Work In Progress Chitter app

Gemfile

@@ -11,3 +11,15 @@ end
 group :development, :test do
   gem 'rubocop', '1.20'
 end
+
+gem "pg", "~> 1.4"
+
+gem "sinatra", "~> 3.0"
+
+gem "sinatra-contrib", "~> 3.0"
+gem "webrick", "~> 1.8"
+gem "rack-test", "~> 2.1"
+
+gem "bcrypt", "~> 3.1"
+
+gem "pony", "~> 1.13"

Gemfile.lock

@@ -3,11 +3,39 @@ GEM
   specs:
     ansi (1.5.0)
     ast (2.4.2)
+    bcrypt (3.1.18)
+    date (3.3.3)
     diff-lcs (1.4.4)
     docile (1.4.0)
+    mail (2.8.1)
+      mini_mime (>= 0.1.1)
+      net-imap
+      net-pop
+      net-smtp
+    mini_mime (1.1.2)
+    multi_json (1.15.0)
+    mustermann (3.0.0)
+      ruby2_keywords (~> 0.0.1)
+    net-imap (0.3.4)
+      date
+      net-protocol
+    net-pop (0.1.2)
+      net-protocol
+    net-protocol (0.2.1)
+      timeout
+    net-smtp (0.3.3)
+      net-protocol
     parallel (1.20.1)
     parser (3.0.2.0)
       ast (~> 2.4.1)
+    pg (1.4.6)
+    pony (1.13.1)
+      mail (>= 2.0)
+    rack (2.2.6.4)
+    rack-protection (3.0.5)
+      rack
+    rack-test (2.1.0)
+      rack (>= 1.3)
     rainbow (3.0.0)
     regexp_parser (2.1.1)
     rexml (3.2.5)
@@ -36,6 +64,7 @@ GEM
     rubocop-ast (1.11.0)
       parser (>= 3.0.1.1)
     ruby-progressbar (1.11.0)
+    ruby2_keywords (0.0.5)
     simplecov (0.21.2)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
@@ -46,18 +75,39 @@ GEM
       terminal-table
     simplecov-html (0.12.3)
     simplecov_json_formatter (0.1.3)
+    sinatra (3.0.5)
+      mustermann (~> 3.0)
+      rack (~> 2.2, >= 2.2.4)
+      rack-protection (= 3.0.5)
+      tilt (~> 2.0)
+    sinatra-contrib (3.0.5)
+      multi_json
+      mustermann (~> 3.0)
+      rack-protection (= 3.0.5)
+      sinatra (= 3.0.5)
+      tilt (~> 2.0)
     terminal-table (3.0.1)
       unicode-display_width (>= 1.1.1, < 3)
+    tilt (2.1.0)
+    timeout (0.3.2)
     unicode-display_width (2.0.0)
+    webrick (1.8.1)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
+  bcrypt (~> 3.1)
+  pg (~> 1.4)
+  pony (~> 1.13)
+  rack-test (~> 2.1)
   rspec
   rubocop (= 1.20)
   simplecov
   simplecov-console
+  sinatra (~> 3.0)
+  sinatra-contrib (~> 3.0)
+  webrick (~> 1.8)
 
 RUBY VERSION
    ruby 3.0.2p107

README.md

@@ -1,20 +1,15 @@
 Chitter Challenge
 =================
 
-* Feel free to use Google, your notes, books, etc. but work on your own
-* If you refer to the solution of another coach or student, please put a link to that in your README
-* If you have a partial solution, **still check in a partial solution**
-* You must submit a pull request to this repo with your code by 10am Monday morning
+* This project is the culmination of Makers Academy's 'Web Applications' module (in Ruby)
+* The application is built with the Sinatra web framework, rendering view files using ERB
+* The application uses a PostgresSQL database for the backend
+* The database connection is established in `lib/database_connection.rb` using the `pg` gem
+* Seed data for tests is included in `spec/seeds.sql`
 
-Challenge:
--------
-
-As usual please start by forking this repo.
-
-We are going to write a small Twitter clone that will allow the users to post messages to a public stream.
-
-Features:
+The Brief:
 -------
+We were tasked with writing a small Twitter clone that will allow the users to post messages to a public stream, and given the following user stories as our brief:
 
 ```
 STRAIGHT UP
@@ -52,72 +47,61 @@ So that I can stay constantly tapped in to the shouty box of Chitter
 I want to receive an email if I am tagged in a Peep
 ```
 
-Technical Approach:
------
-
-In the last two weeks, you integrated a database using the `pg` gem and Repository classes. You also implemented small web applications using Sinatra, RSpec, HTML and ERB views to make dynamic webpages. You can continue to use this approach when building Chitter Challenge.
-
-You can refer to the [guidance on Modelling and Planning a web application](https://github.com/makersacademy/web-applications/blob/main/pills/modelling_and_planning_web_application.md), to help you in planning the different web pages you will need to implement this challenge. If you'd like to deploy your app to Heroku so other people can use it, [you can follow this guidance](https://github.com/makersacademy/web-applications/blob/main/html_challenges/07_deploying.md).
-
-If you'd like more technical challenge now, try using an [Object Relational Mapper](https://en.wikipedia.org/wiki/Object-relational_mapping) as the database interface, instead of implementing your own Repository classes.
-
-Some useful resources:
-**Ruby Object Mapper**
-- [ROM](https://rom-rb.org/)
-
-**ActiveRecord**
-- [ActiveRecord ORM](https://guides.rubyonrails.org/active_record_basics.html)
-- [Sinatra & ActiveRecord setup](https://learn.co/lessons/sinatra-activerecord-setup)
-
-Notes on functionality:
-------
+We were given the following notes on functionality:
 
 * You don't have to be logged in to see the peeps.
 * Makers sign up to chitter with their email, password, name and a username (e.g. [email protected], password123, Sam Morgan, sjmog).
 * The username and email are unique.
 * Peeps (posts to chitter) have the name of the maker and their user handle.
-* Your README should indicate the technologies used, and give instructions on how to install and run the tests.
 
-Bonus:
------
+Getting Started
+----------------------
+
+`git clone https://github.com/tomcarmichael/chitter-challenge.git`
+
+Install dependencies:
 
-If you have time you can implement the following:
+`bundle install`
 
-* In order to start a conversation as a maker I want to reply to a peep from another maker.
+Create the postgreSQL database by executing the [seed SQL file](./chitter.sql).
 
-And/Or:
+Ensure that your postgres server is accessable at the IP address 127.0.0.1.
 
-* Work on the CSS to make it look good.
+Start the development server:
 
-Good luck and let the chitter begin!
+`rackup`
 
-Code Review
------------
+Access the website in your browser at [localhost:9292](http://localhost:9292/).
 
-In code review we'll be hoping to see:
+You should see a homepage empty of content, since there are not yet any posted 'cheeps' (see what I did there?)
 
-* All tests passing
-* High [Test coverage](https://github.com/makersacademy/course/blob/main/pills/test_coverage.md) (>95% is good)
-* The code is elegant: every class has a clear responsibility, methods are short etc.
+Follow the link to register as a user, you will then be prompted to redirect to login.
 
-Reviewers will potentially be using this [code review rubric](docs/review.md).  Referring to this rubric in advance may make the challenge somewhat easier.  You should be the judge of how much challenge you want at this moment.
+After login, you will be redirected to the home page where you can post a new cheep. Cheeps posted by all users will appear here in reverse chronological order.
 
-Notes on test coverage
+If another user's username is included in the cheep prefixed with `@`, the application will detect this as a tagged user, and store a record in the database that the given user was tagged in the given cheep.
+
+Running the tests:
 ----------------------
 
-Please ensure you have the following **AT THE TOP** of your spec_helper.rb in order to have test coverage stats generated
-on your pull request:
+`rspec`
 
-```ruby
-require 'simplecov'
-require 'simplecov-console'
+All tests should pass with a total code coverage of 98.60%
 
-SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new([
-  SimpleCov::Formatter::Console,
-  # Want a nice code coverage website? Uncomment this next line!
-  # SimpleCov::Formatter::HTMLFormatter
-])
-SimpleCov.start
-```
+A  TDD process was employed throughout developing this application. I tried to work with the 'testing pyramid' in mind - starting with a user experience based integration test, and then writing and passing additional, more granular unit tests that led to the integration test finally passing.
+
+Design and Architecture:
+----------------------
 
-You can see your test coverage when you run your tests. If you want this in a graphical form, uncomment the `HTMLFormatter` line and see what happens!
+* This application follows a model, view, controller design pattern.
+* In the directory [./lib](./lib), each table in the DB has a corresponding Ruby class defined with a singular version of the name of the table.
+* Each table has an additional 'TABLENAME_repository' class with methods that allow for CRUD operations on the DB.
+* Route handling occurs in the `Application` class defined in [./app.rb](./app.rb). [./config.ru](./config.ru) executes the code inside of `Application` when `rackup` is run at the command line.
+* The database tables have the following relationships: `users` has a one-to-many relationship to `peeps` (synonymous with 'cheeps' - a further iteration would be to rename these uniformly), users and peeps have a many-to-many relationsip with respect to tags, so these are stored in the `tags` join table.
+* Given the brief, I began the planning process with an intial digram of how the application could be structured:
+  ![initial diagram](./chitter-initial-diagram.png)
+* The [route recipe](./route_recipe.md) and [schema recipe](./schema_recipe) files were created to aid in design.
+* The flow of execution for detecting tags in a cheep and storing these in the DB was conceptualised in this diagram:
+  ![chitter tags diagram](./chitter-tags-diagram.png)
+* Passwords are hashed using the [BCrypt](https://rubygems.org/gems/bcrypt/versions/3.1.12) gem.
+* User input to cheeps is santized with basic measures to defend against cross-site scripting injection. In a real-world application I would consider instead using a dedicated and maintained library to provide a more robust defence here and would consider whether the use of the `pg` gem, and existing architecture, is enough to guard against a SQL injection attack.

app.rb

@@ -0,0 +1,118 @@
+require 'sinatra'
+require 'sinatra/reloader'
+require_relative 'lib/peep_repository'
+require_relative 'lib/tag_repository'
+require_relative 'lib/user'
+require_relative 'lib/user_repository'
+require_relative 'lib/database_connection'
+
+DatabaseConnection.connect
+
+class Application < Sinatra::Base
+  enable :sessions
+
+  configure :development do
+    register Sinatra::Reloader
+    also_reload "lib/peep_repository"
+    also_reload "lib/user_repository"
+  end
+
+  get '/' do
+    @all_peeps = PeepRespository.new.all_with_author
+    return erb(:index)
+  end
+
+  post '/peep' do
+    return invalid_params_response if invalid_request_parameters?
+    message = sanitize_user_input(params[:message])
+    author_id = session[:user_id]
+    timestamp = Time.now.strftime "%Y-%m-%d %H:%M:%S"
+
+    peep_repo = PeepRespository.new
+
+    peep_repo.create(message, timestamp, author_id)
+    peep_id = peep_repo.most_recent_peep_id
+    tag_repo = TagRepository.new
+
+    tagged_users = tag_repo.check_message_for_tags(message)
+    tag_repo.add_tags_by_peep(tagged_users, peep_id) if tagged_users
+
+    return redirect ('/')
+  end
+
+  get '/login' do
+    redirect_if_logged_in
+
+    return erb(:login)
+  end
+
+  post '/login_attempt' do
+    redirect_if_logged_in
+
+    username = params[:username]
+    password = params[:password]
+
+    # Returns a hash
+    login = UserRepository.new.login(params[:username], params[:password])
+
+    if login[:success?]
+      session[:user_id] = login[:user_id]
+      session[:username] = login[:username]
+      return redirect('/')
+    else
+      @failure_reason = login[:failure_reason]
+      status 401
+      return erb(:login_denied)
+    end
+  end
+
+  get '/register' do
+    redirect_if_logged_in
+
+    return erb(:register)
+  end
+
+  post '/submit_register' do
+    return invalid_params_response if invalid_request_parameters?
+
+    @username = params[:username]
+    name = params[:name]
+    email = params[:email]
+    password = params[:password]
+
+    registration = UserRepository.new.register(@username, name, email, password)
+
+    return erb(:registration_success) if registration[:success?]
+
+    @failure_reason = registration[:failure_reason]
+    return erb(:registration_failure)
+  end
+
+  post '/logout' do
+    session[:user_id] = nil
+    session[:username] = nil
+    redirect('/')
+  end
+
+  def redirect_if_logged_in
+    return redirect('/') if session[:user_id]
+  end
+
+  def sanitize_user_input(string)
+    string.gsub!(/\&/, '&amp;')
+    string.gsub!(/\</, '&lt;')
+    string.gsub!(/\>/, '&gt;')
+    string.gsub!(/\"/, '&quot;')
+    string.gsub!(/\'/, '&apos;')
+    return string
+  end
+
+  def invalid_request_parameters?
+    params.any? { |_key, value| value.nil? || value == "" } ? true : false
+  end
+
+  def invalid_params_response
+    status 400
+    return "Invalid form parameters entered, please rety and ensure you fill out all fields."
+  end
+end