Initial commit (history cleared)

2026-04-29 11:21:39 +01:00
commit 298610b5f6
277 changed files with 30877 additions and 0 deletions
@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+require File.expand_path("../boot", __FILE__)
+
+require "rails/all"
+
+# Require the gems listed in Gemfile, including any gems
+# you've limited to :test, :development, or :production.
+Bundler.require(:default, Rails.env)
+
+module Railsgoat
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Custom directories with classes and modules you want to be autoloadable.
+    # config.autoload_paths += %W(#{config.root}/extras)
+
+    # Only load the plugins named here, in the order given (default is alphabetical).
+    # :all can be used as a placeholder for all plugins not explicitly named.
+    # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
+
+    # Activate observers that should always be running.
+    # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rails -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+
+    # Configure the default encoding used in templates for Ruby 1.9.
+    config.encoding = "utf-8"
+
+    # Configure sensitive parameters which will be filtered from the log file.
+    config.filter_parameters += [:password]
+
+    # Enable escaping HTML in JSON.
+    #config.active_support.escape_html_entities_in_json = true
+
+    # Use SQL instead of Active Record's schema dumper when creating the database.
+    # This is necessary if your schema can't be completely dumped by the schema dumper,
+    # like if you have constraints or database-specific column types
+    # config.active_record.schema_format = :sql
+
+    # Enable the asset pipeline
+    config.assets.enabled = true
+
+    # add app/assets/fonts to the asset path
+    config.assets.paths << Rails.root.join("app", "assets", "fonts")
+
+    # Version of your assets, change this if you want to expire all your assets
+    config.assets.version = "1.0"
+
+    I18n.config.enforce_available_locales = false
+
+    config.action_dispatch.return_only_media_type_on_content_type = false
+
+    # Opt in to Rails 8.1 behavior for to_time timezone preservation
+    config.active_support.to_time_preserves_timezone = :zone
+  end
+end
@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+# Set up gems listed in the Gemfile.
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", __FILE__)
+
+require "bundler/setup" if File.exist?(ENV["BUNDLE_GEMFILE"])
@@ -0,0 +1,54 @@
+# SQLite version 3.x
+#   gem install sqlite3
+#
+#   Ensure the SQLite 3 gem is defined in your Gemfile
+#   gem 'sqlite3'
+<% user = ENV.key?("POSTGRESQL_ADMIN_PASSWORD") ? "root" : ENV["POSTGRESQL_USER"] %>
+<% password = ENV.key?("POSTGRESQL_ADMIN_PASSWORD") ? ENV["POSTGRESQL_ADMIN_PASSWORD"] : ENV["POSTGRESQL_PASSWORD"] %>
+<% db_service = ENV.fetch("DATABASE_SERVICE_NAME","").upcase %>
+
+development:
+<% if ENV["DATABASE_URL"] %>
+  url: <%= ENV["DATABASE_URL"] %>
+<% else %>
+  adapter: sqlite3
+  database: db/development.sqlite3
+  pool: 5
+  timeout: 5000
+<% end %>
+
+mysql:
+  adapter: mysql2
+  database: development_railsgoat
+  pool: 5
+  timeout: 5000
+  host: localhost
+  username: root
+  password:
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rails".
+# Do not set this db to the same as development or production.
+test:
+  adapter: sqlite3
+  database: db/test.sqlite3
+  pool: 5
+  timeout: 5000
+
+production:
+  adapter: sqlite3
+  database: db/production.sqlite3
+  pool: 5
+  timeout: 5000
+
+openshift:
+  adapter: postgresql
+  encoding: unicode
+  # For details on connection pooling, see rails configuration guide
+  # http://guides.rubyonrails.org/configuring.html#database-pooling
+  pool: <%= ENV["POSTGRESQL_MAX_CONNECTIONS"] || 5 %>
+  username: <%= user %>
+  password: <%= password %>
+  host: <%= ENV["#{db_service}_SERVICE_HOST"] %>
+  port: <%= ENV["#{db_service}_SERVICE_PORT"] %>
+  database: <%= ENV["POSTGRESQL_DATABASE"] %>
@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+# Load the Rails application.
+require File.expand_path("../application", __FILE__)
+
+# Initialize the Rails application.
+Railsgoat::Application.initialize!
@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+Railsgoat::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+  config.hosts << ENV['COOLIFY_FQDN'] || 'localhost'
+  # In the development environment your application's code is reloaded on
+  # every request. This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = false
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger
+  config.active_support.deprecation = :log
+
+  # Only use best-standards-support built into browsers
+  config.action_dispatch.best_standards_support = :builtin
+
+  # Tired of caching causing issues
+  config.middleware.delete Rack::ETag
+
+  # Do not compress assets
+  config.assets.compress = false
+
+  # Expands the lines which load the assets
+  config.assets.debug = true
+
+  # ActionMailer settings for email support
+  config.action_mailer.delivery_method = :smtp
+  config.action_mailer.smtp_settings = { address: "127.0.0.1", port: 1025 }
+  config.action_mailer.default_url_options = { host: "127.0.0.1:3000" }
+
+ # config.middleware.insert_before(
+ #      Rack::Lock, Rack::LiveReload,
+ #      :min_delay => 500,
+ #      :max_delay => 1000,
+ #      :port => 35727,
+ #      :host => 'railsgoat.dev',
+ #      :ignore => [ %r{dont/modify\.html$} ]
+ # )
+
+  # For Rails 4.0+
+  # Do not eager load code on boot. This avoids loading your whole application
+  # just for the purpose of running a single test. If you are using a tool that
+  # preloads Rails for running tests, you may have to set it to true.
+  config.eager_load = false
+end
@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+Railsgoat::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # In the development environment your application's code is reloaded on
+  # every request. This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = false
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger
+  config.active_support.deprecation = :log
+
+  # Only use best-standards-support built into browsers
+  config.action_dispatch.best_standards_support = :builtin
+
+  # Tired of caching causing issues
+  config.middleware.delete Rack::ETag
+
+  # Do not compress assets
+  config.assets.compress = false
+
+  # Expands the lines which load the assets
+  config.assets.debug = true
+
+  # ActionMailer settings for email support
+  config.action_mailer.delivery_method = :smtp
+  config.action_mailer.smtp_settings = { address: "127.0.0.1", port: 1025 }
+  config.action_mailer.default_url_options = { host: "127.0.0.1:3000" }
+
+ # config.middleware.insert_before(
+ #      Rack::Lock, Rack::LiveReload,
+ #      :min_delay => 500,
+ #      :max_delay => 1000,
+ #      :port => 35727,
+ #      :host => 'railsgoat.dev',
+ #      :ignore => [ %r{dont/modify\.html$} ]
+ # )
+
+  # For Rails 4.0+
+  # Do not eager load code on boot. This avoids loading your whole application
+  # just for the purpose of running a single test. If you are using a tool that
+  # preloads Rails for running tests, you may have to set it to true.
+  config.eager_load = false
+end
@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+Railsgoat::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+  config.hosts << '.svc.cluster.local'
+  # In the development environment your application's code is reloaded on
+  # every request. This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = false
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger
+  config.active_support.deprecation = :log
+
+  # Only use best-standards-support built into browsers
+  config.action_dispatch.best_standards_support = :builtin
+
+  # Tired of caching causing issues
+  config.middleware.delete Rack::ETag
+
+  # Do not compress assets
+  config.assets.compress = false
+
+  # Expands the lines which load the assets
+  config.assets.debug = true
+
+  # ActionMailer settings for email support
+  config.action_mailer.delivery_method = :smtp
+  config.action_mailer.smtp_settings = { address: "127.0.0.1", port: 1025 }
+  config.action_mailer.default_url_options = { host: "127.0.0.1:3000" }
+
+ # config.middleware.insert_before(
+ #      Rack::Lock, Rack::LiveReload,
+ #      :min_delay => 500,
+ #      :max_delay => 1000,
+ #      :port => 35727,
+ #      :host => 'railsgoat.dev',
+ #      :ignore => [ %r{dont/modify\.html$} ]
+ # )
+
+  # For Rails 4.0+
+  # Do not eager load code on boot. This avoids loading your whole application
+  # just for the purpose of running a single test. If you are using a tool that
+  # preloads Rails for running tests, you may have to set it to true.
+  config.eager_load = false
+end
@@ -0,0 +1,111 @@
+# frozen_string_literal: true
+Railsgoat::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # Code is not reloaded between requests.
+  config.cache_classes = true
+
+  # Full error reports are disabled and caching is turned on.
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Enable Rack::Cache to put a simple HTTP cache in front of your application
+  # Add `rack-cache` to your Gemfile before enabling this.
+  # For large-scale production use, consider using a caching
+  # reverse proxy like nginx, varnish or squid.
+  # config.action_dispatch.rack_cache = true
+
+  # Disable Rails's static asset server (Apache or nginx will already do this).
+  config.public_file_server.enabled = false
+
+  # Compress JavaScripts and CSS
+  config.assets.compress = true
+
+  # Compress JavaScripts and CSS.
+  config.assets.js_compressor = :uglifier
+  # config.assets.css_compressor = :sass
+
+  # Do not fallback to assets pipeline if a precompiled asset is missed.
+  config.assets.compile = true # default is false
+
+  # Generate digests for assets URLs.
+  config.assets.digest = true
+
+  # For Rails 4.0+: Version of your assets, change this if you want to expire all your assets.
+  config.assets.version = "1.0"
+
+  # Defaults to nil and saved in location specified by config.assets.prefix
+  # config.assets.manifest = YOUR_PATH
+
+  # Specifies the header that your server uses for sending files.
+  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
+
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  # config.force_ssl = true
+
+  # Set to :debug to see everything in the log.
+  config.log_level = :info
+
+  # Prepend all log lines with the following tags
+  # config.log_tags = [ :subdomain, :uuid ]
+
+  # Use a different logger for distributed setups
+  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+
+  # Use a different cache store in production
+  # config.cache_store = :mem_cache_store
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
+  # config.assets.precompile += %w( search.js )
+
+  # Disable delivery errors, bad email addresses will be ignored
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable threaded mode
+  # config.threadsafe!
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation can not be found).
+  config.i18n.fallbacks = [I18n.default_locale]
+
+  # Send deprecation notices to registered listeners.
+  config.active_support.deprecation = :notify
+
+  # For Rails 4.0+: Eager load code on boot. This eager loads most of
+  # Rails and your application in memory, allowing both thread web
+  # servers and those relying on copy on write to perform better.
+  # Rake tasks automatically ignore this option for performance.
+  config.eager_load = true
+
+  config.active_storage.service = :production
+
+  # For Rails 4.0+: Use default logging formatter so that PID and timestamp are not suppressed.
+  config.log_formatter = ::Logger::Formatter.new
+
+  # For Rails 4.0+: Disable automatic flushing of the log to improve performance.
+  # config.autoflush_log = false
+
+  # Prepend all log lines with the following tags.
+  # config.log_tags = [ :subdomain, :uuid ]
+
+  # Use a different logger for distributed setups.
+  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+
+  # Use a different cache store in production.
+  # config.cache_store = :mem_cache_store
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Precompile additional assets.
+  # application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
+  # config.assets.precompile += %w( search.js )
+
+  # Ignore bad email addresses and do not raise email delivery errors.
+  # Set this to true and configure the email server for immediate delivery to raise delivery errors.
+  # config.action_mailer.raise_delivery_errors = false
+end
@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+Railsgoat::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # The test environment is used exclusively to run your application's
+  # test suite. You never need to work with it otherwise. Remember that
+  # your test database is "scratch space" for the test suite and is wiped
+  # and recreated between test runs. Don't rely on the data there!
+  config.cache_classes = true
+
+  # Configure static asset server for tests with Cache-Control for performance.
+  config.public_file_server.enabled = true
+  config.public_file_server.headers = { "Cache-Control" => "public, max-age=3600" }
+
+  # Show full error reports and disable caching.
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Raise exceptions instead of rendering exception templates.
+  config.action_dispatch.show_exceptions = false
+
+  # Disable request forgery protection in test environment
+  config.action_controller.allow_forgery_protection    = true
+
+  # Tell Action Mailer not to deliver emails to the real world.
+  # The :test delivery method accumulates sent emails in the
+  # ActionMailer::Base.deliveries array.
+  config.action_mailer.delivery_method = :test
+
+  # Print deprecation notices to the stderr.
+  config.active_support.deprecation = :stderr
+
+  # For Rails 4.0+
+  # Do not eager load code on boot. This avoids loading your whole application
+  # just for the purpose of running a single test. If you are using a tool that
+  # preloads Rails for running tests, you may have to set it to true.
+  config.eager_load = false
+end
@@ -0,0 +1,2 @@
+# frozen_string_literal: true
+Rails.application.config.assets.precompile += %w( validation.js jquery.dataTables.min.js fullcalendar.min.js moment.min.js )
@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+# Be sure to restart your server when you modify this file.
+
+# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
+# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
+# Rails.backtrace_cleaner.remove_silencers!
@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+ACCESS_TOKEN_SALT = "S4828341189aefiasd#ASDF"
+
+RG_IV = "PPKLKAJDKGHALDJL482823458028"
@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+# Be sure to restart your server when you modify this file.
+
+# Configure sensitive parameters which will be filtered from the log file.
+Rails.application.config.filter_parameters += [:password]
@@ -0,0 +1,2 @@
+# frozen_string_literal: true
+ActiveSupport::JSON::Encoding::escape_html_entities_in_json = false
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format. Inflections
+# are locale specific, and you may define rules for as many different
+# locales as you wish. All of these examples are active by default:
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end
+
+# These inflection rules are supported but not enabled by default:
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
+#   inflect.acronym 'RESTful'
+# end
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+# NOTE:
+# RailsGoat intentionally uses an insecure approach for key management.
+# This is done to demonstrate bad practices for educational purposes.
+#
+# In real-world Rails applications:
+# - Rails 5.1 supports encrypted secrets via config/secrets.yml
+# - Rails 5.2+ supports encrypted credentials via credentials.yml.enc
+# - Secrets are commonly provided via environment variables (ENV)
+#
+# Hardcoding keys or omitting secure secret management must NEVER be done
+# in production applications.
+if Rails.env.production?
+  # Specify env variable/location/etc. to retrieve key from
+else
+  KEY = "123456789101112123456789101112123456789101112"
+end
@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+# Be sure to restart your server when you modify this file.
+
+# Add new mime types for use in respond_to blocks:
+# Mime::Type.register "text/richtext", :rtf
+# Mime::Type.register_alias "text/html", :iphone
@@ -0,0 +1,164 @@
+
+# frozen_string_literal: true
+POPULATE_RETIREMENTS = [
+      {
+        employee_contrib: "1000",
+        employer_contrib: "2000",
+        total: "4500"
+      },
+      {
+        employee_contrib: "8000",
+        employer_contrib: "16000",
+        total: "30000"
+      },
+      {
+        employee_contrib: "10000",
+        employer_contrib: "20000",
+        total: "40000"
+      },
+      {
+        employee_contrib: "3000",
+        employer_contrib: "6000",
+        total: "12500"
+      }
+
+]
+
+POPULATE_PAID_TIME_OFF = [
+      {
+        sick_days_taken: 2,
+        sick_days_earned: 5,
+        pto_taken: 5,
+        pto_earned: 30
+      },
+      {
+        sick_days_taken: 3,
+        sick_days_earned: 6,
+        pto_taken: 3,
+        pto_earned: 20
+      },
+      {
+        sick_days_taken: 2,
+        sick_days_earned: 5,
+        pto_taken: 5,
+        pto_earned: 30
+      },
+      {
+        sick_days_taken: 1,
+        sick_days_earned: 5,
+        pto_taken: 10,
+        pto_earned: 30
+      }
+
+  ]
+
+POPULATE_SCHEDULE = [
+        {
+          date_begin: Date.new(2014, 7, 30),
+          date_end: Date.new(2014, 8, 2),
+          event_type: "pto",
+          event_desc: "vacation to france",
+          event_name: "My 2014 Vacation"
+
+        },
+        {
+          date_begin: Date.new(2013, 9, 1),
+          date_end: Date.new(2013, 9, 12),
+          event_type: "pto",
+          event_desc: "Going Home to see folks",
+          event_name: "Visit Parents"
+
+        },
+        {
+          date_begin: Date.new(2013, 9, 13),
+          date_end: Date.new(2013, 9, 20),
+          event_type: "pto",
+          event_desc: "Taking kids to Grand Canyon",
+          event_name: "AZ Trip"
+
+        },
+        {
+          date_begin: Date.new(2013, 12, 20),
+          date_end: Date.new(2013, 12, 30),
+          event_type: "pto",
+          event_desc: "Xmas Staycation",
+          event_name: "Christmas Leave"
+        }
+
+    ]
+
+POPULATE_WORK_INFO = [
+    {
+      income: "$50,000",
+      bonuses: "$10,000",
+      years_worked: 2,
+      SSN: "666-66-6666",
+      DoB: "01-01-1980"
+    },
+    {
+      income: "$40,000",
+      bonuses: "$10,000",
+      years_worked: 1,
+      SSN: "777-77-7777",
+      DoB: "01-01-1979"
+    },
+    {
+      income: "$60,000",
+      bonuses: "$12,000",
+      years_worked: 3,
+      SSN: "888-88-8888",
+      DoB: "01-01-1981"
+    },
+    {
+      income: "$30,000",
+      bonuses: "7,000",
+      years_worked: 1,
+      SSN: "999-99-9999",
+      DoB: "01-01-1982"
+    }
+  ]
+
+ POPULATE_PERFORMANCE = [
+    {
+      reviewer: 1,
+      comments: "Great job! You are my hero",
+      date_submitted: Date.new(2012, 01, 01),
+      score: 5
+    },
+    {
+    reviewer: 1,
+    comments: "Once again, you've done a great job this year. We greatly appreciate your hard work.",
+    date_submitted: Date.new(2013, 01, 01),
+    score: 5
+    },
+    {
+      reviewer: 1,
+      comments: "Great worker, great attitude for this newcomer!",
+      date_submitted: Date.new(2013, 01, 01),
+      score: 5
+    },
+    {
+      reviewer: 1,
+      comments: "Wow, right out of the gate we've been very impressed but unfortunately, our system doesn't allow us to give you a full 5.0 because other ppl have gotten 5.0 ratings.",
+      date_submitted: Date.new(2011, 01, 01),
+      score: 4
+    },
+    {
+      reviewer: 1,
+      comments: "We highly recommend promotion for this employee! Consistent performer with proven leadership qualities.",
+      date_submitted: Date.new(2012, 01, 01),
+      score: 5
+    },
+    {
+      reviewer: 1,
+      comments: "Right out of the gate has made incredible moves as a newly appointed leader. His only improvement would be more cowbell. Not enough of it.",
+      date_submitted: Date.new(2013, 01, 01),
+      score: 4
+    },
+    {
+       reviewer: 1,
+       comments: "Ehh, you are okay, we will let you stay..... barely",
+       date_submitted: Date.new(2013, 01, 01),
+       score: 2
+     }
+  ]
@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+# Rails 8 ReDoS Protection
+# Enable automatic timeout for regular expressions to prevent ReDoS attacks
+# Default: 1 second timeout for regex operations
+#
+# This is a Rails 8 security feature that prevents catastrophic backtracking
+# in regular expressions from hanging the application.
+#
+# See: R8-A1-ReDoS tutorial in wiki for exploitation details
+
+Regexp.timeout = 1.0  # 1 second timeout
@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+Railsgoat::Application.config.secret_key_base = "2f1d90a26236c3245d96f5606c201a780dc9ca687e5ed82b45e211bb5dc84c1870f61ca9e002dad5dd8a149c9792d8f07f31a9575065cca064bd6af44f8750e4"
@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+# Be sure to restart your server when you modify this file.
+
+Railsgoat::Application.config.session_store :cookie_store, key: "_railsgoat_session", httponly: false
@@ -0,0 +1,2 @@
+# frozen_string_literal: true
+ActiveRecord::Base.send(:include, ActiveModel::ForbiddenAttributesProtection)
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+# Be sure to restart your server when you modify this file.
+#
+# This file contains settings for ActionController::ParamsWrapper which
+# is enabled by default.
+
+# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
+ActiveSupport.on_load(:action_controller) do
+  wrap_parameters format: [:json] if respond_to?(:wrap_parameters)
+end
+
+# Disable root element in JSON by default.
+ActiveSupport.on_load(:active_record) do
+  self.include_root_in_json = false
+end
@@ -0,0 +1,23 @@
+# Files in the config/locales directory are used for internationalization
+# and are automatically loaded by Rails. If you want to use locales other
+# than English, add the necessary files in this directory.
+#
+# To use the locales, use `I18n.t`:
+#
+#     I18n.t 'hello'
+#
+# In views, this is aliased to just `t`:
+#
+#     <%= t('hello') %>
+#
+# To use a different locale, set it with `I18n.locale`:
+#
+#     I18n.locale = :es
+#
+# This would use the information in config/locales/es.yml.
+#
+# To learn more, please read the Rails Internationalization guide
+# available at http://guides.rubyonrails.org/i18n.html.
+
+en:
+  hello: "Hello world"
@@ -0,0 +1,13 @@
+max_threads_count = ENV.fetch("RAILS_MAX_THREADS", 5)
+min_threads_count = ENV.fetch("RAILS_MIN_THREADS") { max_threads_count }
+threads min_threads_count, max_threads_count
+
+port ENV.fetch("PORT", 3000)
+
+environment ENV.fetch("RAILS_ENV", "development")
+
+workers ENV.fetch("WEB_CONCURRENCY", 2)
+
+preload_app!
+
+plugin :tmp_restart
@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+Railsgoat::Application.routes.draw do
+
+  get "login" => "sessions#new"
+  get "signup" => "users#new"
+  get "logout" => "sessions#destroy"
+
+  get "forgot_password" => "password_resets#forgot_password"
+  post "forgot_password" => "password_resets#send_forgot_password"
+  get "password_resets" => "password_resets#confirm_token"
+  post "password_resets" => "password_resets#reset_password"
+
+  get "dashboard/doc" => "dashboard#doc"
+
+  resources :sessions
+
+  resources :users do
+    get "account_settings"
+
+    resources :retirement
+    resources :paid_time_off
+    resources :work_info
+    resources :performance
+    resources :benefit_forms
+    resources :messages
+
+    resources :pay do
+      collection do
+        post "update_dd_info"
+        post "decrypted_bank_acct_num"
+      end
+    end
+
+  end
+
+  get "download" => "benefit_forms#download"
+  get "upload" => "benefit_forms#redirect_to_benefit_forms"
+  post "upload" => "benefit_forms#upload"
+
+  resources :tutorials do
+    collection do
+      get "credentials"
+      post "redos_email"
+      post "redos_username"
+      post "redos_email_safe"
+      get "supply_chain"
+      get "check_dependencies"
+    end
+  end
+
+  resources :schedule do
+    collection do
+      get "get_pto_schedule"
+    end
+  end
+
+  resources :admin do
+    get "dashboard"
+    get "get_user"
+    post "delete_user"
+    patch "update_user"
+    get "get_all_users"
+    get "analytics"
+  end
+
+  resources :dashboard do
+    collection do
+      get "home"
+      get "change_graph"
+    end
+  end
+
+  namespace :api, defaults: {format: "json"} do
+    namespace :v1 do
+      resources :users
+      resources :mobile
+    end
+  end
+
+  root to: "sessions#new"
+end
@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+63303430303835393535616235383138383365363438363234316163373866616539353065343530
+3138626232306637323534343936383734363439376437620a383165366162623936613764336363
+61393232626465306139333339643531396338363631653361363562346237366534306539373938
+3135343835633239660a353038623433353364636264636633356538646431303234326437366138
+63336262376136386463653033643064616432623763626132353062646431333032353137393833
+61303832323139633831333932616565313762356233646663316636363663323166633466373066
+36663631393339633163643364613261326530363238333761306163363463623736333363323937
+30363865623132653730396235383862303439613762313163376365373464383364366333663637
+3066
@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+35626437333463353464663839363636313435336332376561623031666263616263613638303031
+3064343638663837633934636537353736323335313663350a313338383464353231346661616563
+39353235353135323330653437333062653232366330316237656339383465653130636166346537
+6663373338366133610a383365303662306266303832326561646263363031666237303464663062
+3435
@@ -0,0 +1,11 @@
+test:
+  service: Disk
+  root: <%= Rails.root.join("tmp/storage") %>
+
+local:
+  service: Disk
+  root: <%= Rails.root.join("storage") %>
+
+production:
+  service: Disk
+  root: <%= Rails.root.join("storage") %>