
-
- <%= form.submit "Email reset instructions", class: "w-full sm:w-auto text-center rounded-lg px-3.5 py-2.5 bg-blue-600 hover:bg-blue-500 text-white inline-block font-medium cursor-pointer" %>
-
- <% end %>
-
diff --git a/app/views/passwords_mailer/reset.html.erb b/app/views/passwords_mailer/reset.html.erb
deleted file mode 100644
index 1b09154..0000000
--- a/app/views/passwords_mailer/reset.html.erb
+++ /dev/null
@@ -1,6 +0,0 @@
-
- You can reset your password on
- <%= link_to "this password reset page", edit_password_url(@user.password_reset_token) %>.
-
- This link will expire in <%= distance_of_time_in_words(0, @user.password_reset_token_expires_in) %>.
-
diff --git a/app/views/passwords_mailer/reset.text.erb b/app/views/passwords_mailer/reset.text.erb
deleted file mode 100644
index aecee82..0000000
--- a/app/views/passwords_mailer/reset.text.erb
+++ /dev/null
@@ -1,4 +0,0 @@
-You can reset your password on
-<%= edit_password_url(@user.password_reset_token) %>
-
-This link will expire in <%= distance_of_time_in_words(0, @user.password_reset_token_expires_in) %>.
diff --git a/app/views/rules/edit.html.erb b/app/views/rules/edit.html.erb
new file mode 100644
index 0000000..1391903
--- /dev/null
+++ b/app/views/rules/edit.html.erb
@@ -0,0 +1,213 @@
+<% content_for :title, "Edit Rule ##{@rule.id}" %>
+
+
+
+
+
+
Edit Rule #<%= @rule.id %>
+
Modify the WAF rule configuration
+
+
+
+
+
+ <%= form_with(model: @rule, local: true, class: "space-y-6") do |form| %>
+ <% if @rule.errors.any? %>
+
+
+
+
+
+ There were <%= pluralize(@rule.errors.count, "error") %> with your submission:
+
+
+
+ <% @rule.errors.full_messages.each do |message| %>
+ <%= message %>
+ <% end %>
+
+
+
+
+
+ <% end %>
+
+
+
+
Rule Configuration
+
+
+
+
+
+ <%= form.label :rule_type, "Rule Type", class: "block text-sm font-medium text-gray-700" %>
+ <%= form.select :rule_type,
+ options_for_select(@rule_types.map { |type| [type.humanize, type] }, @rule.rule_type),
+ { prompt: "Select rule type" },
+ { class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm",
+ id: "rule_type_select",
+ disabled: true } %>
+
Rule type cannot be changed after creation
+
+
+
+ <%= form.label :action, "Action", class: "block text-sm font-medium text-gray-700" %>
+ <%= form.select :action,
+ options_for_select(@actions.map { |action| [action.humanize, action] }, @rule.action),
+ { },
+ { class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" } %>
+
What action to take when this rule matches
+
+
+
+
+ <% if @rule.network_rule? %>
+
+
+
+ <%= form.label :network_range_id, "Network Range", class: "block text-sm font-medium text-gray-700" %>
+ <%= form.select :network_range_id,
+ options_from_collection_for_select(NetworkRange.order(:network).limit(100), :id, :cidr, @rule.network_range_id),
+ { prompt: "Select a network range" },
+ { class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" } %>
+
Select from recent network ranges or create new ones
+
+
+
+ <%= link_to "Create New Network Range", new_network_range_path,
+ class: "inline-flex items-center px-4 py-2 border border-gray-300 rounded-md shadow-sm text-sm font-medium text-gray-700 bg-white hover:bg-gray-50" %>
+
+
+
+ <% if @rule.network_range.present? %>
+
+
+
+
+
+ Currently targeting: <%= link_to @rule.network_range.cidr, network_range_path(@rule.network_range), class: "text-blue-600 hover:text-blue-900 underline" %>
+ <% if @rule.network_range.company.present? %>
+ - <%= @rule.network_range.company %>
+ <% end %>
+
+
+
+
+ <% end %>
+
+ <% end %>
+
+
+ <% unless @rule.network_rule? %>
+
+
+ <%= form.label :conditions, "Conditions", class: "block text-sm font-medium text-gray-700" %>
+ <%= form.text_area :conditions, rows: 4,
+ class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm",
+ placeholder: '{"path_pattern": "/admin/*", "user_agent": "bot*"}' %>
+
JSON format with matching conditions
+
+
+ <% end %>
+
+
+
+ <%= form.label :metadata, "Metadata", class: "block text-sm font-medium text-gray-700" %>
+
+ <%= form.text_area :metadata, rows: 3,
+ class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm",
+ placeholder: '{"reason": "Suspicious activity detected", "source": "manual"}',
+ data: { json_validator_target: "textarea", action: "input->json-validator#validate" } %>
+
+
+
+
+ Format JSON
+
+
+ Insert Sample
+
+
+
+
+
JSON format with additional metadata
+
+
+
+
+ <%= form.label :expires_at, "Expires At", class: "block text-sm font-medium text-gray-700" %>
+ <%= form.datetime_local_field :expires_at,
+ class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
+
Leave blank for permanent rule
+
+
+
+ <%= form.label :source, "Source", class: "block text-sm font-medium text-gray-700" %>
+ <%= form.select :source,
+ options_for_select(Rule::SOURCES.map { |source| [source.humanize, source] }, @rule.source),
+ { },
+ { class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" } %>
+
How this rule was created
+
+
+
+ <%= form.check_box :enabled, class: "h-4 w-4 rounded border-gray-300 text-blue-600 focus:ring-blue-500" %>
+ <%= form.label :enabled, "Rule Enabled", class: "ml-2 block text-sm text-gray-900" %>
+
+
+
+
+
+
+
+ <%= link_to "Cancel", @rule, class: "inline-flex items-center px-4 py-2 border border-gray-300 rounded-md shadow-sm text-sm font-medium text-gray-700 bg-white hover:bg-gray-50" %>
+
+
+ <%= link_to "Delete Rule", @rule,
+ method: :delete,
+ data: { confirm: "Are you sure you want to delete this rule? This action cannot be undone." },
+ class: "inline-flex items-center px-4 py-2 border border-red-300 rounded-md shadow-sm text-sm font-medium text-red-700 bg-red-50 hover:bg-red-100" %>
+ <%= form.submit "Update Rule", class: "inline-flex items-center px-4 py-2 border border-transparent rounded-md shadow-sm text-sm font-medium text-white bg-blue-600 hover:bg-blue-700" %>
+
+
+
+ <% end %>
+
+
+
+
\ No newline at end of file
diff --git a/app/views/rules/index.html.erb b/app/views/rules/index.html.erb
new file mode 100644
index 0000000..767e2ed
--- /dev/null
+++ b/app/views/rules/index.html.erb
@@ -0,0 +1,224 @@
+<% content_for :title, "Rules - #{@project.name}" %>
+
+
+
+
+
+
+
Rules
+
Manage WAF rules for traffic filtering and control
+
+
+ <%= link_to "Add Network Range", new_network_range_path, class: "inline-flex items-center px-4 py-2 border border-gray-300 rounded-md shadow-sm text-sm font-medium text-gray-700 bg-white hover:bg-gray-50" %>
+ <%= link_to "Create Rule", new_rule_path, class: "inline-flex items-center px-4 py-2 border border-transparent rounded-md shadow-sm text-sm font-medium text-white bg-blue-600 hover:bg-blue-700" %>
+
+
+
+
+
+
+
+
+
+
+
+
+ Total Rules
+ <%= number_with_delimiter(@rules.count) %>
+
+
+
+
+
+
+
+
+
+
+
+
+ Active Rules
+ <%= number_with_delimiter(@rules.active.count) %>
+
+
+
+
+
+
+
+
+
+
+
+
+ Block Rules
+ <%= number_with_delimiter(@rules.where(action: 'deny').count) %>
+
+
+
+
+
+
+
+
+
+
+
+
+ Expired Rules
+ <%= number_with_delimiter(@rules.expired.count) %>
+
+
+
+
+
+
+
+
+
+
+
All Rules
+
+
+ <% if @rules.any? %>
+
+
+
+
+ Rule
+ Type
+ Action
+ Target
+ Status
+ Created
+ Actions
+
+
+
+ <% @rules.each do |rule| %>
+
+
+
+
+
+ <%= link_to "Rule ##{rule.id}", rule_path(rule), class: "text-blue-600 hover:text-blue-900" %>
+
+
+ <%= rule.source.humanize %>
+ <% if rule.network_range? && rule.network_range %>
+ • <%= link_to rule.network_range.cidr, network_range_path(rule.network_range), class: "text-blue-600 hover:text-blue-900" %>
+ <% end %>
+
+
+
+
+
+ <%= rule.rule_type.humanize %>
+
+
+
+
+ <%= rule.action.upcase %>
+
+
+
+ <% if rule.network_range? && rule.network_range %>
+ <%= rule.network_range.cidr %>
+ <% if rule.network_range.company.present? %>
+ <%= rule.network_range.company %>
+ <% end %>
+ <% elsif rule.conditions.present? %>
+
+ <%= JSON.parse(rule.conditions || "{}").map { |k, v| "#{k}: #{v}" }.join(", ") rescue "Invalid JSON" %>
+
+ <% else %>
+ -
+ <% end %>
+
+
+
+ <% if rule.enabled? && !rule.expired? %>
+ Active
+ <% elsif rule.expired? %>
+ Expired
+ <% else %>
+ Disabled
+ <% end %>
+
+ <% if rule.expires_at.present? %>
+
+ <%= distance_of_time_in_words(Time.current, rule.expires_at) %> left
+
+ <% end %>
+
+
+
+ <%= time_ago_in_words(rule.created_at) %> ago
+
+ by <%= rule.user&.email_address || 'System' %>
+
+
+
+ <%= link_to "View", rule_path(rule), class: "text-blue-600 hover:text-blue-900 mr-3" %>
+ <% if rule.enabled? %>
+ <%= link_to "Disable", disable_rule_path(rule),
+ method: :post,
+ data: { confirm: "Are you sure you want to disable this rule?" },
+ class: "text-yellow-600 hover:text-yellow-900 mr-3" %>
+ <% else %>
+ <%= link_to "Enable", enable_rule_path(rule),
+ method: :post,
+ class: "text-green-600 hover:text-green-900 mr-3" %>
+ <% end %>
+ <%= link_to "Edit", edit_rule_path(rule), class: "text-indigo-600 hover:text-indigo-900" %>
+
+
+ <% end %>
+
+
+
+ <% else %>
+
+
+
+
No rules
+
Get started by creating your first WAF rule.
+
+ <%= link_to "Create Rule", new_rule_path, class: "inline-flex items-center px-4 py-2 border border-transparent shadow-sm text-sm font-medium rounded-md text-white bg-blue-600 hover:bg-blue-700" %>
+
+
+ <% end %>
+
+
\ No newline at end of file
diff --git a/app/views/rules/new.html.erb b/app/views/rules/new.html.erb
new file mode 100644
index 0000000..34d7233
--- /dev/null
+++ b/app/views/rules/new.html.erb
@@ -0,0 +1,372 @@
+<% content_for :title, "Create New Rule" %>
+
+
+
+
Create New Rule
+
Create a WAF rule to allow, block, or rate limit traffic
+
+
+
+ <%= form_with(model: @rule, local: true, class: "space-y-6") do |form| %>
+ <% if @rule.errors.any? %>
+
+
+
+
+
+ There were <%= pluralize(@rule.errors.count, "error") %> with your submission:
+
+
+
+ <% @rule.errors.full_messages.each do |message| %>
+ <%= message %>
+ <% end %>
+
+
+
+
+
+ <% end %>
+
+
+
+
Rule Configuration
+
+
+
+
+
+ <%= form.label :rule_type, "Rule Type", class: "block text-sm font-medium text-gray-700" %>
+ <%= form.select :rule_type,
+ options_for_select(@rule_types.map { |type| [type.humanize, type] }, @rule.rule_type),
+ { prompt: "Select rule type" },
+ { class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm",
+ id: "rule_type_select" } %>
+
Choose the type of rule you want to create
+
+
+
+ <%= form.label :action, "Action", class: "block text-sm font-medium text-gray-700" %>
+ <%= form.select :action,
+ options_for_select(@actions.map { |action| [action.humanize, action] }, @rule.action),
+ { prompt: "Select action" },
+ { class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" } %>
+
What action to take when this rule matches
+
+
+
+
+
+ <%= form.label :network_range_id, "Network Range", class: "block text-sm font-medium text-gray-700 mb-2" %>
+
+
+
+
+
+
Selected Network Range
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Search existing network ranges or enter a CIDR/IP address below
+
+
+
+
+ <%= text_field_tag :new_cidr, params[:cidr],
+ placeholder: "e.g., 192.168.1.0/24 or 203.0.113.1",
+ class: "flex-1 rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm",
+ id: "new_cidr_input" %>
+
+ Create & Select
+
+
+
+
+
+
+
+ <%= form.hidden_field :network_range_id, id: "selected_network_range_id", value: @rule.network_range_id %>
+
+
+
+
+
+
+ <%= form.label :conditions, "Conditions", class: "block text-sm font-medium text-gray-700" %>
+ <%= form.text_area :conditions, rows: 4,
+ class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm",
+ placeholder: '{"path_pattern": "/admin/*", "user_agent": "bot*"}' %>
+
JSON format with matching conditions
+
+
+
+
+
+ <%= form.label :metadata, "Metadata", class: "block text-sm font-medium text-gray-700" %>
+
+ <%= form.text_area :metadata, rows: 3,
+ class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm",
+ placeholder: '{"reason": "Suspicious activity detected", "source": "manual"}',
+ data: { json_validator_target: "textarea", action: "input->json-validator#validate" } %>
+
+
+
+
+ Format JSON
+
+
+ Insert Sample
+
+
+
+
+
JSON format with additional metadata
+
+
+
+
+ <%= form.label :source, "Source", class: "block text-sm font-medium text-gray-700" %>
+ <%= form.select :source,
+ options_for_select(Rule::SOURCES.map { |source| [source.humanize, source] }, @rule.source || "manual"),
+ { },
+ { class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" } %>
+
How this rule was created
+
+
+
+ <%= form.label :expires_at, "Expires At", class: "block text-sm font-medium text-gray-700" %>
+ <%= form.datetime_local_field :expires_at,
+ class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
+
Leave blank for permanent rule
+
+
+
+ <%= form.check_box :enabled, class: "h-4 w-4 rounded border-gray-300 text-blue-600 focus:ring-blue-500" %>
+ <%= form.label :enabled, "Enable immediately", class: "ml-2 block text-sm text-gray-900" %>
+
+
+
+
+
+
+ <%= link_to "Cancel", rules_path, class: "inline-flex items-center px-4 py-2 border border-gray-300 rounded-md shadow-sm text-sm font-medium text-gray-700 bg-white hover:bg-gray-50" %>
+ <%= form.submit "Create Rule", class: "inline-flex items-center px-4 py-2 border border-transparent rounded-md shadow-sm text-sm font-medium text-white bg-blue-600 hover:bg-blue-700" %>
+
+
+ <% end %>
+
+
+
+
\ No newline at end of file
diff --git a/app/views/rules/show.html.erb b/app/views/rules/show.html.erb
new file mode 100644
index 0000000..810a19f
--- /dev/null
+++ b/app/views/rules/show.html.erb
@@ -0,0 +1,210 @@
+<% content_for :title, "Rule ##{@rule.id} - #{@rule.action.upcase}" %>
+
+
+
+
+
+
+
+
+
+ <%= link_to "Rules", rules_path, class: "text-gray-500 hover:text-gray-700" %>
+
+
+
+
+
+
Rule #<%= @rule.id %>
+
+
+
+
+
Rule #<%= @rule.id %>
+
+ <%= @rule.action.upcase %>
+
+
+
+
+ <%= link_to "Edit", edit_rule_path(@rule), class: "inline-flex items-center px-4 py-2 border border-gray-300 rounded-md shadow-sm text-sm font-medium text-gray-700 bg-white hover:bg-gray-50" %>
+ <% if @rule.enabled? %>
+ <%= link_to "Disable", disable_rule_path(@rule),
+ method: :post,
+ data: { confirm: "Are you sure you want to disable this rule?" },
+ class: "inline-flex items-center px-4 py-2 border border-yellow-300 rounded-md shadow-sm text-sm font-medium text-yellow-700 bg-yellow-50 hover:bg-yellow-100" %>
+ <% else %>
+ <%= link_to "Enable", enable_rule_path(@rule),
+ method: :post,
+ class: "inline-flex items-center px-4 py-2 border border-green-300 rounded-md shadow-sm text-sm font-medium text-green-700 bg-green-50 hover:bg-green-100" %>
+ <% end %>
+
+
+
+
+
+
+
+
Rule Details
+
+
+
+
+
Rule Type
+ <%= @rule.rule_type.humanize %>
+
+
+
+
Action
+ <%= @rule.action.upcase %>
+
+
+
+
Status
+
+ <% if @rule.enabled? && !@rule.expired? %>
+ Active
+ <% elsif @rule.expired? %>
+ Expired
+ <% else %>
+ Disabled
+ <% end %>
+
+
+
+
+
Source
+ <%= @rule.source.humanize %>
+
+
+
+
Priority
+ <%= @rule.priority %>
+
+
+
+
Created
+ <%= @rule.created_at.strftime("%Y-%m-%d %H:%M:%S UTC") %>
+
+
+ <% if @rule.expires_at.present? %>
+
+
Expires At
+ <%= @rule.expires_at.strftime("%Y-%m-%d %H:%M:%S UTC") %>
+
+ <% end %>
+
+
+
Created By
+ <%= @rule.user&.email_address || 'System' %>
+
+
+ <% if @rule.updated_at != @rule.created_at %>
+
+
Last Updated
+ <%= @rule.updated_at.strftime("%Y-%m-%d %H:%M:%S UTC") %>
+
+ <% end %>
+
+
+
+
+
+ <% if @rule.network_rule? && @rule.network_range.present? %>
+
+
+
Network Target
+
+
+
+
+
+
+ <%= link_to @rule.network_range.cidr, network_range_path(@rule.network_range), class: "text-blue-600 hover:text-blue-900" %>
+
+ <% if @rule.network_range.company.present? %>
+
<%= @rule.network_range.company %>
+ <% end %>
+ <% if @rule.network_range.asn.present? %>
+
+ ASN <%= @rule.network_range.asn %><% if @rule.network_range.asn_org.present? %> (<%= @rule.network_range.asn_org %>)<% end %>
+
+ <% end %>
+ <% if @rule.network_range.country.present? %>
+
Country: <%= @rule.network_range.country %>
+ <% end %>
+
+
+ <% if @rule.network_range.is_datacenter? %>
+ Datacenter
+ <% end %>
+ <% if @rule.network_range.is_vpn? %>
+ VPN
+ <% end %>
+ <% if @rule.network_range.is_proxy? %>
+ Proxy
+ <% end %>
+
+
+
+
+
+ <% end %>
+
+
+ <% if @rule.conditions.present? %>
+
+
+
Conditions
+
+
+
<%= JSON.pretty_generate(JSON.parse(@rule.conditions)) rescue @rule.conditions %>
+
+
+ <% end %>
+
+
+ <% if @rule.metadata.present? %>
+
+
+
Metadata
+
+
+
<%= JSON.pretty_generate(JSON.parse(@rule.metadata)) rescue @rule.metadata %>
+
+
+ <% end %>
+
+
+
+
+
Actions
+
+
+
+ <%= link_to "Edit Rule", edit_rule_path(@rule), class: "inline-flex items-center px-4 py-2 border border-gray-300 rounded-md shadow-sm text-sm font-medium text-gray-700 bg-white hover:bg-gray-50" %>
+
+ <% if @rule.enabled? %>
+ <%= form_with(model: @rule, url: disable_rule_path(@rule), method: :post, class: "inline-flex") do |form| %>
+ <%= form.submit "Disable Rule", class: "inline-flex items-center px-4 py-2 border border-yellow-300 rounded-md shadow-sm text-sm font-medium text-yellow-700 bg-yellow-50 hover:bg-yellow-100 cursor-pointer" %>
+ <% end %>
+ <% else %>
+ <%= form_with(model: @rule, url: enable_rule_path(@rule), method: :post, class: "inline-flex") do |form| %>
+ <%= form.submit "Enable Rule", class: "inline-flex items-center px-4 py-2 border border-green-300 rounded-md shadow-sm text-sm font-medium text-green-700 bg-green-50 hover:bg-green-100 cursor-pointer" %>
+ <% end %>
+ <% end %>
+
+ <%= link_to "View All Rules", rules_path, class: "inline-flex items-center px-4 py-2 border border-gray-300 rounded-md shadow-sm text-sm font-medium text-gray-700 bg-white hover:bg-gray-50" %>
+
+
+
+
\ No newline at end of file
diff --git a/config/database.yml b/config/database.yml
index 1233d7a..23e4f89 100644
--- a/config/database.yml
+++ b/config/database.yml
@@ -1,54 +1,69 @@
-# SQLite. Versions 3.8.0 and up are supported.
-# gem install sqlite3
-#
-# Ensure the SQLite 3 gem is defined in your Gemfile
-# gem "sqlite3"
-#
-default: &default
+# Primary database: PostgreSQL for network intelligence
+# Cache/Queue/Cable: SQLite for auxiliary storage
+
+# Default configuration for SQLite databases (cache/queue/cable)
+sqlite_default: &sqlite_default
adapter: sqlite3
max_connections: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
timeout: 5000
+# Default configuration for PostgreSQL
+postgres_default: &postgres_default
+ adapter: postgresql
+ encoding: unicode
+ pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
+ host: localhost
+ port: 5432
+
development:
primary:
- <<: *default
- database: storage/development.sqlite3
+ <<: *postgres_default
+ database: baffle_hub_development
cache:
- <<: *default
+ <<: *sqlite_default
database: storage/development_cache.sqlite3
migrations_paths: db/cache_migrate
queue:
- <<: *default
+ <<: *sqlite_default
database: storage/development_queue.sqlite3
migrations_paths: db/queue_migrate
cable:
- <<: *default
+ <<: *sqlite_default
database: storage/development_cable.sqlite3
migrations_paths: db/cable_migrate
-# Warning: The database defined as "test" will be erased and
-# re-generated from your development database when you run "rake".
-# Do not set this db to the same as development or production.
test:
- <<: *default
- database: storage/test.sqlite3
+ primary:
+ <<: *postgres_default
+ database: baffle_hub_test
+ cache:
+ <<: *sqlite_default
+ database: storage/test_cache.sqlite3
+ migrations_paths: db/cache_migrate
+ queue:
+ <<: *sqlite_default
+ database: storage/test_queue.sqlite3
+ migrations_paths: db/queue_migrate
+ cable:
+ <<: *sqlite_default
+ database: storage/test_cable.sqlite3
+ migrations_paths: db/cable_migrate
-
-# Store production database in the storage/ directory, which by default
-# is mounted as a persistent Docker volume in config/deploy.yml.
production:
primary:
- <<: *default
- database: storage/production.sqlite3
+ <<: *postgres_default
+ database: baffle_hub_production
+ username: baffle_hub
+ password: <%= ENV["BAFFLE_HUB_DATABASE_PASSWORD"] %>
cache:
- <<: *default
+ <<: *sqlite_default
database: storage/production_cache.sqlite3
migrations_paths: db/cache_migrate
queue:
- <<: *default
+ <<: *sqlite_default
database: storage/production_queue.sqlite3
migrations_paths: db/queue_migrate
cable:
- <<: *default
+ <<: *sqlite_default
database: storage/production_cable.sqlite3
- migrations_paths: db/cable_migrate
+ migrations_paths: db/cable_migrate
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index 70c5bfe..5ee4a72 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -2,7 +2,7 @@ Rails.application.routes.draw do
# Registration only allowed when no users exist
resource :registration, only: [:new, :create]
resource :session
- resources :passwords, param: :token
+ resource :password
# OIDC authentication routes
get "/auth/failure", to: "omniauth_callbacks#failure"
@@ -39,6 +39,20 @@ Rails.application.routes.draw do
end
end
+ # Network range management
+ resources :network_ranges, only: [:index, :show, :new, :create, :edit, :update, :destroy] do
+ member do
+ post :enrich
+ end
+ collection do
+ get :lookup
+ get :search
+ end
+ end
+
+ # Support CIDR patterns with dots in network range routes
+ get '/network_ranges/:id', to: 'network_ranges#show', constraints: { id: /[\d\.:\/_]+/ }
+
# Rule management
resources :rules, only: [:index, :new, :create, :show, :edit, :update] do
member do
diff --git a/db/migrate/001_create_projects.rb b/db/migrate/001_create_projects.rb
new file mode 100644
index 0000000..2c36930
--- /dev/null
+++ b/db/migrate/001_create_projects.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+class CreateProjects < ActiveRecord::Migration[8.1]
+ def change
+ create_table :projects, force: :cascade do |t|
+ t.string :name, null: false, index: true
+ t.string :slug, null: false, index: { unique: true }
+ t.string :public_key, null: false, index: { unique: true }
+ t.boolean :enabled, default: true, null: false, index: true
+
+ # WAF settings
+ t.integer :rate_limit_threshold, default: 100, null: false
+ t.text :settings, default: "{}", null: false
+ t.text :custom_rules, default: "{}", null: false
+
+ # Analytics
+ t.integer :blocked_ip_count, default: 0, null: false
+
+ t.timestamps
+ end
+ end
+end
\ No newline at end of file
diff --git a/db/migrate/002_create_users.rb b/db/migrate/002_create_users.rb
new file mode 100644
index 0000000..e112737
--- /dev/null
+++ b/db/migrate/002_create_users.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class CreateUsers < ActiveRecord::Migration[8.1]
+ def change
+ create_table :users, force: :cascade do |t|
+ t.string :email_address, null: false, index: { unique: true }
+ t.string :password_digest, null: false
+ t.integer :role, default: 1, null: false # 1=admin, 2=user
+
+ t.timestamps
+ end
+ end
+end
\ No newline at end of file
diff --git a/db/migrate/003_create_network_ranges.rb b/db/migrate/003_create_network_ranges.rb
new file mode 100644
index 0000000..50aaeba
--- /dev/null
+++ b/db/migrate/003_create_network_ranges.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+class CreateNetworkRanges < ActiveRecord::Migration[8.1]
+ def change
+ create_table :network_ranges, force: :cascade do |t|
+ # Postgres inet type handles both IPv4 and IPv6 networks
+ t.inet :network, null: false, index: { unique: true, name: 'index_network_ranges_on_network_unique' }
+
+
+ # Track the source of this network range
+ t.string :source, default: 'api_imported', null: false, index: true
+ t.text :creation_reason
+
+ # Network intelligence metadata
+ t.integer :asn, index: true
+ t.string :asn_org, index: true
+ t.string :company, index: true
+ t.string :country, index: true
+
+ # Network classification flags
+ t.boolean :is_datacenter, default: false, index: true
+ t.boolean :is_proxy, default: false
+ t.boolean :is_vpn, default: false
+ t.index [:is_datacenter, :is_proxy, :is_vpn], name: 'idx_network_flags'
+
+ # JSON fields for additional data
+ t.text :abuser_scores
+ t.text :additional_data
+
+ # API enrichment tracking
+ t.datetime :last_api_fetch
+
+ # Track creation (optional - some ranges are auto-imported)
+ t.references :user, foreign_key: true
+
+ t.timestamps
+
+ # Postgres network indexes for performance
+ # GiST index for network containment operations (>>=, <<=, &&)
+ t.index :network, using: :gist, opclass: :inet_ops
+ end
+ end
+end
\ No newline at end of file
diff --git a/db/migrate/004_create_request_optimization_tables.rb b/db/migrate/004_create_request_optimization_tables.rb
new file mode 100644
index 0000000..91c6734
--- /dev/null
+++ b/db/migrate/004_create_request_optimization_tables.rb
@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+class CreateRequestOptimizationTables < ActiveRecord::Migration[8.1]
+ def change
+ # Path segments for compression and analytics
+ create_table :path_segments, force: :cascade do |t|
+ t.string :segment, null: false, index: { unique: true }
+ t.integer :usage_count, default: 1, null: false
+ t.datetime :first_seen_at, null: false
+
+ t.timestamps
+ end
+
+ # Request hosts for compression and analytics
+ create_table :request_hosts, force: :cascade do |t|
+ t.string :hostname, null: false, index: { unique: true }
+ t.integer :usage_count, default: 1, null: false
+ t.datetime :first_seen_at, null: false
+
+ t.timestamps
+ end
+
+ # Request methods for normalization
+ create_table :request_methods, force: :cascade do |t|
+ t.string :method, null: false, index: { unique: true }
+
+ t.timestamps
+ end
+
+ # Request protocols for normalization
+ create_table :request_protocols, force: :cascade do |t|
+ t.string :protocol, null: false, index: { unique: true }
+
+ t.timestamps
+ end
+
+ # Request actions for normalization
+ create_table :request_actions, force: :cascade do |t|
+ t.string :action, null: false, index: { unique: true }
+
+ t.timestamps
+ end
+ end
+end
\ No newline at end of file
diff --git a/db/migrate/005_create_rules.rb b/db/migrate/005_create_rules.rb
new file mode 100644
index 0000000..e9014c4
--- /dev/null
+++ b/db/migrate/005_create_rules.rb
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+class CreateRules < ActiveRecord::Migration[8.1]
+ def change
+ create_table :rules, force: :cascade do |t|
+ # Rule classification
+ t.string :rule_type, null: false, index: true
+ t.string :action, null: false, index: true
+ t.string :source, limit: 100, default: 'manual', index: true
+
+ # Priority for rule evaluation (higher = more specific)
+ t.integer :priority, index: true
+
+ # Rule conditions (JSON for flexibility)
+ t.json :conditions, default: {}
+
+ # Rule metadata (JSON for extensibility)
+ t.json :metadata, default: {}
+
+ # Rule lifecycle
+ t.boolean :enabled, default: true, null: false, index: true
+ t.datetime :expires_at, index: true
+
+ # Relationships
+ t.references :user, foreign_key: true
+ t.references :network_range, foreign_key: true
+
+ t.timestamps
+
+ # Composite indexes for common queries
+ t.index [:rule_type, :enabled], name: 'idx_rules_type_enabled'
+ t.index [:enabled, :expires_at], name: 'idx_rules_active'
+ t.index [:updated_at, :id], name: 'idx_rules_sync'
+ end
+ end
+end
\ No newline at end of file
diff --git a/db/migrate/006_create_events.rb b/db/migrate/006_create_events.rb
new file mode 100644
index 0000000..4666342
--- /dev/null
+++ b/db/migrate/006_create_events.rb
@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+class CreateEvents < ActiveRecord::Migration[8.1]
+ def change
+ create_table :events, force: :cascade do |t|
+ # Core event identification
+ t.string :event_id, null: false, index: { unique: true }
+ t.references :project, null: false, foreign_key: true, index: true
+
+ # Timing
+ t.datetime :timestamp, null: false, index: true
+
+ # WAF evaluation
+ t.integer :waf_action, default: 0, null: false, index: true
+ t.string :rule_matched
+ t.text :blocked_reason
+
+ # Request metadata
+ t.inet :ip_address, index: true
+ t.string :user_agent
+ t.string :request_url
+ t.string :request_path
+ t.string :request_protocol
+ t.integer :request_method, default: 0
+
+ # Response metadata
+ t.integer :response_status
+ t.integer :response_time_ms
+
+ # Geographic data
+ t.string :country_code
+ t.string :city
+
+ # Server/Environment info
+ t.string :server_name
+ t.string :environment
+
+ # WAF agent info
+ t.string :agent_name
+ t.string :agent_version
+
+ # Normalized relationships for analytics
+ t.references :request_host, foreign_key: true, index: true
+ t.string :request_segment_ids # JSON array of path segment IDs
+
+ # Full event payload
+ t.json :payload
+
+ t.timestamps
+
+ # Composite indexes for analytics queries
+ t.index [:project_id, :timestamp], name: 'idx_events_project_time'
+ t.index [:project_id, :waf_action], name: 'idx_events_project_action'
+ t.index [:project_id, :ip_address], name: 'idx_events_project_ip'
+ t.index [:request_host_id, :request_method, :request_segment_ids],
+ name: 'idx_events_host_method_path'
+ t.index :request_segment_ids
+ end
+ end
+end
\ No newline at end of file
diff --git a/db/migrate/007_create_sessions.rb b/db/migrate/007_create_sessions.rb
new file mode 100644
index 0000000..9bf21a2
--- /dev/null
+++ b/db/migrate/007_create_sessions.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class CreateSessions < ActiveRecord::Migration[8.1]
+ def change
+ create_table :sessions, force: :cascade do |t|
+ t.references :user, null: false, foreign_key: true, index: true
+ t.inet :ip_address
+ t.string :user_agent
+
+ t.timestamps
+ end
+ end
+end
\ No newline at end of file
diff --git a/db/migrate/20251102030111_create_network_ranges.rb b/db/migrate/20251102030111_create_network_ranges.rb
deleted file mode 100644
index 666c94e..0000000
--- a/db/migrate/20251102030111_create_network_ranges.rb
+++ /dev/null
@@ -1,30 +0,0 @@
-class CreateNetworkRanges < ActiveRecord::Migration[8.1]
- def change
- create_table :network_ranges do |t|
- t.binary :ip_address, null: false
- t.integer :network_prefix, null: false
- t.integer :ip_version, null: false
- t.string :company
- t.integer :asn
- t.string :asn_org
- t.boolean :is_datacenter, default: false
- t.boolean :is_proxy, default: false
- t.boolean :is_vpn, default: false
- t.string :ip_api_country
- t.string :geo2_country
- t.text :abuser_scores
- t.text :additional_data
- t.timestamp :last_api_fetch
-
- t.timestamps
- end
-
- # Indexes for common queries
- add_index :network_ranges, [:ip_address, :network_prefix], name: 'idx_network_ranges_ip_range'
- add_index :network_ranges, :asn, name: 'idx_network_ranges_asn'
- add_index :network_ranges, :company, name: 'idx_network_ranges_company'
- add_index :network_ranges, :ip_api_country, name: 'idx_network_ranges_country'
- add_index :network_ranges, [:is_datacenter, :is_proxy, :is_vpn], name: 'idx_network_ranges_flags'
- add_index :network_ranges, :ip_version, name: 'idx_network_ranges_version'
- end
-end
diff --git a/db/migrate/20251102044000_create_projects.rb b/db/migrate/20251102044000_create_projects.rb
deleted file mode 100644
index 9cc077e..0000000
--- a/db/migrate/20251102044000_create_projects.rb
+++ /dev/null
@@ -1,21 +0,0 @@
-class CreateProjects < ActiveRecord::Migration[8.1]
- def change
- create_table :projects do |t|
- t.string :name, null: false
- t.string :slug, null: false
- t.string :public_key, null: false
- t.boolean :enabled, default: true, null: false
- t.integer :rate_limit_threshold, default: 100, null: false
- t.integer :blocked_ip_count, default: 0, null: false
- t.text :custom_rules, default: "{}", null: false
- t.text :settings, default: "{}", null: false
-
- t.timestamps
- end
-
- add_index :projects, :slug, unique: true
- add_index :projects, :public_key, unique: true
- add_index :projects, :enabled
- add_index :projects, :name
- end
-end
diff --git a/db/migrate/20251102044052_create_events.rb b/db/migrate/20251102044052_create_events.rb
deleted file mode 100644
index dff24a7..0000000
--- a/db/migrate/20251102044052_create_events.rb
+++ /dev/null
@@ -1,37 +0,0 @@
-class CreateEvents < ActiveRecord::Migration[8.1]
- def change
- create_table :events do |t|
- t.references :project, null: false, foreign_key: true
- t.string :event_id, null: false
- t.datetime :timestamp, null: false
- t.string :action
- t.string :ip_address
- t.text :user_agent
- t.string :request_method
- t.string :request_path
- t.string :request_url
- t.string :request_protocol
- t.integer :response_status
- t.integer :response_time_ms
- t.string :rule_matched
- t.text :blocked_reason
- t.string :server_name
- t.string :environment
- t.string :country_code
- t.string :city
- t.string :agent_version
- t.string :agent_name
- t.json :payload
-
- t.timestamps
- end
-
- add_index :events, :event_id, unique: true
- add_index :events, :timestamp
- add_index :events, [:project_id, :timestamp]
- add_index :events, [:project_id, :action]
- add_index :events, [:project_id, :ip_address]
- add_index :events, :ip_address
- add_index :events, :action
- end
-end
diff --git a/db/migrate/20251102080959_create_rule_sets.rb b/db/migrate/20251102080959_create_rule_sets.rb
deleted file mode 100644
index 86b839a..0000000
--- a/db/migrate/20251102080959_create_rule_sets.rb
+++ /dev/null
@@ -1,13 +0,0 @@
-class CreateRuleSets < ActiveRecord::Migration[8.1]
- def change
- create_table :rule_sets do |t|
- t.string :name
- t.text :description
- t.boolean :enabled
- t.json :projects
- t.json :rules
-
- t.timestamps
- end
- end
-end
diff --git a/db/migrate/20251102081014_create_rules.rb b/db/migrate/20251102081014_create_rules.rb
deleted file mode 100644
index 7116306..0000000
--- a/db/migrate/20251102081014_create_rules.rb
+++ /dev/null
@@ -1,17 +0,0 @@
-class CreateRules < ActiveRecord::Migration[8.1]
- def change
- create_table :rules do |t|
- t.references :rule_set, null: false, foreign_key: true
- t.string :rule_type
- t.string :target
- t.string :action
- t.boolean :enabled
- t.datetime :expires_at
- t.integer :priority
- t.json :conditions
- t.json :metadata
-
- t.timestamps
- end
- end
-end
diff --git a/db/migrate/20251102081043_add_fields_to_rule_sets.rb b/db/migrate/20251102081043_add_fields_to_rule_sets.rb
deleted file mode 100644
index a88be0d..0000000
--- a/db/migrate/20251102081043_add_fields_to_rule_sets.rb
+++ /dev/null
@@ -1,11 +0,0 @@
-class AddFieldsToRuleSets < ActiveRecord::Migration[8.1]
- def change
- add_column :rule_sets, :slug, :string
- add_column :rule_sets, :priority, :integer
- add_column :rule_sets, :projects_subscription, :json
-
- add_index :rule_sets, :slug, unique: true
- add_index :rule_sets, :enabled
- add_index :rule_sets, :priority
- end
-end
diff --git a/db/migrate/20251102234055_add_simple_event_normalization.rb b/db/migrate/20251102234055_add_simple_event_normalization.rb
deleted file mode 100644
index 94dc9eb..0000000
--- a/db/migrate/20251102234055_add_simple_event_normalization.rb
+++ /dev/null
@@ -1,15 +0,0 @@
-class AddSimpleEventNormalization < ActiveRecord::Migration[8.1]
- def change
- # Add foreign key for hosts (most valuable normalization)
- add_column :events, :request_host_id, :integer
- add_foreign_key :events, :request_hosts
- add_index :events, :request_host_id
-
- # Add path segment storage as string for LIKE queries
- add_column :events, :request_segment_ids, :string
- add_index :events, :request_segment_ids
-
- # Add composite index for common WAF queries using enums
- add_index :events, [:request_host_id, :request_method, :request_segment_ids], name: 'idx_events_host_method_path'
- end
-end
diff --git a/db/migrate/20251103035249_rename_action_to_waf_action_in_events.rb b/db/migrate/20251103035249_rename_action_to_waf_action_in_events.rb
deleted file mode 100644
index 6d44595..0000000
--- a/db/migrate/20251103035249_rename_action_to_waf_action_in_events.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-class RenameActionToWafActionInEvents < ActiveRecord::Migration[8.1]
- def change
- rename_column :events, :action, :waf_action
- end
-end
diff --git a/db/migrate/20251103080823_enhance_rules_table_for_sync.rb b/db/migrate/20251103080823_enhance_rules_table_for_sync.rb
deleted file mode 100644
index ebb6170..0000000
--- a/db/migrate/20251103080823_enhance_rules_table_for_sync.rb
+++ /dev/null
@@ -1,56 +0,0 @@
-class EnhanceRulesTableForSync < ActiveRecord::Migration[8.1]
- def change
- # Remove rule_sets relationship (we're skipping rule sets for Phase 1)
- if foreign_key_exists?(:rules, :rule_sets)
- remove_foreign_key :rules, :rule_sets
- end
-
- if column_exists?(:rules, :rule_set_id)
- remove_column :rules, :rule_set_id
- end
-
- change_table :rules do |t|
- # Add source field to track rule origin
- unless column_exists?(:rules, :source)
- t.string :source, limit: 100
- end
-
- # Ensure core fields exist with proper types
- unless column_exists?(:rules, :rule_type)
- t.string :rule_type, null: false
- end
-
- unless column_exists?(:rules, :action)
- t.string :action, null: false
- end
-
- unless column_exists?(:rules, :conditions)
- t.json :conditions, null: false, default: {}
- end
-
- unless column_exists?(:rules, :metadata)
- t.json :metadata, default: {}
- end
-
- unless column_exists?(:rules, :priority)
- t.integer :priority
- end
-
- unless column_exists?(:rules, :expires_at)
- t.datetime :expires_at
- end
-
- unless column_exists?(:rules, :enabled)
- t.boolean :enabled, default: true, null: false
- end
- end
-
- # Add indexes for efficient sync queries
- add_index :rules, [:updated_at, :id], if_not_exists: true, name: "idx_rules_sync"
- add_index :rules, :enabled, if_not_exists: true
- add_index :rules, :expires_at, if_not_exists: true
- add_index :rules, :source, if_not_exists: true
- add_index :rules, :rule_type, if_not_exists: true
- add_index :rules, [:rule_type, :enabled], if_not_exists: true, name: "idx_rules_type_enabled"
- end
-end
diff --git a/db/migrate/20251103093205_split_network_ranges_into_ipv4_and_ipv6.rb b/db/migrate/20251103093205_split_network_ranges_into_ipv4_and_ipv6.rb
deleted file mode 100644
index 4c14770..0000000
--- a/db/migrate/20251103093205_split_network_ranges_into_ipv4_and_ipv6.rb
+++ /dev/null
@@ -1,70 +0,0 @@
-class SplitNetworkRangesIntoIpv4AndIpv6 < ActiveRecord::Migration[8.1]
- def change
- # Drop the old network_ranges table (no data to preserve)
- drop_table :network_ranges, if_exists: true
-
- # Create optimized IPv4 ranges table
- create_table :ipv4_ranges do |t|
- # Range fields for fast lookups
- t.integer :network_start, limit: 8, null: false
- t.integer :network_end, limit: 8, null: false
- t.integer :network_prefix, null: false
-
- # IP intelligence metadata
- t.string :company
- t.integer :asn
- t.string :asn_org
- t.boolean :is_datacenter, default: false
- t.boolean :is_proxy, default: false
- t.boolean :is_vpn, default: false
- t.string :ip_api_country
- t.string :geo2_country
- t.text :abuser_scores
- t.text :additional_data
- t.timestamp :last_api_fetch
-
- t.timestamps
- end
-
- # Optimized indexes for IPv4
- add_index :ipv4_ranges, [:network_start, :network_end, :network_prefix],
- name: "idx_ipv4_range_lookup"
- add_index :ipv4_ranges, :asn, name: "idx_ipv4_asn"
- add_index :ipv4_ranges, :company, name: "idx_ipv4_company"
- add_index :ipv4_ranges, :ip_api_country, name: "idx_ipv4_country"
- add_index :ipv4_ranges, [:is_datacenter, :is_proxy, :is_vpn],
- name: "idx_ipv4_flags"
-
- # Create optimized IPv6 ranges table
- create_table :ipv6_ranges do |t|
- # Range fields for fast lookups (binary for 128-bit addresses)
- t.binary :network_start, limit: 16, null: false
- t.binary :network_end, limit: 16, null: false
- t.integer :network_prefix, null: false
-
- # IP intelligence metadata (same as IPv4)
- t.string :company
- t.integer :asn
- t.string :asn_org
- t.boolean :is_datacenter, default: false
- t.boolean :is_proxy, default: false
- t.boolean :is_vpn, default: false
- t.string :ip_api_country
- t.string :geo2_country
- t.text :abuser_scores
- t.text :additional_data
- t.timestamp :last_api_fetch
-
- t.timestamps
- end
-
- # Optimized indexes for IPv6
- add_index :ipv6_ranges, [:network_start, :network_end, :network_prefix],
- name: "idx_ipv6_range_lookup"
- add_index :ipv6_ranges, :asn, name: "idx_ipv6_asn"
- add_index :ipv6_ranges, :company, name: "idx_ipv6_company"
- add_index :ipv6_ranges, :ip_api_country, name: "idx_ipv6_country"
- add_index :ipv6_ranges, [:is_datacenter, :is_proxy, :is_vpn],
- name: "idx_ipv6_flags"
- end
-end
diff --git a/db/migrate/20251103103521_create_geo_ip_databases.rb b/db/migrate/20251103103521_create_geo_ip_databases.rb
deleted file mode 100644
index 724f72e..0000000
--- a/db/migrate/20251103103521_create_geo_ip_databases.rb
+++ /dev/null
@@ -1,16 +0,0 @@
-class CreateGeoIpDatabases < ActiveRecord::Migration[8.1]
- def change
- create_table :geo_ip_databases do |t|
- t.string :database_type
- t.string :version
- t.string :file_path
- t.integer :file_size
- t.string :checksum_md5
- t.datetime :downloaded_at
- t.datetime :last_checked_at
- t.boolean :is_active
-
- t.timestamps
- end
- end
-end
diff --git a/db/migrate/20251103105609_drop_geo_ip_databases_table.rb b/db/migrate/20251103105609_drop_geo_ip_databases_table.rb
deleted file mode 100644
index e1eff10..0000000
--- a/db/migrate/20251103105609_drop_geo_ip_databases_table.rb
+++ /dev/null
@@ -1,25 +0,0 @@
-# frozen_string_literal: true
-
-class DropGeoIpDatabasesTable < ActiveRecord::Migration[8.1]
- def up
- drop_table :geo_ip_databases
- end
-
- def down
- create_table :geo_ip_databases do |t|
- t.string :database_type, null: false
- t.string :version, null: false
- t.string :file_path, null: false
- t.integer :file_size, null: false
- t.string :checksum_md5, null: false
- t.datetime :downloaded_at, null: false
- t.datetime :last_checked_at
- t.boolean :is_active, default: true
- t.timestamps
- end
-
- add_index :geo_ip_databases, :is_active
- add_index :geo_ip_databases, :database_type
- add_index :geo_ip_databases, :file_path, unique: true
- end
-end
diff --git a/db/migrate/20251103130430_change_request_method_to_integer_in_events.rb b/db/migrate/20251103130430_change_request_method_to_integer_in_events.rb
deleted file mode 100644
index 2698078..0000000
--- a/db/migrate/20251103130430_change_request_method_to_integer_in_events.rb
+++ /dev/null
@@ -1,74 +0,0 @@
-class ChangeRequestMethodToIntegerInEvents < ActiveRecord::Migration[8.1]
- def change
- # Convert enum columns from string to integer for proper enum support
- reversible do |dir|
- dir.up do
- # Map request_method string values to enum integers
- execute <<-SQL
- UPDATE events
- SET request_method = CASE
- WHEN LOWER(request_method) = 'get' THEN '0'
- WHEN LOWER(request_method) = 'post' THEN '1'
- WHEN LOWER(request_method) = 'put' THEN '2'
- WHEN LOWER(request_method) = 'patch' THEN '3'
- WHEN LOWER(request_method) = 'delete' THEN '4'
- WHEN LOWER(request_method) = 'head' THEN '5'
- WHEN LOWER(request_method) = 'options' THEN '6'
- ELSE '0' -- Default to GET for unknown values
- END
- WHERE request_method IS NOT NULL;
- SQL
-
- # Map waf_action string values to enum integers
- execute <<-SQL
- UPDATE events
- SET waf_action = CASE
- WHEN LOWER(waf_action) = 'allow' THEN '0'
- WHEN LOWER(waf_action) IN ('deny', 'block') THEN '1'
- WHEN LOWER(waf_action) = 'redirect' THEN '2'
- WHEN LOWER(waf_action) = 'challenge' THEN '3'
- ELSE '0' -- Default to allow for unknown values
- END
- WHERE waf_action IS NOT NULL;
- SQL
-
- # Change column types to integer
- change_column :events, :request_method, :integer
- change_column :events, :waf_action, :integer
- end
-
- dir.down do
- # Convert back to string values
- change_column :events, :request_method, :string
- change_column :events, :waf_action, :string
-
- execute <<-SQL
- UPDATE events
- SET request_method = CASE request_method
- WHEN 0 THEN 'get'
- WHEN 1 THEN 'post'
- WHEN 2 THEN 'put'
- WHEN 3 THEN 'patch'
- WHEN 4 THEN 'delete'
- WHEN 5 THEN 'head'
- WHEN 6 THEN 'options'
- ELSE 'get' -- Default to GET for unknown values
- END
- WHERE request_method IS NOT NULL;
- SQL
-
- execute <<-SQL
- UPDATE events
- SET waf_action = CASE waf_action
- WHEN 0 THEN 'allow'
- WHEN 1 THEN 'deny'
- WHEN 2 THEN 'redirect'
- WHEN 3 THEN 'challenge'
- ELSE 'allow' -- Default to allow for unknown values
- END
- WHERE waf_action IS NOT NULL;
- SQL
- end
- end
- end
-end
diff --git a/db/migrate/20251103225239_create_users.rb b/db/migrate/20251103225239_create_users.rb
deleted file mode 100644
index 71f2ff1..0000000
--- a/db/migrate/20251103225239_create_users.rb
+++ /dev/null
@@ -1,11 +0,0 @@
-class CreateUsers < ActiveRecord::Migration[8.1]
- def change
- create_table :users do |t|
- t.string :email_address, null: false
- t.string :password_digest, null: false
-
- t.timestamps
- end
- add_index :users, :email_address, unique: true
- end
-end
diff --git a/db/migrate/20251103225240_create_sessions.rb b/db/migrate/20251103225240_create_sessions.rb
deleted file mode 100644
index ec9efdb..0000000
--- a/db/migrate/20251103225240_create_sessions.rb
+++ /dev/null
@@ -1,11 +0,0 @@
-class CreateSessions < ActiveRecord::Migration[8.1]
- def change
- create_table :sessions do |t|
- t.references :user, null: false, foreign_key: true
- t.string :ip_address
- t.string :user_agent
-
- t.timestamps
- end
- end
-end
diff --git a/db/migrate/20251103225251_add_role_to_users.rb b/db/migrate/20251103225251_add_role_to_users.rb
deleted file mode 100644
index c38592e..0000000
--- a/db/migrate/20251103225251_add_role_to_users.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-class AddRoleToUsers < ActiveRecord::Migration[8.1]
- def change
- add_column :users, :role, :integer, default: 1, null: false
- end
-end
diff --git a/db/schema.rb b/db/schema.rb
index 5ba33b8..9928ffb 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,10 @@
#
# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema[8.1].define(version: 2025_11_03_225251) do
+ActiveRecord::Schema[8.1].define(version: 7) do
+ # These are extensions that must be enabled in order to support this database
+ enable_extension "pg_catalog.plpgsql"
+
create_table "events", force: :cascade do |t|
t.string "agent_name"
t.string "agent_version"
@@ -20,11 +23,11 @@ ActiveRecord::Schema[8.1].define(version: 2025_11_03_225251) do
t.datetime "created_at", null: false
t.string "environment"
t.string "event_id", null: false
- t.string "ip_address"
+ t.inet "ip_address"
t.json "payload"
- t.integer "project_id", null: false
- t.integer "request_host_id"
- t.integer "request_method"
+ t.bigint "project_id", null: false
+ t.bigint "request_host_id"
+ t.integer "request_method", default: 0
t.string "request_path"
t.string "request_protocol"
t.string "request_segment_ids"
@@ -35,13 +38,13 @@ ActiveRecord::Schema[8.1].define(version: 2025_11_03_225251) do
t.string "server_name"
t.datetime "timestamp", null: false
t.datetime "updated_at", null: false
- t.text "user_agent"
- t.integer "waf_action"
+ t.string "user_agent"
+ t.integer "waf_action", default: 0, null: false
t.index ["event_id"], name: "index_events_on_event_id", unique: true
t.index ["ip_address"], name: "index_events_on_ip_address"
- t.index ["project_id", "ip_address"], name: "index_events_on_project_id_and_ip_address"
- t.index ["project_id", "timestamp"], name: "index_events_on_project_id_and_timestamp"
- t.index ["project_id", "waf_action"], name: "index_events_on_project_id_and_waf_action"
+ t.index ["project_id", "ip_address"], name: "idx_events_project_ip"
+ t.index ["project_id", "timestamp"], name: "idx_events_project_time"
+ t.index ["project_id", "waf_action"], name: "idx_events_project_action"
t.index ["project_id"], name: "index_events_on_project_id"
t.index ["request_host_id", "request_method", "request_segment_ids"], name: "idx_events_host_method_path"
t.index ["request_host_id"], name: "index_events_on_request_host_id"
@@ -50,52 +53,33 @@ ActiveRecord::Schema[8.1].define(version: 2025_11_03_225251) do
t.index ["waf_action"], name: "index_events_on_waf_action"
end
- create_table "ipv4_ranges", force: :cascade do |t|
+ create_table "network_ranges", force: :cascade do |t|
t.text "abuser_scores"
t.text "additional_data"
t.integer "asn"
t.string "asn_org"
t.string "company"
+ t.string "country"
t.datetime "created_at", null: false
- t.string "geo2_country"
- t.string "ip_api_country"
+ t.text "creation_reason"
t.boolean "is_datacenter", default: false
t.boolean "is_proxy", default: false
t.boolean "is_vpn", default: false
t.datetime "last_api_fetch"
- t.integer "network_end", limit: 8, null: false
- t.integer "network_prefix", null: false
- t.integer "network_start", limit: 8, null: false
+ t.inet "network", null: false
+ t.string "source", default: "api_imported", null: false
t.datetime "updated_at", null: false
- t.index ["asn"], name: "idx_ipv4_asn"
- t.index ["company"], name: "idx_ipv4_company"
- t.index ["ip_api_country"], name: "idx_ipv4_country"
- t.index ["is_datacenter", "is_proxy", "is_vpn"], name: "idx_ipv4_flags"
- t.index ["network_start", "network_end", "network_prefix"], name: "idx_ipv4_range_lookup"
- end
-
- create_table "ipv6_ranges", force: :cascade do |t|
- t.text "abuser_scores"
- t.text "additional_data"
- t.integer "asn"
- t.string "asn_org"
- t.string "company"
- t.datetime "created_at", null: false
- t.string "geo2_country"
- t.string "ip_api_country"
- t.boolean "is_datacenter", default: false
- t.boolean "is_proxy", default: false
- t.boolean "is_vpn", default: false
- t.datetime "last_api_fetch"
- t.binary "network_end", limit: 16, null: false
- t.integer "network_prefix", null: false
- t.binary "network_start", limit: 16, null: false
- t.datetime "updated_at", null: false
- t.index ["asn"], name: "idx_ipv6_asn"
- t.index ["company"], name: "idx_ipv6_company"
- t.index ["ip_api_country"], name: "idx_ipv6_country"
- t.index ["is_datacenter", "is_proxy", "is_vpn"], name: "idx_ipv6_flags"
- t.index ["network_start", "network_end", "network_prefix"], name: "idx_ipv6_range_lookup"
+ t.bigint "user_id"
+ t.index ["asn"], name: "index_network_ranges_on_asn"
+ t.index ["asn_org"], name: "index_network_ranges_on_asn_org"
+ t.index ["company"], name: "index_network_ranges_on_company"
+ t.index ["country"], name: "index_network_ranges_on_country"
+ t.index ["is_datacenter", "is_proxy", "is_vpn"], name: "idx_network_flags"
+ t.index ["is_datacenter"], name: "index_network_ranges_on_is_datacenter"
+ t.index ["network"], name: "index_network_ranges_on_network", opclass: :inet_ops, using: :gist
+ t.index ["network"], name: "index_network_ranges_on_network_unique", unique: true
+ t.index ["source"], name: "index_network_ranges_on_source"
+ t.index ["user_id"], name: "index_network_ranges_on_user_id"
end
create_table "path_segments", force: :cascade do |t|
@@ -154,48 +138,38 @@ ActiveRecord::Schema[8.1].define(version: 2025_11_03_225251) do
t.index ["protocol"], name: "index_request_protocols_on_protocol", unique: true
end
- create_table "rule_sets", force: :cascade do |t|
- t.datetime "created_at", null: false
- t.text "description"
- t.boolean "enabled"
- t.string "name"
- t.integer "priority"
- t.json "projects"
- t.json "projects_subscription"
- t.json "rules"
- t.string "slug"
- t.datetime "updated_at", null: false
- t.index ["enabled"], name: "index_rule_sets_on_enabled"
- t.index ["priority"], name: "index_rule_sets_on_priority"
- t.index ["slug"], name: "index_rule_sets_on_slug", unique: true
- end
-
create_table "rules", force: :cascade do |t|
- t.string "action"
- t.json "conditions"
+ t.string "action", null: false
+ t.json "conditions", default: {}
t.datetime "created_at", null: false
- t.boolean "enabled"
+ t.boolean "enabled", default: true, null: false
t.datetime "expires_at"
- t.json "metadata"
+ t.json "metadata", default: {}
+ t.bigint "network_range_id"
t.integer "priority"
- t.string "rule_type"
- t.string "source", limit: 100
- t.string "target"
+ t.string "rule_type", null: false
+ t.string "source", limit: 100, default: "manual"
t.datetime "updated_at", null: false
+ t.bigint "user_id"
+ t.index ["action"], name: "index_rules_on_action"
+ t.index ["enabled", "expires_at"], name: "idx_rules_active"
t.index ["enabled"], name: "index_rules_on_enabled"
t.index ["expires_at"], name: "index_rules_on_expires_at"
+ t.index ["network_range_id"], name: "index_rules_on_network_range_id"
+ t.index ["priority"], name: "index_rules_on_priority"
t.index ["rule_type", "enabled"], name: "idx_rules_type_enabled"
t.index ["rule_type"], name: "index_rules_on_rule_type"
t.index ["source"], name: "index_rules_on_source"
t.index ["updated_at", "id"], name: "idx_rules_sync"
+ t.index ["user_id"], name: "index_rules_on_user_id"
end
create_table "sessions", force: :cascade do |t|
t.datetime "created_at", null: false
- t.string "ip_address"
+ t.inet "ip_address"
t.datetime "updated_at", null: false
t.string "user_agent"
- t.integer "user_id", null: false
+ t.bigint "user_id", null: false
t.index ["user_id"], name: "index_sessions_on_user_id"
end
@@ -210,5 +184,8 @@ ActiveRecord::Schema[8.1].define(version: 2025_11_03_225251) do
add_foreign_key "events", "projects"
add_foreign_key "events", "request_hosts"
+ add_foreign_key "network_ranges", "users"
+ add_foreign_key "rules", "network_ranges"
+ add_foreign_key "rules", "users"
add_foreign_key "sessions", "users"
end
diff --git a/docs/path-segment-architecture.md b/docs/path-segment-architecture.md
index 2671a57..922bb3a 100644
--- a/docs/path-segment-architecture.md
+++ b/docs/path-segment-architecture.md
@@ -428,7 +428,8 @@ suspicious_paths = Event.where(waf_action: :deny)
.pluck(:request_segment_ids)
suspicious_paths.each do |seg_ids|
- RuleSet.global.block_path_segments(seg_ids)
+ # TODO: Implement rule creation for blocking path segments
+ # Rule.create!(rule_type: 'path_pattern', conditions: { patterns: seg_ids }, action: 'deny')
end
```
diff --git a/lib/tasks/users.rake b/lib/tasks/users.rake
new file mode 100644
index 0000000..5a24596
--- /dev/null
+++ b/lib/tasks/users.rake
@@ -0,0 +1,102 @@
+namespace :users do
+ desc "Reset password for a user"
+ task reset_password: :environment do
+ email = ENV['EMAIL']
+ new_password = ENV['PASSWORD']
+
+ if email.blank?
+ puts "Usage: EMAIL=user@example.com PASSWORD=newpassword rails users:reset_password"
+ exit 1
+ end
+
+ user = User.find_by(email_address: email)
+ if user.nil?
+ puts "Error: User with email '#{email}' not found."
+ exit 1
+ end
+
+ if new_password.blank?
+ puts "Error: PASSWORD environment variable is required."
+ exit 1
+ end
+
+ if user.password_digest.blank?
+ puts "Warning: User appears to be an OIDC user (no password set)."
+ print "Do you want to set a local password for this OIDC user? (y/N): "
+ response = STDIN.gets.chomp.downcase
+ unless response == 'y' || response == 'yes'
+ puts "Password reset cancelled."
+ exit 0
+ end
+ end
+
+ user.password = new_password
+ user.password_confirmation = new_password
+
+ if user.save
+ # Destroy all sessions to force re-login
+ user.sessions.destroy_all
+
+ puts "✅ Password successfully updated for #{user.email_address}"
+ puts " User: #{user.email_address} (#{user.role})"
+ puts " All existing sessions have been terminated."
+ puts " User will need to log in with the new password."
+ else
+ puts "❌ Failed to update password:"
+ user.errors.full_messages.each { |msg| puts " - #{msg}" }
+ exit 1
+ end
+ end
+
+ desc "List all users"
+ task list: :environment do
+ users = User.order(:role, :email_address)
+
+ puts "Users (#{users.count}):"
+ puts "=" * 60
+ users.each do |user|
+ has_password = user.password_digest.present? ? "local" : "OIDC"
+ last_login = user.sessions.maximum(:created_at)
+
+ puts "📧 #{user.email_address}"
+ puts " Role: #{user.role} | Auth: #{has_password}"
+ puts " Last login: #{last_login ? last_login.strftime('%Y-%m-%d %H:%M') : 'Never'}"
+ puts " Active sessions: #{user.sessions.count}"
+ puts
+ end
+ end
+
+ desc "Create admin user (only if no users exist)"
+ task create_admin: :environment do
+ if User.any?
+ puts "❌ Users already exist. Admin creation is disabled."
+ puts " Use 'rails users:reset_password' to reset an existing user's password."
+ exit 1
+ end
+
+ email = ENV['EMAIL']
+ password = ENV['PASSWORD']
+
+ if email.blank? || password.blank?
+ puts "Usage: EMAIL=admin@example.com PASSWORD=securepassword rails users:create_admin"
+ exit 1
+ end
+
+ user = User.new(
+ email_address: email,
+ password: password,
+ password_confirmation: password
+ )
+
+ if user.save
+ puts "✅ Admin user created successfully:"
+ puts " Email: #{user.email_address}"
+ puts " Role: #{user.role}"
+ puts " You can now log in to the application."
+ else
+ puts "❌ Failed to create admin user:"
+ user.errors.full_messages.each { |msg| puts " - #{msg}" }
+ exit 1
+ end
+ end
+end
\ No newline at end of file
diff --git a/test/controllers/passwords_controller_test.rb b/test/controllers/passwords_controller_test.rb
deleted file mode 100644
index e1a1b03..0000000
--- a/test/controllers/passwords_controller_test.rb
+++ /dev/null
@@ -1,67 +0,0 @@
-require "test_helper"
-
-class PasswordsControllerTest < ActionDispatch::IntegrationTest
- setup { @user = User.take }
-
- test "new" do
- get new_password_path
- assert_response :success
- end
-
- test "create" do
- post passwords_path, params: { email_address: @user.email_address }
- assert_enqueued_email_with PasswordsMailer, :reset, args: [ @user ]
- assert_redirected_to new_session_path
-
- follow_redirect!
- assert_notice "reset instructions sent"
- end
-
- test "create for an unknown user redirects but sends no mail" do
- post passwords_path, params: { email_address: "missing-user@example.com" }
- assert_enqueued_emails 0
- assert_redirected_to new_session_path
-
- follow_redirect!
- assert_notice "reset instructions sent"
- end
-
- test "edit" do
- get edit_password_path(@user.password_reset_token)
- assert_response :success
- end
-
- test "edit with invalid password reset token" do
- get edit_password_path("invalid token")
- assert_redirected_to new_password_path
-
- follow_redirect!
- assert_notice "reset link is invalid"
- end
-
- test "update" do
- assert_changes -> { @user.reload.password_digest } do
- put password_path(@user.password_reset_token), params: { password: "new", password_confirmation: "new" }
- assert_redirected_to new_session_path
- end
-
- follow_redirect!
- assert_notice "Password has been reset"
- end
-
- test "update with non matching passwords" do
- token = @user.password_reset_token
- assert_no_changes -> { @user.reload.password_digest } do
- put password_path(token), params: { password: "no", password_confirmation: "match" }
- assert_redirected_to edit_password_path(token)
- end
-
- follow_redirect!
- assert_notice "Passwords did not match"
- end
-
- private
- def assert_notice(text)
- assert_select "div", /#{text}/
- end
-end
diff --git a/test/mailers/previews/passwords_mailer_preview.rb b/test/mailers/previews/passwords_mailer_preview.rb
deleted file mode 100644
index 01d07ec..0000000
--- a/test/mailers/previews/passwords_mailer_preview.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-# Preview all emails at http://localhost:3000/rails/mailers/passwords_mailer
-class PasswordsMailerPreview < ActionMailer::Preview
- # Preview this email at http://localhost:3000/rails/mailers/passwords_mailer/reset
- def reset
- PasswordsMailer.reset(User.take)
- end
-end
diff --git a/test/models/rule_set_test.rb b/test/models/rule_set_test.rb
deleted file mode 100644
index 616301d..0000000
--- a/test/models/rule_set_test.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-require "test_helper"
-
-class RuleSetTest < ActiveSupport::TestCase
- # test "the truth" do
- # assert true
- # end
-end