Decidim::Cdtb

This is CodiTramuntana's Decidim Toolbelt (cdtb), a gem to help managing Decidim applications.

Install the gem and add to the application's Gemfile by executing:

$ bundle add decidim-cdtb
$ bundle install

Install CI tests on your app with:

$ bin/rails generate cdtb:validate_migrations_ci

Returns information regarding the organizations in a multitenant installation that match a search term ignorecase.

The following will return all the attributes for all organizations that contain the "vila" term in its host name:

bin/rake cdtb:org_by_host_like[vila,true]

With the full argument set to true will return the most relevant attributes:

bin/rake cdtb:org_by_host_like[vila]
>>> Organization [1] Sant Boi de Llobregat:
host: localhost, time_zone: Madrid, locales: ca + [ca, es, oc], available authorizations: [postal_letter, members_picker_authorization_handler]

Anonymize rake task was taken from https://github.com/AjuntamentdeBarcelona/decidim-barcelona

Available rake tasks:

• bin/rake cdtb:anonymize:check allows you to check if you can anonymize production dump
• bin/rake cdtb:anonymize:all anonymizes whole production dump (without proposals)
• bin/rake cdtb:anonymize:users anonymizes users
• bin/rake cdtb:anonymize:proposals anonymizes proposals
• bin/rake cdtb:anonymize:user_groups anonymizes user groups
• bin/rake cdtb:anonymize:system_admins anonymizes system admins
• bin/rake cdtb:anonymize:paper_trail anonymizes paper trails

To migrate from S3 to local storage, the identified steps will be:

1. Download the assets to a temporary directory: aws s3 sync s3://bucket-name tmp/storage/
2. Move the downloaded assets into the local storage directory doing the sharding: bin/rake cdtb:s3_to_local:do_sharding
3. Update all blobs to use the local service bin/rake cdtb:s3_to_local:set_local_service_on_blobs
4. Clean the cache: bin/rake cache:clear
5. Restart the Rails server

Spam and bots are daily menaces in the current Internet. Decidim is not an exception, and is affected by both security concerns and performance.

Decidim is already bundled with Rack::Attack but it lacks some features like IP banning or throttling by forwarded IP (useful when Decidim is behind a proxy). CDTB by default enables Rack::Attack with these features.

Four ENV variables exist to configure its behaviour:

• CDTB_RACK_ATTACK_DISABLED: Set to 1 to disable CDTB's Rack:Attack.
• RACK_ATTACK_THROTTLE_LIMIT: The max. allowed number of requests during the period. Defaults to 30.
• RACK_ATTACK_THROTTLE_PERIOD: The period in seconds. Defaults to 60.
• RACK_ATTACK_BLOCKED_IPS: A comma separated list of blocked IPs or subnets (in the form 1.2.3.0/32).

Available rake tasks to help analize crawlers:

• bin/rake cdtb:logs:num_rq_per_ip Counts the number of requests for each IP in the logs. Accepts a logfile param, it must be in log/.

Detects users susceptible of being spammers. It can run on all organizations or be scoped to a single organization by passing the organization ID as the rake task parameter.

This rake task export a .csv with a list of all the searched users. A column indicates if each user is suspicious of being a spammer or not. The columns in the CSV are: "ID, "Is suspicious?", "Name", "Email", "Nickname", "Personal URL", "About"

Examples:

bin/rake cdtb:spam:users[org_id] --> find users in organization with an id. bin/rake cdtb:spam:users --> find all users in all organizations.

To set custom words in the rake, you can override it with an initalizer:

Decidim::Cdtb.configure do |config|
  config.spam_words = ENV["CDTB_SPAM_WORDS"]&.split(",")
end

Tasks related with users.

In a previous version than Decidim v0.25 a validation to the Decidim::User.nickname was added with a migration to fix existing nicknames. But the migration was only taking into account managed (impersonated) users.

This task iterates (with find_each) over all non managed users and nicknamizes the nickname.

To execute the task run:

bin/rake cdtb:users:fix_nicknames

You can delete users through a CSV with the user ID and a reporter user mailer. The purpose is to be able to eliminate potentially spammy users.

This task reports and hide the user's comments, blocks the user, and finally deletes the user.

The CSV will have a header and one column with the user ID.

To execute the task run:

bundle exec rake cdtb:users:remove[spam_users.csv, reporter_user@example.org]

Upgrades the gems with engines in them. All, Decidim modules and standard Rails engines.

TO-DO To be finished

Validates that migrations from all gems in the Gemfile have already been installed.

bin/rake cdtb:upgrades:validate_migrations

See the Installation chapter to install a GitHub Action on your app that will run this validation on your CI.

TO-DO also check that all migrations have been executed and the schema.rb does not change

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and the created tag, and push the .gem file to rubygems.org.

Node 16.9.1 is required!

Create a dummy app:

bin/rails decidim:generate_external_test_app

And run tests:

bundle exec rspec spec

Bug reports and pull requests are welcome on GitHub at https://github.com/CodiTramuntana/decidim-cdtb. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the code of conduct.

The gem is available as open source under the terms of the MIT License.

Everyone interacting in the Decidim::Cdtb project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.