Fixing email

.env.development

@@ -0,0 +1 @@
+ENABLE_SIGNUP=true

.env.test

@@ -0,0 +1 @@
+ENABLE_SIGNUP=true

.gitignore

@@ -10,6 +10,8 @@
 # Ignore all environment files (except templates).
 /.env*
 !/.env*.erb
+!/.env.development
+!/.env.test
 
 # Ignore all logfiles and tempfiles.
 /log/*

.kamal/hooks/docker-setup

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+# A sample docker-setup hook
+#
+# Sets up a Docker network which can then be used by the application’s containers
+
+ssh root@ttcompanion.com "docker network inspect kamal || docker network create kamal"

.kamal/hooks/docker-setup.sample

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+# A sample docker-setup hook
+#
+# Sets up a Docker network which can then be used by the application’s containers
+
+ssh user@example.com docker network create kamal

.kamal/hooks/post-deploy.sample

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# A sample post-deploy hook
+#
+# These environment variables are available:
+# KAMAL_RECORDED_AT
+# KAMAL_PERFORMER
+# KAMAL_VERSION
+# KAMAL_HOSTS
+# KAMAL_ROLE (if set)
+# KAMAL_DESTINATION (if set)
+# KAMAL_RUNTIME
+
+echo "$KAMAL_PERFORMER deployed $KAMAL_VERSION to $KAMAL_DESTINATION in $KAMAL_RUNTIME seconds"

.kamal/hooks/post-traefik-reboot.sample

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "Rebooted Traefik on $KAMAL_HOSTS"

.kamal/hooks/pre-build.sample

@@ -0,0 +1,51 @@
+#!/bin/sh
+
+# A sample pre-build hook
+#
+# Checks:
+# 1. We have a clean checkout
+# 2. A remote is configured
+# 3. The branch has been pushed to the remote
+# 4. The version we are deploying matches the remote
+#
+# These environment variables are available:
+# KAMAL_RECORDED_AT
+# KAMAL_PERFORMER
+# KAMAL_VERSION
+# KAMAL_HOSTS
+# KAMAL_ROLE (if set)
+# KAMAL_DESTINATION (if set)
+
+if [ -n "$(git status --porcelain)" ]; then
+  echo "Git checkout is not clean, aborting..." >&2
+  git status --porcelain >&2
+  exit 1
+fi
+
+first_remote=$(git remote)
+
+if [ -z "$first_remote" ]; then
+  echo "No git remote set, aborting..." >&2
+  exit 1
+fi
+
+current_branch=$(git branch --show-current)
+
+if [ -z "$current_branch" ]; then
+  echo "Not on a git branch, aborting..." >&2
+  exit 1
+fi
+
+remote_head=$(git ls-remote $first_remote --tags $current_branch | cut -f1)
+
+if [ -z "$remote_head" ]; then
+  echo "Branch not pushed to remote, aborting..." >&2
+  exit 1
+fi
+
+if [ "$KAMAL_VERSION" != "$remote_head" ]; then
+  echo "Version ($KAMAL_VERSION) does not match remote HEAD ($remote_head), aborting..." >&2
+  exit 1
+fi
+
+exit 0

.kamal/hooks/pre-connect.sample

@@ -0,0 +1,47 @@
+#!/usr/bin/env ruby
+
+# A sample pre-connect check
+#
+# Warms DNS before connecting to hosts in parallel
+#
+# These environment variables are available:
+# KAMAL_RECORDED_AT
+# KAMAL_PERFORMER
+# KAMAL_VERSION
+# KAMAL_HOSTS
+# KAMAL_ROLE (if set)
+# KAMAL_DESTINATION (if set)
+# KAMAL_RUNTIME
+
+hosts = ENV["KAMAL_HOSTS"].split(",")
+results = nil
+max = 3
+
+elapsed = Benchmark.realtime do
+  results = hosts.map do |host|
+    Thread.new do
+      tries = 1
+
+      begin
+        Socket.getaddrinfo(host, 0, Socket::AF_UNSPEC, Socket::SOCK_STREAM, nil, Socket::AI_CANONNAME)
+      rescue SocketError
+        if tries < max
+          puts "Retrying DNS warmup: #{host}"
+          tries += 1
+          sleep rand
+          retry
+        else
+          puts "DNS warmup failed: #{host}"
+          host
+        end
+      end
+
+      tries
+    end
+  end.map(&:value)
+end
+
+retries = results.sum - hosts.size
+nopes = results.count { |r| r == max }
+
+puts "Prewarmed %d DNS lookups in %.2f sec: %d retries, %d failures" % [ hosts.size, elapsed, retries, nopes ]

.kamal/hooks/pre-deploy.sample

@@ -0,0 +1,109 @@
+#!/usr/bin/env ruby
+
+# A sample pre-deploy hook
+#
+# Checks the Github status of the build, waiting for a pending build to complete for up to 720 seconds.
+#
+# Fails unless the combined status is "success"
+#
+# These environment variables are available:
+# KAMAL_RECORDED_AT
+# KAMAL_PERFORMER
+# KAMAL_VERSION
+# KAMAL_HOSTS
+# KAMAL_COMMAND
+# KAMAL_SUBCOMMAND
+# KAMAL_ROLE (if set)
+# KAMAL_DESTINATION (if set)
+
+# Only check the build status for production deployments
+if ENV["KAMAL_COMMAND"] == "rollback" || ENV["KAMAL_DESTINATION"] != "production"
+  exit 0
+end
+
+require "bundler/inline"
+
+# true = install gems so this is fast on repeat invocations
+gemfile(true, quiet: true) do
+  source "https://rubygems.org"
+
+  gem "octokit"
+  gem "faraday-retry"
+end
+
+MAX_ATTEMPTS = 72
+ATTEMPTS_GAP = 10
+
+def exit_with_error(message)
+  $stderr.puts message
+  exit 1
+end
+
+class GithubStatusChecks
+  attr_reader :remote_url, :git_sha, :github_client, :combined_status
+
+  def initialize
+    @remote_url = `git config --get remote.origin.url`.strip.delete_prefix("https://github.com/")
+    @git_sha = `git rev-parse HEAD`.strip
+    @github_client = Octokit::Client.new(access_token: ENV["GITHUB_TOKEN"])
+    refresh!
+  end
+
+  def refresh!
+    @combined_status = github_client.combined_status(remote_url, git_sha)
+  end
+
+  def state
+    combined_status[:state]
+  end
+
+  def first_status_url
+    first_status = combined_status[:statuses].find { |status| status[:state] == state }
+    first_status && first_status[:target_url]
+  end
+
+  def complete_count
+    combined_status[:statuses].count { |status| status[:state] != "pending"}
+  end
+
+  def total_count
+    combined_status[:statuses].count
+  end
+
+  def current_status
+    if total_count > 0
+      "Completed #{complete_count}/#{total_count} checks, see #{first_status_url} ..."
+    else
+      "Build not started..."
+    end
+  end
+end
+
+
+$stdout.sync = true
+
+puts "Checking build status..."
+attempts = 0
+checks = GithubStatusChecks.new
+
+begin
+  loop do
+    case checks.state
+    when "success"
+      puts "Checks passed, see #{checks.first_status_url}"
+      exit 0
+    when "failure"
+      exit_with_error "Checks failed, see #{checks.first_status_url}"
+    when "pending"
+      attempts += 1
+    end
+
+    exit_with_error "Checks are still pending, gave up after #{MAX_ATTEMPTS * ATTEMPTS_GAP} seconds" if attempts == MAX_ATTEMPTS
+
+    puts checks.current_status
+    sleep(ATTEMPTS_GAP)
+    checks.refresh!
+  end
+rescue Octokit::NotFound
+  exit_with_error "Build status could not be found"
+end

.kamal/hooks/pre-traefik-reboot.sample

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "Rebooting Traefik on $KAMAL_HOSTS..."

Dockerfile

@@ -13,16 +13,18 @@ ENV RAILS_ENV="production" \
     BUNDLE_PATH="/usr/local/bundle" \
     BUNDLE_WITHOUT="development"
 
+RUN apt-get update -qq && \
+    apt-get install --no-install-recommends -y libvips libpq-dev
 
 # Throw-away build stage to reduce size of final image
 FROM base as build
 
 # Install packages needed to build gems
 RUN apt-get update -qq && \
-    apt-get install --no-install-recommends -y build-essential git libvips pkg-config
+    apt-get install --no-install-recommends -y build-essential git pkg-config
 
 # Install application gems
-COPY Gemfile Gemfile.lock ./
+COPY Gemfile Gemfile.lock .ruby-version ./
 RUN bundle install && \
     rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git && \
     bundle exec bootsnap precompile --gemfile

Gemfile

@@ -24,6 +24,7 @@ gem "active_storage_validations"
 
 group :development, :test do
   gem "debug", platforms: %i[ mri windows ]
+  gem "dotenv"
 end
 
 group :development do

Gemfile.lock

@@ -107,6 +107,7 @@ GEM
     debug (1.9.2)
       irb (~> 1.10)
       reline (>= 0.3.8)
+    dotenv (3.1.2)
     drb (2.2.1)
     erubi (1.12.0)
     et-orbi (1.2.11)
@@ -330,6 +331,7 @@ DEPENDENCIES
   bootsnap
   capybara
   debug
+  dotenv
   image_processing (~> 1.2)
   importmap-rails
   jbuilder

app/assets/stylesheets/fonts.css

@@ -0,0 +1,3 @@
+body {
+  font-family: Roboto, sans-serif;
+}

app/controllers/sessions_controller.rb

@@ -11,10 +11,13 @@ class SessionsController < ApplicationController
       username: params[:username],
       password: params[:password],
     )
-    if Current.user
+    if Current.user && Current.user.verified?
       session[:user_id] = Current.user.id
       flash[:notice] = t(".success", name: Current.user.first_name)
       redirect_to :root
+    elsif !Current.user.verified?
+      flash[:alert] = t(".not_verified")
+      render :new, status: :unprocessable_entity
     else
       flash[:alert] = t(".error")
       render :new, status: :unprocessable_entity

app/controllers/users_controller.rb

@@ -6,10 +6,14 @@ class UsersController < ApplicationController
   before_action :ensure_self, only: [ :edit, :update ]
 
   def new
+    redirect_to :root and return unless ActiveModel::Type::Boolean.new.cast(ENV.fetch("ENABLE_SIGNUP") { false })
+
     @user = User.new
   end
 
   def create
+    redirect_to :root and return unless ActiveModel::Type::Boolean.new.cast(ENV.fetch("ENABLE_SIGNUP") { false })
+
     @user = User.new(new_user_params)
     if @user.save
       token = @user.generate_token_for(:email_verification)

app/mailers/application_mailer.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
 class ApplicationMailer < ActionMailer::Base
-  default from: "from@example.com"
+  default from: "hello@ttcompanion.com"
   layout "mailer"
 end

app/models/character_sheet_feature.rb

@@ -40,7 +40,7 @@ class CharacterSheetFeature < ApplicationRecord
       return if order_index.present?
 
       if character_sheet_section.character_sheet_features.any?
-        self.order_index = character_sheet_section.character_sheet_features.order_index(:order_index).last.order_index + 1
+        self.order_index = character_sheet_section.character_sheet_features.order(:order_index).last.order_index + 1
       else
         self.order_index = 1
       end

app/views/layouts/application.html.erb

@@ -28,7 +28,9 @@
             <% end %>
           <% else %>
             <li><%= link_to t("log_in"), login_path %></li>
-            <li><%= link_to t("sign_up"), new_user_path %></li>
+            <% if ActiveModel::Type::Boolean.new.cast(ENV.fetch("ENABLE_SIGNUP") { false } ) %>
+              <li><%= link_to t("sign_up"), new_user_path %></li>
+            <% end %>
           <% end %>
         </ul>
       </nav>

config/credentials.yml.enc

@@ -1 +1 @@
-EI74C8uxmka2Mejn5kTdq8qxetc8d8SJd4w+VNKkQdMUa6NgzZnz6Tf7RJZaQnUUtHPfVtFiltrkPcIiOzY1a5meO1TeydtWl+5ij2vpKFDP9tpcmVswhWJYvkuf6LRh/L8Yy1HeMBh5zM94JVc+s2X6aqfMjd19ORJEenyR4C6VogSUMWOOs+C9f9+8z+O3hptwfRlj6AwM5k5sn6PEKaUVUrnXa7TRLvVnK5Sm7s2WXTrTI6I3n+CaGp2iNRUf2Y3w34YE3QydWJ4YsmoFByMQIqkUtmasBuGYGX7CG4umd2/uUD/HJNnB/BriwsqbSV8QM4ErVO+8pSzKu7RJGH2SVZdYiz8WeVvoKHXPJ8cwVrW4Q45beYtUFMCPiYkUl4oZbzx1h94k0+AM4rRf6OCut9BW--3rZrEMdP2rRRfpnL--GFSUvgc2V69L+ERe1xIkiQ==
+xJrXZdCJWgTrxv8EZWehw4DFUnkkf1coQjXgio0p6rxvubZ2Wm/vPd9n1cpoHQTRoZ4ZrqyT2Py1EKcc7niantVlgI+C9vBuZeU+Ygv6ZgbysQi4YmvCPsc+bPXDaE9PocyzgUA7n/1G12AfqtBSbX8GebXJU8//F9YQrqllCxJz1srtpYE28nT2kz5tngJyKWYSA8uyOMqquL8JYgrQgu9C3lCC1gCnYhFbseYVRFC5C/eaL+oi5kbI9Zu2iQ36+o26TiDGe2Csb1ykiwBwA9Cd8Wg1D3t3iVLbMHabJomUNRY5B55vE1y9uVA8SWk3Qdp+iiW/IONFKTmjZICimN8xs2ucQPkFma3LxmQyU7jXd6l7mP2Lw0Ss+wS5FJz1N+fCSkOur6wWkLhPDfllULutg/KtafaveKs4JELkIsTp7hxXrcWG8nFxFYDLa6ZB75YmKW1hVKK9oEflUCvLsmC/D6gZuAUuhwvMkC41Fnpm/XWb+psEt4lZW2iWDXL39YtJGH5x7R7ZXsnBMHtBqOT0TxUPKmygbyJjSy+Up6wLKUl7tvBMIdfXxxmD9golHERxkd1ohtzgBv8=--/1t7r22sKt8YaALp--Afle+IqS5PjqmocwReZmKQ==

config/database.yml

@@ -3,18 +3,20 @@ default: &default
   encoding: unicode
   pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
   timeout: 5000
-  host: localhost
+  host: <%= ENV.fetch("DB_HOST") { "localhost" } %>
   username: <%= ENV.fetch("POSTGRES_USER") { "postgres" } %>
-  password: <%= ENV.fetch("POSTGRES_PASSWORD") { "postgres" } %>
 
 development:
   <<: *default
   database: tabletop_companion_development
+  password: postgres
 
 test:
   <<: *default
   database: tabletop_companion_test
+  password: postgres
 
 production:
   <<: *default
   database: tabletop_companion_production
+  password: <%= ENV.fetch("POSTGRES_PASSWORD") { "postgres" } %>

config/deploy.yml

@@ -0,0 +1,73 @@
+service: ttcompanion
+
+image: tsvallender/ttcompanion
+
+traefik:
+  options:
+    publish:
+      - "443:443"
+    volume:
+      - "/letsencrypt/acme.json:/letsencrypt/acme.json" # To save the configuration file.
+    network: kamal
+  args:
+    entryPoints.web.address: ":80"
+    entryPoints.websecure.address: ":443"
+    entryPoints.web.http.redirections.entryPoint.to: websecure # We want to force https
+    entryPoints.web.http.redirections.entryPoint.scheme: https
+    entryPoints.web.http.redirections.entrypoint.permanent: true
+    certificatesResolvers.letsencrypt.acme.email: "trevor@ttcompanion.com"
+    certificatesResolvers.letsencrypt.acme.storage: "/letsencrypt/acme.json"
+    certificatesResolvers.letsencrypt.acme.httpchallenge: true
+    certificatesResolvers.letsencrypt.acme.httpchallenge.entrypoint: web #
+
+servers:
+  web:
+    hosts:
+      - ttcompanion.com
+    labels:
+      traefik.http.routers.ttcompanion.entrypoints: websecure
+      traefik.http.routers.ttcompanion.rule: Host(`ttcompanion.com`)
+      traefik.http.routers.ttcompanion.tls.certresolver: letsencrypt
+    options:
+      network: kamal
+
+volumes:
+  - /srv/ttcompanion/storage:/rails/storage
+
+registry:
+  username: tsvallender
+  password:
+    - KAMAL_REGISTRY_PASSWORD
+
+env:
+  clear:
+    APPLICATION_HOST: ttcompanion.com
+    DB_HOST: ttcompanion-postgres
+    ENABLE_SIGNUP: false
+    RAILS_LOG_TO_STDOUT: true
+    RAILS_SERVE_STATIC_FILES: true
+  secret:
+    - RAILS_MASTER_KEY
+    - POSTGRES_PASSWORD
+
+builder:
+  multiarch: false
+
+accessories:
+  postgres:
+    image: postgres:16
+    host: ttcompanion.com
+    env:
+      clear:
+        POSTGRES_USER: postgres
+      secret:
+        - POSTGRES_PASSWORD
+    directories:
+      - /srv/ttcompanion/data:/var/lib/postgresql/data
+    options:
+      network: kamal
+
+healthcheck:
+  log_lines: 1000
+
+asset_path: /rails/public/assets

config/environments/production.rb

@@ -74,6 +74,14 @@ Rails.application.configure do
   # config.active_job.queue_name_prefix = "forg_production"
 
   config.action_mailer.perform_caching = false
+  config.action_mailer.delivery_method = :smtp
+  config.action_mailer.smtp_settings = {
+    address: "smtp.eu.mailgun.org",
+    port: 587,
+    domain: "ttcompanion.com",
+    user_name: "postmaster@mail.ttcompanion.com",
+    password: Rails.application.credentials.dig(:mailgun, :password),
+  }
 
   # Ignore bad email addresses and do not raise email delivery errors.
   # Set this to true and configure the email server for immediate delivery to raise delivery errors.
@@ -90,10 +98,11 @@ Rails.application.configure do
   config.active_record.dump_schema_after_migration = false
 
   # Enable DNS rebinding protection and other `Host` header attacks.
-  # config.hosts = [
-  #   "example.com",     # Allow requests from example.com
-  #   /.*\.example\.com/ # Allow requests from subdomains like `www.example.com`
-  # ]
+  config.hosts = [
+    "localhost",
+    "ttcompanion.com",
+    /.*\.ttcompanion\.com/,
+  ]
   # Skip DNS rebinding protection for the default health check endpoint.
   # config.host_authorization = { exclude: ->(request) { request.path == "/up" } }
 end

config/locales/en.yml

@@ -137,6 +137,7 @@ en:
     create:
       success: "Hello, %{name}!"
       error: "Could not sign in. Please check your username and password."
+      not_verified: Please check your email to verify your account and log in.
     new:
       log_in: Log in
       forgot_password: Forgotten your password?

test/system/sessions_test.rb

@@ -14,4 +14,13 @@ class SignUpsTest < ApplicationSystemTestCase
     click_on I18n.t("sessions.destroy.log_out")
     assert_text I18n.t("sessions.destroy.success")
   end
+
+  test "unverified users cannot log in" do
+    visit new_session_url
+    fill_in attr_name(User, :username), with: users(:unverified).username
+    fill_in attr_name(User, :password), with: "password"
+    click_button I18n.t("sessions.new.log_in")
+
+    assert_text I18n.t("sessions.create.not_verified")
+  end
 end

todo.md

@@ -1,3 +1,5 @@
+- set up email in prod
+- request invite
 - don't move down/up top/bottom features
 - auto save text fields
   - indicate save status on titlebar