Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@clickfunnels/refine-stimulus
Advanced tools
Refine is a flexible query builder for your apps. It lets your users filter down to exactly what they're looking for. Completely configured on the backend.
Refer to the installation instructions
Depending on how you import Stimulus Controllers and define application
it may be Stimulus.load(refineControllers)
To confirm the Stimulus controllers are loaded, add window.Stimulus=application
to controllers/index.js
Then in the console inspect the stimulus object:
Stimulus.router.modulesByIdentifier
You should see the refine--....
controllers listed.
Instead of importing the plain index.css
, include the raw tailwind file in your app's tailwind-parsed source css files. Tailwind v3 is required for this.
/* in application.css */
@import '@clickfunnels/refine-stimulus/app/assets/stylesheets/index.tailwind.css';
You may have to restart your server if you encounter the error:
NameError (uninitialized constant ApplicationController::Refine
web |
web | include Refine::FilterApplicationController
If you prefer, you can remove it and define your own apply_filter
.
This is a helper method you can inspect in Hammerstone::FilterApplicationController
. You probably do not want to use this method but want to implement your own. It will return @refine_filter
which is generated from the stable_id. The stable_id
comes in from the params when the form is submitted or the URL is directly changed.
SIDE NOTE for Pagy/Jumpstart
apply_filter(ContactsFilter, initial_query: (Contact.sort_by_params(params[:sort], sort_direction))
@pagy, @contacts = pagy(@refine_filter.get_query)
_criterion.html.erb
) and daterangepicker
A quick way to load them is in the head
section. Also available as an npm package.<link rel="stylesheet" type="text/css" href="https://cdn.jsdelivr.net/npm/daterangepicker/daterangepicker.css" />
<link rel="stylesheet" href="https://unpkg.com/@icon/themify-icons/themify-icons.css">
The query builder component emits javascript events which give you information about the state of the filter. The filter emits the following events:
This event is emitted when user input has resulted in a change to the blueprint. Refine uses this event internally and you can use it in your own code to listen for changes and get the latest state of the form.
event.detail includes the following properties:
This event is emitted when the filter is validating and fetching a new URL-encoded stable ID from the server. This event signals that the current stable_id is out of date. The stable_id should not be used until a filter-stabilized event is emitted.
When the round-trip to the server completes a filter-stabilized event is emitted if the filter is valid. If the filter is not valid a filter-invalid event will be emitted.
event.detail includes the following properties:
This event is emitted when the filter has been automatically URL encoded and completed the server side calls. At this point it is safe to use the stable_id. The stable_id will look something like H4sIAPJsT2IAAzWNwQoDIQxE%252F2XOHrpX....
The stable_id allows the user to copy, share, refresh, or otherwise store the URL, but does not save it to the database. This stabilizer is a great way to allow users to not lose all of their progress without having to save every filter to the database. Note: All filters in the CF repo are automatically URL encode stabilized unless you have explicitly set it differently in your filter class.
event.detail includes the following properties:
This event is emitted when Refine has attempted to refresh the stable_id for the filter but was unable to do so because the user input is not valid.
event.detail includes the following properties:
event.detail includes the following properties storedFilterId: the primary key of the associated record in the refine_stored_filters_table
To force validations, make a POST request to /refine/blueprints with the following JSON payload:
The server will respond with a JSON payload that either includes the URL-encoded stable_id (if valid) or a JSON payload or HTML markup that can be used to rerender the form including validation messages
Example:
const response = await fetch('/refine/blueprints', {
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json',
'X-CSRF-Token': document.querySelector("meta[name='csrf-token']")?.content
},
method: "POST",
body: JSON.stringify({
filter: 'ContactsFilter',
blueprint: JSON.stringify(blueprint),
id_suffix: 'contacts'
})
})
If you need to get a URL-encoded stable_id for a filter without relying on the filter-stabilized event, you can make a PUT request to /refine/update_stable_id with the following JSON payload:
Example:
const response = await fetch(this.updateStableIdUrlValue, {
method: 'PUT',
headers: {
accept: 'application/json',
'content-type': 'application/json',
'X-CSRF-Token': token,
},
body: JSON.stringify({
filter: 'ContactsFilter',
blueprint: JSON.stringify(blueprint),
})
})
If the filter is valid, the server responds 200 OK with the stable_id in the JSON response If the filter is not valid, the server responds 422 Unprocessable Entity with an errors array in the JSON response
By default the list of available stored filters is scoped to the type of the current filter. You can add additional scoping by assigning a Proc to Refine::Rails.configuration.stored_filter_scope
in an initializer.
# config/initializers/refine_rails.rb
Refine::Rails.configuration.stored_filter_scope = ->(scope) { scope.where(workspace_id: current_user.workspace.id) }
Custom scoping Proc's should accept a single argument which is the default scope defined by the gem. It will be executed in the context of the Rails controller so methods like current_user
and params
are available.
You may run into a situation where users can only pick whole days that are being compared to a date column. In this case, the default less than or equal behavior will compare to the current time on the day selected, which may exclude some records the user intended to include. To include the entire selected day in the range, you can set the following in an initializer:
To optionally add the filter's set timezone to the output of human_readable
, use the hook with_human_readable_timezone(true)
on your DateCondition
or DateWithTimeCondition
. This will append (UTC)
or whatever the timezone is to the output.
Refine::Rails.date_lte_uses_eod = true
You can customize sorting behavior for all OptionConditon options in an initializer:
# config/initializers/refine_rails.rb
# always alphabetize option condition lists
Refine::Rails.configuration.option_condition_ordering = ->(options) { options.sort_by { |o| o[:display] } }
Filters can specify which of their conditions will be selected by default when adding new criteria
class UserFilter
self.default_condition_id = "email"
# ...
end
There are a couple different methods developers have used. One is based on yarn link
and the other based on yalc
yarn link
yarn build --watch # leave this running to automatically rebuild when you change a file
yarn link "@clickfunnels/refine-stimulus"
When you're ready to switch back to the published npm package, run:
yarn unlink "@clickfunnels/refine-stimulus"
Note that theoretically, any changes you make to the javascript and css assets should be automatically recompiled by yarn build --watch
and then picked up by your application. In practice automatic recompilation can be unreliable. Here are some things to try if the app isn't picking up your changes:
console.log
to the connect method of a stimulus controlleryarn build --watch
from the gem directorybin/rails assets:clean
from your app's directory and restart serversIf none of the above steps work, try tearing down the package link and setting it up again:
yarn link "@clickfunnels-stimulus"
from your app's directory and shut down all servers.yarn unlink
from the gem directory.From this repo's directory:
We are using yalc
for local package development.
# Add yalc if you don't have it
# From this repo (refine-rails)
yarn global add yalc
# install dependencies
$ yarn
$ yalc publish
From the directory of the project including this package:
yalc link @clickfunnels/refine-stimulus
When you make local updates to the package:
# From this repo (refine-rails)
yarn build
yalc push
Running yarn
again from your project's directory will revert back to the published version of the package on npm.
yarn link
isn't working:bin/webpack-dev-server
berry-refine-demo-clean
delete node modules and re-yarn (just for fun probably not necessary)refine-rails
repo follow all yalc steps below -> you should see this message if successful<<<<<<< HEAD
@hammerstone/refine-stimulus@2.4.2 published in store.
Pushing @hammerstone/refine-stimulus@2.4.2 in [path]
Package @hammerstone/refine-stimulus@2.4.2 linked ==> [path]
=======
@clickfunnels/refine-stimulus@2.4.2 published in store.
Pushing @clickfunnels/refine-stimulus@2.4.2 in /Users/colleenschnettler/Documents/Documents/Developer/Hammerstone/berry-refine-demo-clean
Package @clickfunnels/refine-stimulus@2.4.2 linked ==> /Users/colleenschnettler/Documents/Documents/Developer/Hammerstone/berry-refine-demo-clean/node_modules/@clickfunnels/refine-stimulus
>>>>>>> c30f86b (readme updates)
Add ruby gem
gem "refine-rails"
Installing the JavaScript package:
$ yarn add @clickfunnels/refine-stimulus
In app/javascript/controllers/index.js
add
import { controllerDefinitions as refineControllers } from "@clickfunnels/refine-stimulus"
application.load(refineControllers)
bump patch #(or bump minor, major, etc)
gem build
gem push *.gem
rm *.gem
npm publish
2.11.12
FAQs
Refine is a flexible query builder for your apps. It lets your users filter down to exactly what they're looking for. Completely configured on the backend.
The npm package @clickfunnels/refine-stimulus receives a total of 298 weekly downloads. As such, @clickfunnels/refine-stimulus popularity was classified as not popular.
We found that @clickfunnels/refine-stimulus demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.