www/secretary/workbench/server.rb - whimsy - Git at Google

 #
 # Simple web server that routes requests to views based on URLs.
 #

 require 'wunderbar/sinatra'
 require 'wunderbar/bootstrap'
 require 'wunderbar/vue'
 require 'ruby2js/es2017/strict'
 require 'ruby2js/filter/functions'
 require 'ruby2js/filter/require'
 require 'erb'
 require 'uri'
 require 'sanitize'
 require 'escape'
 require 'time' # for iso8601
 require 'whimsy/asf/meeting-util'

 require_relative 'personalize'
 require_relative 'helpers'
 require_relative 'models/mailbox'
 require_relative 'models/events'
 require_relative 'tasks'


 # monkey patch mail gem to work around a regression introduced in 2.7.0:
 # https://github.com/mikel/mail/pull/1168
 module Mail
   class Message
     def raw_source=(value)
       @raw_source = ::Mail::Utilities.to_crlf(value)
     end
   end

   module Utilities
     def self.safe_for_line_ending_conversion?(string)
       if RUBY_VERSION >= '1.9'
         string.ascii_only? or
           (string.encoding != Encoding::BINARY and string.valid_encoding?)
       else
         string.ascii_only?
       end
     end
   end
 end

 require 'whimsy/asf'
 require 'whimsy/asf/memapps'
 ASF::Mail.configure

 SECS_TO_DAYS = 60*60*24


 disable :logging # suppress log of requests to stderr/error.log

 require 'whimsy/asf/status'

 error do
   err = env['sinatra.error']
   <<~EOD
   <pre>
   Error detected, please see web server error log for full details:

   #{Time.now.gmtime.to_s}: #{err.detailed_message}
   </pre>
   EOD
 end

 # list of messages
 get '/' do
   redirect to('/') if env['REQUEST_URI'] == env['SCRIPT_NAME']

   # determine latest month for which there are messages
   current = Date.today.strftime('%Y%m') # exclude future-dated entries
   archives = Dir[File.join(ARCHIVE, '*.yml')].select {|name| name =~ %r{/\d{6}\.yml$} && File.basename(name,'.yml') <= current}
   @mbox = archives.empty? ? nil : File.basename(archives.max, '.yml')
   if @mbox
     @messages = Mailbox.new(@mbox).client_headers.select do |message|
       message[:status] != :deleted
     end
   else
     @messages = [] # ensure the array exists
   end

   # Show outstanding emeritus requests
   ASF::EmeritusRequestFiles.listnames(true).each do |epoch, file|
     days = (((Time.now.to_i - epoch.to_i).to_f / SECS_TO_DAYS)).round(1)
     id = File.basename(file, '.*')
     @messages << {
       date: Time.at(epoch.to_i).gmtime.asctime,
       time: Time.at(epoch.to_i).gmtime.iso8601,
       href: "/roster/committer/#{id}",
       href2: ASF::SVN.svnpath!('emeritus-requests-received', file),
       from: ASF::Person.find(id).cn,
       subject: "Pending emeritus request - #{days} days old",
       status: days < 10.0 ? :emeritusPending : :emeritusReady
     }
   end

   # Show outstanding withdrawal requests
   ASF::WithdrawalRequestFiles.listnames(true, env).each do |epoch, file|
     days = (((Time.now.to_i - epoch.to_i).to_f / SECS_TO_DAYS)).round(1)
     id = File.basename(file, '.*')
     @messages << {
       date: Time.at(epoch.to_i).gmtime.asctime,
       time: Time.at(epoch.to_i).gmtime.iso8601,
       href: "/roster/committer/#{id}",
       href2: ASF::SVN.svnpath!('withdrawn-pending', file),
       from: ASF::Person.find(id).cn,
       subject: "Pending withdrawal request - #{days} days old",
       status: days < 10.0 ? :withdrawalPending : :withdrawalReady
     }
   end

   @cssmtime = File.mtime('public/secmail.css').to_i
   @appmtime = Wunderbar::Asset.convert(File.join(settings.views, 'app.js.rb')).mtime.to_i
   _html :index
 end

 # alias for root directory
 get '/index.html' do
   call env.merge('PATH_INFO' => '/')
 end

 # support for fetching previous month's worth of messages
 get %r{/(\d{6})} do |mbox|
   @mbox = mbox
   _json :index # This invokes workbench/views/index.json.rb
 end

 get '/deleted' do
   current = Mailbox.allmailboxes.last
   return [404, 'Not found'] unless current
   redirect to("/#{current}/deleted")
 end

 # display deleted messages
 get %r{/(\d{6})/deleted} do |mbox|
   @mbox = mbox
   @prv, @nxt = Mailbox.prev_next(mbox)
   @messages = Mailbox.new(@mbox).client_headers(listall: true).select do |message|
     message[:status] == :deleted
   end
   _html :deleted
 end

 get '/pending' do
   current = Mailbox.allmailboxes.last
   return [404, 'Not found'] unless current
   redirect to("/#{current}/pending")
 end

 # display pending messages
 get %r{/(\d{6})/pending} do |mbox|
   @mbox = mbox
   @prv, @nxt = Mailbox.prev_next(mbox)
   @messages = Mailbox.new(@mbox).client_headers.reject do |message|
     message[:status] == :deleted
   end
   _html :pending
 end

 get '/all' do
   current = Mailbox.allmailboxes.last
   return [404, 'Not found'] unless current
   redirect to("/#{current}/all")
 end

 # display all messages
 get %r{/(\d{6})/all} do |mbox|
   @mbox = mbox
   @prv, @nxt = Mailbox.prev_next(mbox)
   @messages = Mailbox.new(@mbox).client_headers(listall: true)
   _html :all
 end

 # retrieve a single message
 get %r{/(\d{6})/(\w+)/} do |month, hash|
   @message = Mailbox.new(month).headers[hash]
   pass unless @message
   _html :message
 end

 # task lists
 post '/tasklist/:file' do
   unavailable = Status.updates_disallowed_reason # are updates disallowed?
   return [503, unavailable] if unavailable

   @jsmtime = File.mtime('public/tasklist.js').to_i
   @cssmtime = File.mtime('public/secmail.css').to_i

   if request.content_type == 'application/json'
     _json(:"actions/#{params[:file]}")
   else
     @dryrun = JSON.parse(_json(:"actions/#{params[:file]}"))
     _html :tasklist
   end
 end

 # posted actions
 SAFE_ACTIONS = %w[check-mail check-signature]
 post '/actions/:file' do
   unavailable = Status.updates_disallowed_reason # are updates disallowed?
   return [503, unavailable] if unavailable && !SAFE_ACTIONS.include?(params[:file])

   _json :"actions/#{params[:file]}"
 end

 # mark a single message as deleted
 delete %r{/(\d+)/(\w+)/} do |month, hash|
   unavailable = Status.updates_disallowed_reason # are updates disallowed?
   return [503, unavailable] if unavailable

   success = false

   Mailbox.update(month) do |headers|
     if headers[hash]
       headers[hash][:status] = :deleted
       success = true
     end
   end

   pass unless success
   _json success: true
 end

 # update a single message
 patch %r{/(\d{6})/(\w+)/} do |month, hash|
   unavailable = Status.updates_disallowed_reason # are updates disallowed?
   return [503, unavailable] if unavailable

   success = false

   Mailbox.update(month) do |headers|
     if headers[hash]
       updates = JSON.parse(request.env['rack.input'].read)
       # undelete attachments if requested
       attStatus = updates.delete('attachment_status')
       if attStatus
         headers[hash][:attachments]&.each do |att|
           att[:status] = nil
         end
       end

       # special processing for entries with symbols as keys
       headers[hash].each do |key, value|
         if key.is_a? Symbol and updates.has_key? key.to_s
           headers[hash][key] = updates.delete(key.to_s)
         end
       end

       headers[hash].merge! updates
       success = true
     end
   end

   pass unless success
   [204, {}, '']
 end

 # list of parts for a single message
 get %r{/(\d{6})/(\w+)/_index_} do |month, hash|
   message = Mailbox.new(month).find(hash)
   return [404, 'Message Not Found'] unless message
   @attachments = message.attachments
   @headers = message.headers.dup
   @headers.delete :attachments
   @cssmtime = File.mtime('public/secmail.css').to_i
   @appmtime = Wunderbar::Asset.convert(File.join(settings.views, 'app.js.rb')).mtime.to_i
   @projects = (ASF::Podling.current+ASF::Committee.pmcs).map(&:name).sort

   # Check if applications closed; if so, check it application was received in time
   # Default to 'now' if envelope date not found; hopefully won't be triggered as emails
   # should now all have the field set up
   @meeting = ASF::MeetingUtil.applications_valid ||
     ASF::MeetingUtil.application_valid?(@headers[:envelope_date] || DateTime.now.iso8601)

   _html :parts
 end

 # message body for a single message
 get %r{/(\d{6})/(\w+)/_body_} do |month, hash|
   @message = Mailbox.new(month).find(hash)
   return [404, 'Message Not Found'] unless @message
   @cssmtime = File.mtime('public/secmail.css').to_i
   @appmtime = Wunderbar::Asset.convert(File.join(settings.views, 'app.js.rb')).mtime.to_i
   _html :body
 end

 # header data for a single message
 get %r{/(\d{6})/(\w+)/_headers_} do |month, hash|
   @headers = Mailbox.new(month).headers[hash]
   pass unless @headers
   _html :headers
 end

 # raw data for a single message
 get %r{/(\d{6})/(\w+)/_raw_} do |month, hash|
   message = Mailbox.new(month).find(hash)
   pass unless message
   [200, {'Content-Type' => 'text/plain'}, message.raw]
 end

 # reparse an existing message
 get %r{/(\d{6})/(\w+)/_reparse_} do |month, hash|
   unavailable = Status.updates_disallowed_reason # are updates disallowed?
   return [503, unavailable] if unavailable

   mailbox = Mailbox.new(month)
   message = mailbox.find(hash)
   pass unless message
   email = message.raw
   headers = Message.parse(email)
   message = Message.new(mailbox, hash, headers, email)
   message.write_headers
   [200, {'Content-Type' => 'text/plain'}, 'Done, reselect to show contents']
 end

 # intercede for potentially dangerous message attachments
 get %r{/(\d{6})/(\w+)/_danger_/(.*?)} do |month, hash, name|
   message = Mailbox.new(month).find(hash)
   pass unless message

   @part = message.find(URI::RFC2396_Parser.new.unescape(name))
   pass unless @part

   _html :danger
 end

 # a specific attachment for a message
 get %r{/(\d{6})/(\w+)/(.*?)} do |month, hash, name|
   message = Mailbox.new(month).find(hash)
   pass unless message

   part = message.find(URI::RFC2396_Parser.new.unescape(name))
   pass unless part

   [200, {'Content-Type' => part.content_type}, part.body.to_s]
 end

 # parse memapp-received
 get '/memapp.json' do
   _json :memapp
 end

 # return email for a given id
 get '/email.json' do
   _json do
     {email: ASF::Person.find(params[:id]).mail.first}
   end
 end

 # return a list of iclas
 get '/iclas.json' do
   list = []
   ASF::ICLA.each do |icla|
     list << {
       filename: icla.claRef,
       id: icla.id,
       name: icla.name,
       fullname: icla.legal_name,
       email: icla.email
     }
   end
   list.to_json
 end

 # Return official list of members (not using LDAP)
 # includes inactive members
 get '/members.json' do
   list = ASF::Member.list.map { |k, v| {id: k, name: v[:name]}}
   _json list
 end

 # redirect to an icla
 get %r{/icla/(.*)} do |filename|
   checkout = ASF::SVN.svnurl('iclas')
   ASF::ICLAFiles.update_cache(env)
   file = ASF::ICLAFiles.match_claRef(filename)
   pass unless file
   redirect to(checkout + '/' + file)
 end

 # event stream for server sent events (a.k.a EventSource)
 get '/events', provides: 'text/event-stream' do
   events = Events.new

   stream :keep_open do |out|
     out.callback {events.close}

     loop do
       event = events.pop

       if event.is_a? Hash or event.is_a? Array
         out << "data: #{JSON.dump(event)}\n\n"
       elsif event == :heartbeat
         out << ":\n"
       elsif event == :exit
         out.close
         break
       else
         out << "data: #{event.inspect}\n\n"
       end
     end
   end
 end
	#
	# Simple web server that routes requests to views based on URLs.
	#

	require 'wunderbar/sinatra'
	require 'wunderbar/bootstrap'
	require 'wunderbar/vue'
	require 'ruby2js/es2017/strict'
	require 'ruby2js/filter/functions'
	require 'ruby2js/filter/require'
	require 'erb'
	require 'uri'
	require 'sanitize'
	require 'escape'
	require 'time' # for iso8601
	require 'whimsy/asf/meeting-util'

	require_relative 'personalize'
	require_relative 'helpers'
	require_relative 'models/mailbox'
	require_relative 'models/events'
	require_relative 'tasks'


	# monkey patch mail gem to work around a regression introduced in 2.7.0:
	# https://github.com/mikel/mail/pull/1168
	module Mail
	class Message
	def raw_source=(value)
	@raw_source = ::Mail::Utilities.to_crlf(value)
	end
	end

	module Utilities
	def self.safe_for_line_ending_conversion?(string)
	if RUBY_VERSION >= '1.9'
	string.ascii_only? or
	(string.encoding != Encoding::BINARY and string.valid_encoding?)
	else
	string.ascii_only?
	end
	end
	end
	end

	require 'whimsy/asf'
	require 'whimsy/asf/memapps'
	ASF::Mail.configure

	SECS_TO_DAYS = 606024


	disable :logging # suppress log of requests to stderr/error.log

	require 'whimsy/asf/status'

	error do
	err = env['sinatra.error']
	<<~EOD
	<pre>
	Error detected, please see web server error log for full details:

	#{Time.now.gmtime.to_s}: #{err.detailed_message}
	</pre>
	EOD
	end

	# list of messages
	get '/' do
	redirect to('/') if env['REQUEST_URI'] == env['SCRIPT_NAME']

	# determine latest month for which there are messages
	current = Date.today.strftime('%Y%m') # exclude future-dated entries
	archives = Dir[File.join(ARCHIVE, '*.yml')].select {\|name\| name =~ %r{/\d{6}\.yml$} && File.basename(name,'.yml') <= current}
	@mbox = archives.empty? ? nil : File.basename(archives.max, '.yml')
	if @mbox
	@messages = Mailbox.new(@mbox).client_headers.select do \|message\|
	message[:status] != :deleted
	end
	else
	@messages = [] # ensure the array exists
	end

	# Show outstanding emeritus requests
	ASF::EmeritusRequestFiles.listnames(true).each do \|epoch, file\|
	days = (((Time.now.to_i - epoch.to_i).to_f / SECS_TO_DAYS)).round(1)
	id = File.basename(file, '.*')
	@messages << {
	date: Time.at(epoch.to_i).gmtime.asctime,
	time: Time.at(epoch.to_i).gmtime.iso8601,
	href: "/roster/committer/#{id}",
	href2: ASF::SVN.svnpath!('emeritus-requests-received', file),
	from: ASF::Person.find(id).cn,
	subject: "Pending emeritus request - #{days} days old",
	status: days < 10.0 ? :emeritusPending : :emeritusReady
	}
	end

	# Show outstanding withdrawal requests
	ASF::WithdrawalRequestFiles.listnames(true, env).each do \|epoch, file\|
	days = (((Time.now.to_i - epoch.to_i).to_f / SECS_TO_DAYS)).round(1)
	id = File.basename(file, '.*')
	@messages << {
	date: Time.at(epoch.to_i).gmtime.asctime,
	time: Time.at(epoch.to_i).gmtime.iso8601,
	href: "/roster/committer/#{id}",
	href2: ASF::SVN.svnpath!('withdrawn-pending', file),
	from: ASF::Person.find(id).cn,
	subject: "Pending withdrawal request - #{days} days old",
	status: days < 10.0 ? :withdrawalPending : :withdrawalReady
	}
	end

	@cssmtime = File.mtime('public/secmail.css').to_i
	@appmtime = Wunderbar::Asset.convert(File.join(settings.views, 'app.js.rb')).mtime.to_i
	_html :index
	end

	# alias for root directory
	get '/index.html' do
	call env.merge('PATH_INFO' => '/')
	end

	# support for fetching previous month's worth of messages
	get %r{/(\d{6})} do \|mbox\|
	@mbox = mbox
	_json :index # This invokes workbench/views/index.json.rb
	end

	get '/deleted' do
	current = Mailbox.allmailboxes.last
	return [404, 'Not found'] unless current
	redirect to("/#{current}/deleted")
	end

	# display deleted messages
	get %r{/(\d{6})/deleted} do \|mbox\|
	@mbox = mbox
	@prv, @nxt = Mailbox.prev_next(mbox)
	@messages = Mailbox.new(@mbox).client_headers(listall: true).select do \|message\|
	message[:status] == :deleted
	end
	_html :deleted
	end

	get '/pending' do
	current = Mailbox.allmailboxes.last
	return [404, 'Not found'] unless current
	redirect to("/#{current}/pending")
	end

	# display pending messages
	get %r{/(\d{6})/pending} do \|mbox\|
	@mbox = mbox
	@prv, @nxt = Mailbox.prev_next(mbox)
	@messages = Mailbox.new(@mbox).client_headers.reject do \|message\|
	message[:status] == :deleted
	end
	_html :pending
	end

	get '/all' do
	current = Mailbox.allmailboxes.last
	return [404, 'Not found'] unless current
	redirect to("/#{current}/all")
	end

	# display all messages
	get %r{/(\d{6})/all} do \|mbox\|
	@mbox = mbox
	@prv, @nxt = Mailbox.prev_next(mbox)
	@messages = Mailbox.new(@mbox).client_headers(listall: true)
	_html :all
	end

	# retrieve a single message
	get %r{/(\d{6})/(\w+)/} do \|month, hash\|
	@message = Mailbox.new(month).headers[hash]
	pass unless @message
	_html :message
	end

	# task lists
	post '/tasklist/:file' do
	unavailable = Status.updates_disallowed_reason # are updates disallowed?
	return [503, unavailable] if unavailable

	@jsmtime = File.mtime('public/tasklist.js').to_i
	@cssmtime = File.mtime('public/secmail.css').to_i

	if request.content_type == 'application/json'
	_json(:"actions/#{params[:file]}")
	else
	@dryrun = JSON.parse(_json(:"actions/#{params[:file]}"))
	_html :tasklist
	end
	end

	# posted actions
	SAFE_ACTIONS = %w[check-mail check-signature]
	post '/actions/:file' do
	unavailable = Status.updates_disallowed_reason # are updates disallowed?
	return [503, unavailable] if unavailable && !SAFE_ACTIONS.include?(params[:file])

	_json :"actions/#{params[:file]}"
	end

	# mark a single message as deleted
	delete %r{/(\d+)/(\w+)/} do \|month, hash\|
	unavailable = Status.updates_disallowed_reason # are updates disallowed?
	return [503, unavailable] if unavailable

	success = false

	Mailbox.update(month) do \|headers\|
	if headers[hash]
	headers[hash][:status] = :deleted
	success = true
	end
	end

	pass unless success
	_json success: true
	end

	# update a single message
	patch %r{/(\d{6})/(\w+)/} do \|month, hash\|
	unavailable = Status.updates_disallowed_reason # are updates disallowed?
	return [503, unavailable] if unavailable

	success = false

	Mailbox.update(month) do \|headers\|
	if headers[hash]
	updates = JSON.parse(request.env['rack.input'].read)
	# undelete attachments if requested
	attStatus = updates.delete('attachment_status')
	if attStatus
	headers[hash][:attachments]&.each do \|att\|
	att[:status] = nil
	end
	end

	# special processing for entries with symbols as keys
	headers[hash].each do \|key, value\|
	if key.is_a? Symbol and updates.has_key? key.to_s
	headers[hash][key] = updates.delete(key.to_s)
	end
	end

	headers[hash].merge! updates
	success = true
	end
	end

	pass unless success
	[204, {}, '']
	end

	# list of parts for a single message
	get %r{/(\d{6})/(\w+)/_index_} do \|month, hash\|
	message = Mailbox.new(month).find(hash)
	return [404, 'Message Not Found'] unless message
	@attachments = message.attachments
	@headers = message.headers.dup
	@headers.delete :attachments
	@cssmtime = File.mtime('public/secmail.css').to_i
	@appmtime = Wunderbar::Asset.convert(File.join(settings.views, 'app.js.rb')).mtime.to_i
	@projects = (ASF::Podling.current+ASF::Committee.pmcs).map(&:name).sort

	# Check if applications closed; if so, check it application was received in time
	# Default to 'now' if envelope date not found; hopefully won't be triggered as emails
	# should now all have the field set up
	@meeting = ASF::MeetingUtil.applications_valid \|\|
	ASF::MeetingUtil.application_valid?(@headers[:envelope_date] \|\| DateTime.now.iso8601)

	_html :parts
	end

	# message body for a single message
	get %r{/(\d{6})/(\w+)/_body_} do \|month, hash\|
	@message = Mailbox.new(month).find(hash)
	return [404, 'Message Not Found'] unless @message
	@cssmtime = File.mtime('public/secmail.css').to_i
	@appmtime = Wunderbar::Asset.convert(File.join(settings.views, 'app.js.rb')).mtime.to_i
	_html :body
	end

	# header data for a single message
	get %r{/(\d{6})/(\w+)/_headers_} do \|month, hash\|
	@headers = Mailbox.new(month).headers[hash]
	pass unless @headers
	_html :headers
	end

	# raw data for a single message
	get %r{/(\d{6})/(\w+)/_raw_} do \|month, hash\|
	message = Mailbox.new(month).find(hash)
	pass unless message
	[200, {'Content-Type' => 'text/plain'}, message.raw]
	end

	# reparse an existing message
	get %r{/(\d{6})/(\w+)/_reparse_} do \|month, hash\|
	unavailable = Status.updates_disallowed_reason # are updates disallowed?
	return [503, unavailable] if unavailable

	mailbox = Mailbox.new(month)
	message = mailbox.find(hash)
	pass unless message
	email = message.raw
	headers = Message.parse(email)
	message = Message.new(mailbox, hash, headers, email)
	message.write_headers
	[200, {'Content-Type' => 'text/plain'}, 'Done, reselect to show contents']
	end

	# intercede for potentially dangerous message attachments
	get %r{/(\d{6})/(\w+)/_danger_/(.*?)} do \|month, hash, name\|
	message = Mailbox.new(month).find(hash)
	pass unless message

	@part = message.find(URI::RFC2396_Parser.new.unescape(name))
	pass unless @part

	_html :danger
	end

	# a specific attachment for a message
	get %r{/(\d{6})/(\w+)/(.*?)} do \|month, hash, name\|
	message = Mailbox.new(month).find(hash)
	pass unless message

	part = message.find(URI::RFC2396_Parser.new.unescape(name))
	pass unless part

	[200, {'Content-Type' => part.content_type}, part.body.to_s]
	end

	# parse memapp-received
	get '/memapp.json' do
	_json :memapp
	end

	# return email for a given id
	get '/email.json' do
	_json do
	{email: ASF::Person.find(params[:id]).mail.first}
	end
	end

	# return a list of iclas
	get '/iclas.json' do
	list = []
	ASF::ICLA.each do \|icla\|
	list << {
	filename: icla.claRef,
	id: icla.id,
	name: icla.name,
	fullname: icla.legal_name,
	email: icla.email
	}
	end
	list.to_json
	end

	# Return official list of members (not using LDAP)
	# includes inactive members
	get '/members.json' do
	list = ASF::Member.list.map { \|k, v\| {id: k, name: v[:name]}}
	_json list
	end

	# redirect to an icla
	get %r{/icla/(.*)} do \|filename\|
	checkout = ASF::SVN.svnurl('iclas')
	ASF::ICLAFiles.update_cache(env)
	file = ASF::ICLAFiles.match_claRef(filename)
	pass unless file
	redirect to(checkout + '/' + file)
	end

	# event stream for server sent events (a.k.a EventSource)
	get '/events', provides: 'text/event-stream' do
	events = Events.new

	stream :keep_open do \|out\|
	out.callback {events.close}

	loop do
	event = events.pop

	if event.is_a? Hash or event.is_a? Array
	out << "data: #{JSON.dump(event)}\n\n"
	elsif event == :heartbeat
	out << ":\n"
	elsif event == :exit
	out.close
	break
	else
	out << "data: #{event.inspect}\n\n"
	end
	end
	end
	end