42 Improve Token Security & Extend wac.install

.formatter.exs

@@ -2,5 +2,5 @@
 [
   plugins: [Phoenix.LiveView.HTMLFormatter],
   import_deps: [:ecto, :phoenix, :phoenix_live_view],
-  inputs: ["*.{heex,ex,exs}", "{config,lib,test}/**/*.{heex,ex,exs}"]
+  inputs: ["*.{heex,ex,exs}", "{config,lib,templates,test}/**/*.{heex,ex,exs}"]
 ]

.github/workflows/elixir.yml

@@ -33,15 +33,18 @@ jobs:
         with:
           path: deps
           key: ${{ runner.os }}-${{ matrix.elixir }}-mix-${{ hashFiles('**/mix.lock') }}
-          restore-keys: ${{ runner.os }}-${{ matrix.elixir }}-mix-
+          restore-keys: |
+            ${{ runner.os }}-${{ matrix.elixir }}-mix-${{ hashFiles('**/mix.lock') }}
+            ${{ runner.os }}-${{ matrix.elixir }}-mix-
+            ${{ runner.os }}-
 
       - name: Install dependencies
         run: mix deps.get
 
       - name: Compilation Cache
         uses: actions/cache@v3
         with:
-          path: _build/test
+          path: _build
           key: ${{ runner.os }}-${{ matrix.elixir }}-compiled-${{ hashfiles('./mix.lock') }}
           restore-keys: |
             ${{ runner.os }}-${{ matrix.elixir }}-compiled-${{ hashfiles('./mix.lock') }}

.gitignore

@@ -1,3 +1,6 @@
+# MacOS index files
+.DS_Store
+
 # The directory Mix will write compiled artifacts to.
 /_build/
 /.elixir_ls

lib/mix/tasks/wac.install.ex

@@ -1,20 +1,61 @@
 defmodule Mix.Tasks.Wac.Install do
   @moduledoc """
   Generates schemas, migrations, and contexts for users with WebauthnComponents as the primary authentication mechanism.
-  """
-  @shortdoc "Generates a user schema."
 
+  ## Options
+
+  By default, contexts, schemas, tests, and web modules are generated or modified by `wac.install`. You may opt out of one or more generators with the following options:
+
+  - `--no-contexts`: Do not generate context modules.
+  - `--no-schemas`: Do not generate schema & migration modules.
+  - `--no-tests`: Do not generate test modules & scripts.
+  - `--no-web`: Do not generate the authentication LiveView, the session controller, or session hooks.
+  - `--no-router`: Do not modify the router.
+
+  ## Templates
+
+  Within the [`webauthn_components`](https://github.com/liveshowy/webauthn_components) repo, the following templates are used by `wac.install` to scaffold the modules needed to support Passkeys in a LiveView application:
+
+  #{for dir <- File.ls!("templates") |> Enum.sort(),
+  file <- Path.join(["templates", dir]) |> File.ls!() |> Enum.sort() do
+    "\n- `templates/#{dir}/#{file}`"
+  end}
+  """
   use Mix.Task
   alias Wac.Gen.Contexts
+  alias Wac.Gen.Controllers
   alias Wac.Gen.Schemas
+  alias Wac.Gen.LiveViews
+  alias Wac.Gen.SessionHooks
   alias Wac.Gen.Migrations
+  alias Wac.Gen.Router
   alias Wac.Gen.Tests
   alias Wac.Gen.Fixtures
+  alias Wac.Gen.Javascript
+  alias Wac.Gen.Components
+  alias Wac.Gen.AppHtml
+  alias Wac.Gen.Misc
 
   @version Mix.Project.config()[:version]
+  @shortdoc "Generates a user schema."
 
   @mix_task "wac.install"
-  @switches []
+  @switches [
+    contexts: :boolean,
+    schemas: :boolean,
+    tests: :boolean,
+    web: :boolean,
+    router: :boolean
+  ]
+  @default_opts [
+    contexts: true,
+    schemas: true,
+    tests: true,
+    web: true,
+    router: true
+  ]
+
+  @requirements ["app.start"]
 
   @impl Mix.Task
   def run([version]) when version in ~w(-v --version) do
@@ -31,20 +72,63 @@ defmodule Mix.Tasks.Wac.Install do
     end
 
     case OptionParser.parse(args, strict: @switches) do
-      {_parsed, _args, []} ->
+      {flags, _args, []} ->
+        opts = Keyword.merge(@default_opts, flags)
         dirname = File.cwd!() |> Path.basename()
         dirname_camelized = Macro.camelize(dirname)
+        web_dirname = dirname <> "_web"
+        web_dirname_camelized = Macro.camelize(web_dirname)
 
         assigns = [
           app_snake_case: dirname,
-          app_pascal_case: Module.concat([dirname_camelized])
+          app_pascal_case: Module.concat([dirname_camelized]),
+          web_snake_case: web_dirname,
+          web_pascal_case: Module.concat([web_dirname_camelized])
         ]
 
-        Schemas.copy_templates(assigns)
-        Migrations.copy_templates(assigns)
-        Contexts.copy_templates(assigns)
-        Tests.copy_templates(assigns)
-        Fixtures.copy_templates(assigns)
+        if opts[:contexts] do
+          Contexts.copy_templates(assigns)
+          Misc.copy_templates(assigns)
+        end
+
+        if opts[:schemas] do
+          Schemas.copy_templates(assigns)
+          Migrations.copy_templates(assigns)
+        end
+
+        if opts[:tests] do
+          Tests.copy_templates(assigns)
+          Fixtures.copy_templates(assigns)
+        end
+
+        if opts[:web] do
+          Controllers.copy_templates(assigns)
+          LiveViews.copy_templates(assigns)
+          AppHtml.update_app_html(assigns)
+          AppHtml.update_page_html(assigns)
+          SessionHooks.copy_templates(assigns)
+          Components.copy_templates(assigns)
+
+          Javascript.inject_hooks()
+        end
+
+        if opts[:router] do
+          Router.update_router(assigns)
+        end
+
+        success_message =
+          """
+
+          ✅ Successfully scaffolded WebauthnComponents for #{inspect(assigns[:app_pascal_case])}
+
+          📚 Resources
+
+          - Repo:\thttps://github.com/liveshowy/webauthn_components
+          - Hex:\thttps://hex.pm/packages/webauthn_components
+          - Docs:\thttps://hexdocs.pm/webauthn_components/readme.html
+          """
+
+        IO.puts(success_message)
 
       {_parsed, _args, errors} ->
         invalid_opts =

lib/wac_gen/app_html.ex

@@ -0,0 +1,49 @@
+defmodule Wac.Gen.AppHtml do
+  @moduledoc false
+
+  @header_regex ~r/\<header.*\<\/header\>/mis
+
+  def update_app_html(assigns) do
+    web_snake_case = Keyword.fetch!(assigns, :web_snake_case)
+    file_path = Path.join(["lib", web_snake_case, "components", "layouts", "app.html.heex"])
+
+    modified_file_contents =
+      file_path
+      |> File.read!()
+      |> String.replace(@header_regex, navbar_component(assigns))
+
+    File.write!(file_path, modified_file_contents)
+  end
+
+  defp navbar_component(assigns) do
+    web_pascal_case = Keyword.fetch!(assigns, :web_pascal_case)
+
+    """
+    <#{inspect(web_pascal_case)}.NavigationComponents.navbar current_user={@current_user} />
+    """
+  end
+
+  @flash_string "<.flash_group flash={@flash} />"
+
+  def update_page_html(assigns) do
+    web_snake_case = Keyword.fetch!(assigns, :web_snake_case)
+    file_path = Path.join(["lib", web_snake_case, "controllers", "page_html", "home.html.heex"])
+    home_link = home_link(assigns)
+    injected_string = "#{@flash_string}\n#{home_link}"
+
+    modified_file_contents =
+      file_path
+      |> File.read!()
+      |> String.replace(@flash_string, injected_string)
+
+    File.write!(file_path, modified_file_contents)
+  end
+
+  defp home_link(assigns) do
+    web_pascal_case = Keyword.fetch!(assigns, :web_pascal_case)
+
+    """
+    <#{inspect(web_pascal_case)}.NavigationComponents.navbar current_user={@current_user} />
+    """
+  end
+end

lib/wac_gen/components.ex

@@ -0,0 +1,52 @@
+defmodule Wac.Gen.Components do
+  @moduledoc false
+
+  @template_path "../../templates/components"
+
+  @template_files %{
+    navigation_components: "navigation_components.ex",
+    navbar: "navigation/navbar.html.heex",
+    nav_link: "navigation/nav_link.html.heex"
+  }
+
+  @templates Map.keys(@template_files)
+
+  def copy_templates(assigns) do
+    for template <- @templates, do: copy_template(template, assigns)
+
+    update_flash_component(assigns)
+  end
+
+  def copy_template(template, assigns) when template in @templates and is_list(assigns) do
+    web_snake_case = Keyword.fetch!(assigns, :web_snake_case)
+    file_name = @template_files[template]
+    template_dir = Path.expand(@template_path, __DIR__)
+    source = Path.join([template_dir, file_name])
+    target = Path.join(["lib", web_snake_case, "components", file_name])
+
+    if String.contains?(file_name, ".heex") do
+      Mix.Generator.copy_file(source, target)
+    else
+      Mix.Generator.copy_template(source, target, assigns)
+      Code.format_file!(target)
+    end
+  end
+
+  def update_flash_component(assigns) do
+    # This could use `Sourceror.Zipper`, but the AST for the component
+    # and its `~H` would still require string replacement.
+    # If the core components are revised or redesigned, this would fail silently.
+
+    web_snake_case = Keyword.fetch!(assigns, :web_snake_case)
+    search_string = "fixed top-2 right-2 w-80"
+    replacement_string = "fixed top-14 right-2 w-80"
+    file_path = Path.join(["lib", web_snake_case, "components", "core_components.ex"])
+
+    updated_content =
+      file_path
+      |> File.read!()
+      |> String.replace(search_string, replacement_string)
+
+    File.write!(file_path, updated_content)
+  end
+end