apicasso 0.1.0

data/app/controllers/apicasso/application_controller.rb

@@ -0,0 +1,106 @@
+# frozen_string_literal: true
+
+module Apicasso
+  # Controller to extract common API features,
+  # such as authentication and authorization
+  class ApplicationController < ActionController::API
+    include ActionController::HttpAuthentication::Token::ControllerMethods
+    prepend_before_action :restrict_access
+    after_action :register_api_request
+
+    # Sets the authorization scope for the current API key
+    def current_ability
+      @current_ability ||= Apicasso::Ability.new(@api_key)
+    end
+
+    private
+
+    # Identifies API key used in the request, avoiding unauthenticated access
+    def restrict_access
+      authenticate_or_request_with_http_token do |token, _options|
+        @api_key = Apicasso::Key.find_by!(token: token)
+      end
+    end
+
+    # Creates a request object in databse, registering the API key and
+    # a hash of the request and the response
+    def register_api_request
+      Apicasso::Request.delay.create(api_key_id: @api_key.id,
+                                object: {
+                                  request: request_hash,
+                                  response: response_hash
+                                })
+    end
+
+    # Request data built as a hash.
+    # Returns UUID, URL, HTTP Headers and origin IP
+    def request_hash
+      {
+        uuid: request.uuid,
+        url: request.original_url,
+        headers: request.env.select { |key, _v| key =~ /^HTTP_/ },
+        ip: request.remote_ip
+      }
+    end
+
+    # Resonse data built as a hash.
+    # Returns HTTP Status and request body
+    def response_hash
+      {
+        status: response.status,
+        body: JSON.parse(response.body)
+      }
+    end
+
+    # Used to avoid errors parsing the search query,
+    # which can be passed as a JSON or as a key-value param
+    def parsed_query
+      JSON.parse(params[:q])
+    rescue JSON::ParserError, TypeError
+      params[:q]
+    end
+
+    # Used to avoid errors in included associations parsing
+    def parsed_include
+      params[:include].split(',')
+    rescue NoMethodError
+      []
+    end
+
+    # Receives a `.paginate`d collection and returns the pagination
+    # metadata to be merged into response
+    def pagination_metadata_for(records)
+      { total: records.total_entries,
+        total_pages: records.total_pages,
+        last_page: records.next_page.blank?,
+        previous_page: previous_link_for(records),
+        next_page: next_link_for(records),
+        out_of_bounds: records.out_of_bounds?,
+        offset: records.offset }
+    end
+
+    # Generates a contextualized URL of the next page for this request
+    def next_link_for(records)
+      uri = URI.parse(request.original_url)
+      query = Rack::Utils.parse_query(uri.query)
+      query['page'] = records.next_page
+      uri.query = Rack::Utils.build_query(query)
+      uri.to_s
+    end
+
+    # Generates a contextualized URL of the previous page for this request
+    def previous_link_for(records)
+      uri = URI.parse(request.original_url)
+      query = Rack::Utils.parse_query(uri.query)
+      query['page'] = records.previous_page
+      uri.query = Rack::Utils.build_query(query)
+      uri.to_s
+    end
+
+    # Receives a `:action, :resource, :object` hash to validate authorization
+    def authorize_for(opts = {})
+      authorize! opts[:action], opts[:resource] if opts[:resource].present?
+      authorize! opts[:action], opts[:object] if opts[:object].present?
+    end
+  end
+end

data/app/controllers/apicasso/crud_controller.rb

@@ -0,0 +1,148 @@
+# frozen_string_literal: true
+
+module Apicasso
+  # Controller to consume read-only data to be used on client's frontend
+  class CrudController < ApplicationController
+    before_action :set_root_resource
+    before_action :set_object, except: %i[index schema create]
+    before_action :set_nested_resource, only: %i[nested_index]
+    before_action :set_records, only: %i[index nested_index]
+    before_action :set_schema, only: %i[schema]
+
+    include Orderable
+
+    # GET /:resource
+    # Returns a paginated, ordered and filtered query based response.
+    # Consider this
+    # To get all `Channel` sorted by ascending `name` and descending
+    # `updated_at`, filtered by the ones that have a `domain` that matches
+    # exactly `"domain.com"`, paginating records 42 per page and retrieving
+    # the page 42 of that collection. Usage:
+    # GET /sites?sort=+name,-updated_at&q[domain_eq]=domain.com&page=42&per_page=42
+    def index
+      render json: response_json
+    end
+
+    # GET /:resource/1
+    def show
+      render json: @object.to_json(include: parsed_include)
+    end
+
+    # PATCH/PUT /:resource/1
+    def update
+      authorize_for(action: :update,
+                    resource: resource.name.underscore.to_sym,
+                    object: @object)
+      if @object.update(object_params)
+        render json: @object
+      else
+        render json: @object.errors, status: :unprocessable_entity
+      end
+    end
+
+    # DELETE /:resource/1
+    def destroy
+      authorize_for(action: :destroy,
+                    resource: resource.name.underscore.to_sym,
+                    object: @object)
+      if @object.destroy
+        head :no_content
+      else
+        render json: @object.errors, status: :unprocessable_entity
+      end
+    end
+
+    # GET /:resource/1/:nested_resource
+    alias nested_index index
+
+    # POST /:resource
+    def create
+      @object = resource.new(resource_params)
+      authorize_for(action: :create,
+                    resource: resource.name.underscore.to_sym,
+                    object: @object)
+      if @object.save
+        render json: @object, status: :created, location: @object
+      else
+        render json: @object.errors, status: :unprocessable_entity
+      end
+    end
+
+    # OPTIONS /:resource
+    # OPTIONS /:resource/1/:nested_resource
+    # Will return a JSON with the schema of the current resource, using
+    # attribute names as keys and attirbute types as values.
+    def schema
+      render json: resource_schema.to_json
+    end
+
+    private
+
+    # Common setup to stablish which model is the resource of this request
+    def set_root_resource
+      @root_resource = params[:resource].classify.constantize
+    end
+
+    # Common setup to stablish which object this request is querying
+    def set_object
+      id = params[:id]
+      @object = resource.friendly.find(id)
+    rescue NoMethodError
+      @object = resource.find(id)
+    ensure
+      authorize! :read, @object
+    end
+
+    # Setup to stablish the nested model to be queried
+    def set_nested_resource
+      @nested_resource = @object.send(params[:nested].underscore.pluralize)
+    end
+
+    # Reutrns root_resource if nested_resource is not set scoped by permissions
+    def resource
+      (@nested_resource || @root_resource)
+    end
+
+    # Used to setup the resource's schema, mapping attributes and it's types
+    def resource_schema
+      schemated = {}
+      resource.columns_hash.each { |key, value| schemated[key] = value.type }
+      schemated
+    end
+
+    # Used to setup the records from the selected resource that are
+    # going to be rendered, if authorized
+    def set_records
+      authorize! :read, resource.name.underscore.to_sym
+      @records = resource.ransack(parsed_query).result
+      reorder_records if params[:sort].present?
+    end
+
+    # Reordering of records which happens when receiving `params[:sort]`
+    def reorder_records
+      @records = @records.unscope(:order).order(ordering_params(params))
+    end
+
+    # Raw paginated records object
+    def paginated_records
+      @records.accessible_by(current_ability)
+              .paginate(page: params[:page], per_page: params[:per_page])
+    end
+
+    # Parsing of `paginated_records` with pagination variables metadata
+    def response_json
+      { entries: entries_json }.merge(pagination_metadata_for(paginated_records))
+    end
+
+    # Parsed JSON to be used as response payload
+    def entries_json
+      JSON.parse(paginated_records.to_json(include: parsed_include))
+    end
+
+    # Only allow a trusted parameter "white list" through,
+    # based on resource's schema.
+    def object_params
+      params.fetch(resource.name.underscore.to_sym, resource_schema.keys)
+    end
+  end
+end

data/app/controllers/concerns/orderable.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+# This concern is used to provide abstract ordering based on `params[:sort]`
+module Orderable
+  extend ActiveSupport::Concern
+  SORT_ORDER = { '+' => :asc, '-' => :desc }.freeze
+
+  # A list of the param names that can be used for ordering the model list
+  def ordering_params(params)
+    # For example it retrieves a list of orders in descending order of total_value.
+    # Within a specific total_value, older orders are ordered first
+    #
+    # GET /orders?sort=-total_value,created_at
+    # ordering_params(params) # => { total_value: :desc, created_at: :asc }
+    #
+    # Usage:
+    # Order.order(ordering_params(params))
+    ordering = {}
+    params[:sort].try(:split, ',').try(:each) do |attr|
+      parsed_attr = parse_attr attr
+      if model.attribute_names.include?(parsed_attr)
+        ordering[parsed_attr] = SORT_ORDER[parse_sign parsed_attr]
+      end
+    end
+    ordering
+  end
+
+  private
+
+  # Parsing of attributes to avoid empty starts in case browser passes "+" as " "
+  def parse_attr(attr)
+    return attr.gsub(/^\ (.*)/, '\1') if attr.starts_with?(' ')
+    attr[1..-1]
+  end
+
+  # Ordering sign parse, which separates
+  def parse_sign(attr)
+    attr =~ /\A[+-]/ ? attr.slice!(0) : '+'
+  end
+
+  def model
+    (params[:resource] || params[:nested] || controller_name).classify.constantize
+  end
+end

data/app/helpers/apicasso/application_helper.rb

@@ -0,0 +1,4 @@
+module Apicasso
+  module ApplicationHelper
+  end
+end

data/app/jobs/apicasso/application_job.rb

@@ -0,0 +1,4 @@
+module Apicasso
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/apicasso/application_mailer.rb

@@ -0,0 +1,6 @@
+module Apicasso
+  class ApplicationMailer < ActionMailer::Base
+    default from: 'from@example.com'
+    layout 'mailer'
+  end
+end

data/app/models/apicasso/ability.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Apicasso
+  # Ability to parse a scope object from Apicasso::Key
+  class Ability
+    include CanCan::Ability
+
+    def initialize(key)
+      key ||= Apicasso::Key.new
+      cannot :manage, :all
+      cannot :read, :all
+      key.scope.each do |permission, klasses_clearances|
+        klasses_clearances.each do |klasses|
+          klasses.each do |klass, clearance|
+            if clearance == true
+              # Usage:
+              # To have a key reading all channels and all accouts
+              # you would have a scope:
+              # => `{read: [{channel: true}, {accout: true}]}`
+              can permission.to_sym, klass.underscore.to_sym
+              can permission.to_sym, klass.classify.constantize
+            elsif clearance.class == Hash
+              # Usage:
+              # To have a key reading all banners from a channel with id 999
+              # you would have a scope:
+              # => `{read: [{banner: {owner_id: [999]}}]}`
+              can permission.to_sym,
+                  klass.underscore.to_sym
+              clearance.each do |by_field, values|
+                can permission.to_sym,
+                    klass.classify.constantize,
+                    by_field => values
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/models/apicasso/application_record.rb

@@ -0,0 +1,6 @@
+module Apicasso
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+    self.table_name_prefix = 'apicasso_'
+  end
+end

data/app/models/apicasso/key.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+module Apicasso
+  # A model to abstract API access, with scope options, token generation, request limiting
+  class Key < ApplicationRecord
+    before_create :set_auth_token
+
+    private
+
+    # Method that generates `SecureRandom.uuid` as token until
+    # an unique one has been acquired
+    def set_auth_token
+      loop do
+        self.token = generate_auth_token
+        break unless self.class.exists?(token: token)
+      end
+    end
+
+    # RFC4122 style token
+    def generate_auth_token
+      SecureRandom.uuid.delete('-')
+    end
+  end
+end

data/app/models/apicasso/request.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module Apicasso
+  # A model to abstract API access, with scope options, token generation, request limiting
+  class Request < ApplicationRecord
+    belongs_to :api_key, class_name: 'Apicasso::Key'
+  end
+end

data/app/views/layouts/apicasso/application.html.erb

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Apicasso</title>
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+
+  <%= stylesheet_link_tag    "apicasso/application", media: "all" %>
+  <%= javascript_include_tag "apicasso/application" %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/routes.rb

@@ -0,0 +1,13 @@
+Apicasso::Engine.routes.draw do
+  scope module: :apicasso do
+    get '/:resource/', to: 'crud#index', via: :get
+    match '/:resource/', to: 'crud#create', via: :post
+    get '/:resource/:id', to: 'crud#show', via: :get
+    match '/:resource/:id', to: 'crud#update', via: :patch
+    match '/:resource/:id', to: 'crud#destroy', via: :delete
+    match '/:resource/:id/:nested/', to: 'crud#nested_index', via: :get
+    match '/:resource/', to: 'crud#schema', via: :options
+    match '/:resource/:id/:nested/', to: 'crud#schema', via: :options
+    resources :apidocs, only: [:index]
+  end
+end

data/lib/apicasso/active_record_extension.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+require 'swagger/blocks'
+
+module Apicasso
+  # This class is injected into `ActiveRecord` to enable Swagger docs to be
+  # generated automatically based on schema and I18n definitions in your
+  # own application.
+  module ActiveRecordExtension
+    extend ActiveSupport::Concern
+    module ClassMethods
+      def validated_attrs_for(validation)
+        if validation.is_a?(String) || validation.is_a?(Symbol)
+          klass = 'ActiveRecord::Validations::' \
+                  "#{validation.to_s.camelize}Validator"
+          validation = klass.constantize
+        end
+        validators.select { |v| v.is_a?(validation) }
+                  .map(&:attributes)
+                  .flatten
+                  .map(&:to_sym)
+      end
+
+      def presence_validators?
+        presence_validators.present?
+      end
+
+      def presence_validators
+        validated_attrs_for(:presence)
+      end
+    end
+    included do
+      include ::Swagger::Blocks
+      @@klass = self
+      swagger_schema @@klass.name.to_sym do
+        key :required, %i[*presence_validators] if @@klass.presence_validators?
+        @@klass.columns_hash.each do |name, type|
+          property name.to_sym do
+            key :type, type.type
+          end
+        end
+      end
+      swagger_schema "#{@@klass.name}Input".to_sym do
+        allOf do
+          schema do
+            key :'$ref', "#{@@klass.name}Input".to_sym
+          end
+          schema do
+            key :required, %i[*presence_validators] if @@klass.presence_validators?
+            @@klass.columns_hash.each do |name, type|
+              property name.to_sym do
+                key :type, type.type
+              end
+            end
+          end
+        end
+      end
+      swagger_schema "#{@@klass.name}Metadata".to_sym do
+        allOf do
+          schema do
+            key :'$ref', "#{@@klass.name}Metadata".to_sym
+          end
+          schema do
+            @@klass.columns_hash.each do |name, type|
+              property name.to_sym do
+                key :description, type.type
+                key :type, :string
+              end
+            end
+          end
+        end
+      end
+    rescue ActiveRecord::ConnectionNotEstablished
+      puts "No database connection to setup APIcasso routes in documentation"
+    end
+  end
+end
+
+# Include the extension to avoid including on all files mannually
+ActiveRecord::Base.send(:include, Apicasso::ActiveRecordExtension)

data/lib/apicasso/engine.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module Apicasso
+  class Engine < ::Rails::Engine
+  end
+end

data/lib/apicasso/version.rb

@@ -0,0 +1,3 @@
+module Apicasso
+  VERSION = '0.1.0'
+end

data/lib/apicasso.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require 'apicasso/version'
+require 'apicasso/engine'
+require 'apicasso/active_record_extension'
+
+module Apicasso
+  # Your code goes here...
+end

data/lib/generators/apicasso/install/install_generator.rb

@@ -0,0 +1,25 @@
+require 'rails/generators/migration'
+
+module Apicasso
+  module Generators
+    class InstallGenerator < ::Rails::Generators::Base
+      include Rails::Generators::Migration
+      source_root File.expand_path('../templates', __FILE__)
+      desc 'Add the required migrations to run APIcasso'
+
+      def self.next_migration_number(path)
+        if @prev_migration_nr
+          @prev_migration_nr += 1
+        else
+          @prev_migration_nr = Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
+        end
+        @prev_migration_nr.to_s
+      end
+
+      def copy_migrations
+        migration_template 'create_apicasso_tables.rb',
+                           'db/migrate/create_apicasso_tables.rb'
+      end
+    end
+  end
+end

data/lib/generators/apicasso/install/templates/create_apicasso_tables.rb

@@ -0,0 +1,17 @@
+class CreateApicassoTables < ActiveRecord::Migration[5.0]
+  def change
+    create_table :apicasso_keys, id: :uuid do |t|
+      t.json :scope
+      t.integer :scope_type
+      t.json :request_limiting
+      t.text :token
+      t.datetime :deleted_at
+      t.timestamps null: false
+    end
+    create_table :apicasso_requests, id: :uuid do |t|
+      t.text :api_key_id
+      t.json :object
+      t.timestamps null: false
+    end
+  end
+end

data/lib/tasks/apicasso_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :apicasso do
+#   # Task goes here
+# end