apicasso 0.5.2 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7c1f920e9964f2f638e348b6acb79ee6fd0f922a06d0cc43282696be53325ba9
-  data.tar.gz: 83e3b5a19723736f4c72e0263159aea8a73ccc5b620ad63c6b0dc2f3adea4734
+  metadata.gz: '008a3e92922e32986a11c43d51478f4dd3eb8e44e287abf9027952c6415b00d3'
+  data.tar.gz: 146ae0b052be05e8f9a9dbf5c32563d39469e6887c1343d4c4e8ac70206c0708
 SHA512:
-  metadata.gz: 2465d5459eae0c3203903659f9e7a01b55086caffc57c245058518c8510e3689cc3a67b1d1f954125b2915121661f01ca171aa45292875a4ac74053ddbb9543b
-  data.tar.gz: 227061cbc6efc8976acc17bd2d34dd5989aeaab549535c30ccb83835b6e87ff8a76ca1d7a7f17357df9e7d621db51b0f4c22ca3453d370066e842cab18d7f3f2
+  metadata.gz: 93ae0a99e84f211f429d6daa80ba0f8690fb7903c155ad6e769f8cef18e8ee2ae8b52783460af857e464d750822a9d2876d23d75fb88323890a817597a950e08
+  data.tar.gz: 8ff1d500a8daea84d2b6137cc8a7cefcbf5b71097d9263f8c7a1588ac7c1d7f3efbd1a48b43b9f7156611b9510c8c3f615d1c9af4801c492443401c891e6ea8a

data/app/controllers/apicasso/application_controller.rb

@@ -6,9 +6,8 @@ module Apicasso
   # application needs to create custom actions.
   class ApplicationController < ActionController::API
     include ActionController::HttpAuthentication::Token::ControllerMethods
-    prepend_before_action :restrict_access, unless: -> { preflight? }
+    prepend_before_action :restrict_access
     prepend_before_action :klasses_allowed
-    before_action :set_access_control_headers
     before_action :set_root_resource
     before_action :bad_request?
     after_action :register_api_request
@@ -195,30 +194,5 @@ module Apicasso
     def bad_request?
       raise ActionController::BadRequest.new('Bad hacker, stop be bully or I will tell to your mom!') unless sql_injection(resource)
     end
-
-    # @TODO
-    # Remove this in favor of a more controllable aproach of CORS
-    def set_access_control_headers
-      response.headers['Access-Control-Allow-Origin'] = allow_origin
-      response.headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, PATCH, DELETE, OPTIONS'
-      response.headers['Access-Control-Allow-Credentials'] = 'true'
-      response.headers['Access-Control-Allow-Headers'] = 'Origin, Content-Type, Accept, Authorization, Token, Auth-Token, Email, X-User-Token, X-User-Email'
-      response.headers['Access-Control-Max-Age'] = '1728000'
-    end
-
-    # A method to allow origin customizing through method overriding
-    def allow_origin
-      if request.headers['Referer'].present?
-        request.protocol + URI(request.headers['Referer']).host
-      else
-        request.headers['Origin'] || '*'
-      end.gsub(/\/$/, '')
-    end
-
-    # Checks if current request is a CORS preflight check
-    def preflight?
-      request.request_method == 'OPTIONS' &&
-        !request.headers['Authorization'].present?
-    end
   end
 end

data/app/controllers/apicasso/crud_controller.rb

@@ -16,7 +16,6 @@ module Apicasso
     # Example:
     #   GET /sites?sort=+name,-updated_at&q[domain_eq]=domain.com&page=42&per_page=42
     def index
-      set_access_control_headers
       render json: index_json
     end
 
@@ -24,7 +23,6 @@ module Apicasso
     # Common behavior for showing a record, with an addition of
     # relation/methods including on response
     def show
-      set_access_control_headers
       render json: show_json
     end
 
@@ -75,7 +73,7 @@ module Apicasso
     # Will return a JSON with the schema of the current resource, using
     # attribute names as keys and attirbute types as values.
     def schema
-      render json: resource_schema.to_json unless preflight?
+      render json: resource_schema.to_json
     end
 
     private

data/app/controllers/concerns/sql_security.rb

@@ -56,7 +56,7 @@ module SqlSecurity
   # Check if value for current class is valid for API consumption
   def safe_for_sql?(klass, value)
     klass.column_names.include?(value) ||
-      DESCENDANTS_UNDERSCORED.include?(value) ||
+      DESCENDANTS_UNDERSCORED.include?(value.singularize) ||
       klass.new.respond_to?(value) ||
       klass.reflect_on_all_associations.map(&:name).include?(value)
   end

data/lib/apicasso/configuration.rb

@@ -0,0 +1,19 @@
+module Apicasso
+  # This class exposes the settable attributes of the gem
+  class Configuration
+    attr_accessor :origins, :headers, :resource, :credentials, :methods,
+                  :max_age, :expose, :if, :vary
+
+    def initialize
+      @origins = nil
+      @headers = nil
+      @resource = nil
+      @credentials = nil
+      @methods = nil
+      @max_age = nil
+      @expose = nil
+      @if = nil
+      @vary = nil
+    end
+  end
+end

data/lib/apicasso/engine.rb

@@ -3,6 +3,21 @@
 module Apicasso
   # Behavior control for the Apicasso::Engine
   class Engine < ::Rails::Engine
+    require 'rack/cors'
+    config.middleware.use Rack::Cors do
+      allow do
+        origins Apicasso.configuration.origins
+        resource Apicasso.configuration.resource,
+                 headers: Apicasso.configuration.headers,
+                 methods: Apicasso.configuration.methods,
+                 credentials: Apicasso.configuration.credentials,
+                 max_age: Apicasso.configuration.max_age,
+                 if: Apicasso.configuration.if,
+                 vary:  Apicasso.configuration.vary,
+                 expose: Apicasso.configuration.expose
+      end
+    end
+
     config.generators do |g|
       g.test_framework :rspec, fixture: false
       g.fixture_replacement :factory_girl, dir: 'spec/factories'

data/lib/apicasso/version.rb

@@ -1,3 +1,3 @@
 module Apicasso
-  VERSION = '0.5.2'.freeze
+  VERSION = '0.6.0'.freeze
 end

data/lib/apicasso.rb

@@ -10,6 +10,19 @@ require 'apicasso/engine'
 require 'apicasso/active_record_extension'
 require 'friendly_id'
 
+require 'apicasso/configuration'
+
+# Load settings defined in initializer
 module Apicasso
-  # Your code goes here...
+  def self.configuration
+    @configuration ||= Configuration.new
+  end
+
+  def self.reset
+    @configuration = Configuration.new
+  end
+
+  def self.configure
+    yield(configuration)
+  end
 end

data/lib/generators/apicasso/install/install_generator.rb

@@ -26,6 +26,11 @@ module Apicasso
         migration_template 'create_apicasso_tables.rb',
                            'db/migrate/create_apicasso_tables.rb'
       end
+
+      # Create an initializer with CORS configuration to Apicasso
+      def copy_initializer
+        copy_file 'apicasso.rb', 'config/initalizers/apicasso.rb'
+      end
     end
   end
 end

data/lib/generators/apicasso/install/templates/apicasso.rb

@@ -0,0 +1,53 @@
+Apicasso.configure do |config|
+  # Origins can be specified as a string, a regular expression,
+  # or as '*' to allow all origins.
+  # Origin response header indicates whether the response can be
+  # shared with requesting code from the given origin.
+  config.origins = '*'
+
+  # A Resource path can be specified as exact string match (/path/to/file.txt)
+  # or with a '*' wildcard (/all/files/in/*).
+  # To include all of a directory's files and the files in its subdirectories,
+  # use this form: /assets/**/*.
+  config.resource = '*'
+
+  # The HTTP methods allowed for the resource.
+  # Can be a string or array or :any
+  config.headers = :any
+
+  # Sets the Access-Control-Allow-Credentials response header.
+  # If a wildcard (*) origin is specified, this option cannot be set to true.
+  # Can be a boolean, default: false
+  config.credentials = '*'
+
+  # Sets the Access-Control-Max-Age response header.
+  # The Access-Control-Max-Age response header indicates how long the results
+  # of a preflight request (that is the information contained in the
+  # Access-Control-Allow-Methods and Access-Control-Allow-Headers headers)
+  # can be cached.
+  # Must be a number
+  config.max_age = 1_728_000
+
+  # The Access-Control-Allow-Methods response header specifies the method or
+  # methods allowed when accessing the resource in response to a request.
+  # Cam be a string or array or :any
+  config.methods = %i[get post delete put patch options]
+
+  # The Vary HTTP response header determines how to match future request headers
+  # to decide whether a cached response can be used rather than requesting a
+  # fresh one from the origin server. It is used by the server to indicate which
+  # headers it used when selecting a representation of a resource in a content
+  # negotiation algorithm.
+  # Can be a string or array
+  config.vary = nil
+
+  # The Access-Control-Expose-Headers response header indicates which headers
+  # can be exposed as part of the response by listing their names.
+  # Can be a string or array
+  config.expose = nil
+
+  # If the result of the proc is true, will process the request as
+  # a valid CORS request.
+  # Must be a Proc
+  config.if = nil
+end

data/spec/dummy/config/initializers/apicasso.rb

@@ -0,0 +1,11 @@
+Apicasso.configure do |config|
+  config.origins = '*'
+  config.headers = :any
+  config.resource = '*'
+  config.credentials = '*'
+  config.max_age = 1728000
+  config.methods = [:get, :post, :delete, :put, :patch, :options]
+  config.vary = nil
+  config.expose = nil
+  config.if = nil
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: apicasso
 version: !ruby/object:Gem::Version
-  version: 0.5.2
+  version: 0.6.0
 platform: ruby
 authors:
 - Fernando Bellincanta
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-11-20 00:00:00.000000000 Z
+date: 2018-11-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -150,6 +150,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 5.2.0
+- !ruby/object:Gem::Dependency
+  name: rack-cors
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -235,9 +249,11 @@ files:
 - config/routes.rb
 - lib/apicasso.rb
 - lib/apicasso/active_record_extension.rb
+- lib/apicasso/configuration.rb
 - lib/apicasso/engine.rb
 - lib/apicasso/version.rb
 - lib/generators/apicasso/install/install_generator.rb
+- lib/generators/apicasso/install/templates/apicasso.rb
 - lib/generators/apicasso/install/templates/create_apicasso_tables.rb
 - spec/apicasso_spec.rb
 - spec/dummy/Gemfile
@@ -262,12 +278,8 @@ files:
 - spec/dummy/config/environments/development.rb
 - spec/dummy/config/environments/production.rb
 - spec/dummy/config/environments/test.rb
-- spec/dummy/config/initializers/application_controller_renderer.rb
-- spec/dummy/config/initializers/backtrace_silencers.rb
-- spec/dummy/config/initializers/cors.rb
+- spec/dummy/config/initializers/apicasso.rb
 - spec/dummy/config/initializers/filter_parameter_logging.rb
-- spec/dummy/config/initializers/inflections.rb
-- spec/dummy/config/initializers/mime_types.rb
 - spec/dummy/config/initializers/wrap_parameters.rb
 - spec/dummy/config/locales/en.yml
 - spec/dummy/config/puma.rb
@@ -334,12 +346,8 @@ test_files:
 - spec/dummy/config/environments/development.rb
 - spec/dummy/config/environments/production.rb
 - spec/dummy/config/environments/test.rb
-- spec/dummy/config/initializers/application_controller_renderer.rb
-- spec/dummy/config/initializers/backtrace_silencers.rb
-- spec/dummy/config/initializers/cors.rb
+- spec/dummy/config/initializers/apicasso.rb
 - spec/dummy/config/initializers/filter_parameter_logging.rb
-- spec/dummy/config/initializers/inflections.rb
-- spec/dummy/config/initializers/mime_types.rb
 - spec/dummy/config/initializers/wrap_parameters.rb
 - spec/dummy/config/locales/en.yml
 - spec/dummy/config/puma.rb

data/spec/dummy/config/initializers/application_controller_renderer.rb

@@ -1,8 +0,0 @@
-# Be sure to restart your server when you modify this file.
-
-# ActiveSupport::Reloader.to_prepare do
-#   ApplicationController.renderer.defaults.merge!(
-#     http_host: 'example.org',
-#     https: false
-#   )
-# end

data/spec/dummy/config/initializers/backtrace_silencers.rb

@@ -1,7 +0,0 @@
-# Be sure to restart your server when you modify this file.
-
-# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
-# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
-
-# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
-# Rails.backtrace_cleaner.remove_silencers!

data/spec/dummy/config/initializers/cors.rb

@@ -1,16 +0,0 @@
-# Be sure to restart your server when you modify this file.
-
-# Avoid CORS issues when API is called from the frontend app.
-# Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin AJAX requests.
-
-# Read more: https://github.com/cyu/rack-cors
-
-# Rails.application.config.middleware.insert_before 0, Rack::Cors do
-#   allow do
-#     origins 'example.com'
-#
-#     resource '*',
-#       headers: :any,
-#       methods: [:get, :post, :put, :patch, :delete, :options, :head]
-#   end
-# end

data/spec/dummy/config/initializers/inflections.rb

@@ -1,16 +0,0 @@
-# Be sure to restart your server when you modify this file.
-
-# Add new inflection rules using the following format. Inflections
-# are locale specific, and you may define rules for as many different
-# locales as you wish. All of these examples are active by default:
-# ActiveSupport::Inflector.inflections(:en) do |inflect|
-#   inflect.plural /^(ox)$/i, '\1en'
-#   inflect.singular /^(ox)en/i, '\1'
-#   inflect.irregular 'person', 'people'
-#   inflect.uncountable %w( fish sheep )
-# end
-
-# These inflection rules are supported but not enabled by default:
-# ActiveSupport::Inflector.inflections(:en) do |inflect|
-#   inflect.acronym 'RESTful'
-# end

data/spec/dummy/config/initializers/mime_types.rb

@@ -1,4 +0,0 @@
-# Be sure to restart your server when you modify this file.
-
-# Add new mime types for use in respond_to blocks:
-# Mime::Type.register "text/richtext", :rtf