apicasso 0.1.2 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 75481eb1df595fc8cda2ad65bd8db05bd19d6fad66a46b6126b1a8549cafeeca
-  data.tar.gz: 51233d723df45b0c763a8632bbf913e119e476481e1fd4c6c92e041512f8b556
+  metadata.gz: ed1753c335c48bf87951c03895be8817219ae73fb171980b0819fd8d24333dc2
+  data.tar.gz: 19e4f9adb0f182af037966167deea8c92ab7a0bf99319b0ed608b56cbb68097a
 SHA512:
-  metadata.gz: 55f03cdd94bb13026d4f8042375d38195b45bdbddb5cb0a0d45e49b14c45ac71c8f6a252e37f57e383d9c1bfc530830f24a5922c5e33dee854c8f7e060135bf7
-  data.tar.gz: 380ef85943825041441e2122f46c3dcbfe31e9eac8222df89118033bf4f1133ec153e3395a7be450ee0d6feb7dabe6810a2c713fcf2d625769e2677cf1a7206e
+  metadata.gz: 03ec13eb0696da794383f0c0a3b62c7913ed0b012d20d36bc99f218fa4d2939bd736b96928dd6f843fc1bbf07e2d0142a142a0049240ca51228a5bc6ff33621f
+  data.tar.gz: 20929c52bc0cd0bfbc06cd6f0110ed3949efc50a34b7978b5c0433514fc7feea99b04a2ec404d58cce6037420748d83f0cc8b5f2eb73415750d46659a56a7c30

data/README.md

@@ -1,84 +1,84 @@
-<img src="https://raw.githubusercontent.com/ErvalhouS/APIcasso/master/APIcasso.png" width="300" /> [![Gem Version](https://badge.fury.io/rb/apicasso.svg)](https://badge.fury.io/rb/apicasso) [![Docs Coverage](https://inch-ci.org/github/autoforce/APIcasso.svg?branch=master)](https://inch-ci.org/github/autoforce/APIcasso.svg?branch=master) [![Maintainability](https://api.codeclimate.com/v1/badges/b58bbd6b9a0376f7cfc8/maintainability)](https://codeclimate.com/github/autoforce/APIcasso/maintainability) [![codecov](https://codecov.io/gh/autoforce/APIcasso/branch/master/graph/badge.svg)](https://codecov.io/gh/autoforce/APIcasso) [![Build Status](https://travis-ci.org/autoforce/APIcasso.svg?branch=master)](https://travis-ci.org/autoforce/APIcasso)
-
-JSON API development can get boring and time consuming. If you think it through, every time you make one you use almost the same route structure, pointing to the same controller actions, with the same ordering, filtering and pagination features.
-
-**APIcasso** is intended to be used as a full-fledged CRUD JSON API or as a base controller to speed-up development.
-It is a route-based resource abstraction using API key scoping. This makes it possible to make CRUD-only applications just by creating functional Rails' models. It is a perfect candidate for legacy Rails projects that do not have an API. Access to your application's resources is managed by a `.scope` JSON object per API key. It uses that permission scope to restrict and extend access.
-
-## Installation
-Add this line to your application's `Gemfile`:
-
-```ruby
-gem 'apicasso'
-```
-
-And then execute this to generate the required migrations:
-```bash
-$ rails g apicasso:install
-```
-You will need to use a database with JSON fields support to use this gem.
-
-## Usage
-After installing APIcasso into your application you can mount a full-fledged CRUD JSON API just by attaching into some route. Usually you will have it under a scoped route like `/api/v1` or a subdomain. You can do that by adding this into your `config/routes.rb`:
-```ruby
-  # To mount your APIcasso routes under the path scope `/api/v1`
-  mount Apicasso::Engine, at: "/api/v1"
-  # or, if you prefer subdomain scope isolation
-  constraints subdomain: 'apiv1' do
-    mount Apicasso::Engine, at: "/"
-  end
-```
-Your API will reflect very similarly a `resources :resource` statement with the following routes:
-```ruby
-  get '/:resource/' # Index action, listing a `:resource` collection from your application
-  post '/:resource/' # Create action for one `:resource` from your application
-  get '/:resource/:id' # Show action for one `:resource` from your application
-  patch '/:resource/:id' # Update action for one `:resource` from your application
-  delete '/:resource/:id' # Destroy action for one `:resource` from your application
-  get '/:resource/:id/:nested/' # Index action, listing a collection of a `:nested` relation from one of your application's `:resource`
-  options '/:resource/' # A schema dump for the required `:resource`
-  options '/:resource/:id/:nested/' # A schema dump for the required `:nested` relation from one of your application's `:resource`
-```
-This means all your application's models will be exposed as `:resource` and it's relations will be exposed as `:nested`. It will enable you to CRUD and get schema metadata from your records.
-
- > But this is permissive as hell! I do not want to expose my entire application like this, haven't you thought about security?
-
-*Sure!* The API is being exposed using authentication through `Authorization: Token` [HTTP header authentication](http://tools.ietf.org/html/draft-hammer-http-token-auth-01). The API key objects are manageable through the `Apicasso::Key` model, which gets setup at install. When a new key is created a `.token` is generated using an [Universally Unique Identifier(RFC 4122)](https://tools.ietf.org/html/rfc4122).
-
-Your API is then exposed based on each `Apicasso::Key.scope` definition
-```ruby
-  Apicasso::Key.create(scope:
-                        { manage:
-                            [{ order: true }, { user: { account_id: 1 } }],
-                          read:
-                            [{ account: { id: 1 } }]
-                        })
-```
-This translates directly into which parts of your application is exposed to each APIcasso keys.
-
-The key from this example will have full access to all orders and to users with `account_id == 1`. It will have also read-only access to accounts with `id == 1`.
-
-This saves you the trouble of having to setup each and every controller for each model. And even if your application really need it, just make your controllers inherit from `Apicasso::CrudController` and extend it's functionalities. This authorization feature is why one of the dependencies for this gem is [CanCanCan](https://github.com/CanCanCommunity/cancancan), that abstracts the scope field into authorization for your application's resources.
-
-The `crud#index` and `crud#nested_index` actions are already equipped with pagination, ordering and filtering.
-
- - You can pass `params[:sort]` with field names preffixed with `+` or `-` to configure custom ordering per request. I.E.: `?sort=+updated_at,-name`
- - You can pass `params[:q]` using [ransack's search matchers](https://github.com/activerecord-hackery/ransack#search-matchers) to build a search query. I.E.: `?q[full_name_start]=Picasso`
- - You can pass `params[:page]` and `params[:per_page]` to build pagination options. I.E.: `?page=2&per_page=12`
-
-## Contributing
-Bug reports and pull requests are welcome on GitHub at https://github.com/ErvalhouS/APIcasso. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant code of conduct](http://contributor-covenant.org/).
-
-## License
-The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
-
-## Code of conduct
-Everyone interacting in the APIcasso project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/ErvalhouS/APIcasso/blob/master/CODE_OF_CONDUCT.md).
-
-## TODO
-
- - Add gem options like: Token rotation, Alternative authentication methods
- - Response fields selecting
- - Rate limiting
- - Testing suite
- - Travis CI
+<img src="https://raw.githubusercontent.com/ErvalhouS/APIcasso/master/APIcasso.png" width="300" /> [![Gem Version](https://badge.fury.io/rb/apicasso.svg)](https://badge.fury.io/rb/apicasso) [![Docs Coverage](https://inch-ci.org/github/autoforce/APIcasso.svg?branch=master)](https://inch-ci.org/github/autoforce/APIcasso.svg?branch=master) [![Maintainability](https://api.codeclimate.com/v1/badges/b58bbd6b9a0376f7cfc8/maintainability)](https://codeclimate.com/github/autoforce/APIcasso/maintainability) [![codecov](https://codecov.io/gh/autoforce/APIcasso/branch/master/graph/badge.svg)](https://codecov.io/gh/autoforce/APIcasso) [![Build Status](https://travis-ci.org/autoforce/APIcasso.svg?branch=master)](https://travis-ci.org/autoforce/APIcasso)
+
+JSON API development can get boring and time consuming. If you think it through, every time you make one you use almost the same route structure, pointing to the same controller actions, with the same ordering, filtering and pagination features.
+
+**APIcasso** is intended to be used as a full-fledged CRUD JSON API or as a base controller to speed-up development.
+It is a route-based resource abstraction using API key scoping. This makes it possible to make CRUD-only applications just by creating functional Rails' models. It is a perfect candidate for legacy Rails projects that do not have an API. Access to your application's resources is managed by a `.scope` JSON object per API key. It uses that permission scope to restrict and extend access.
+
+## Installation
+Add this line to your application's `Gemfile`:
+
+```ruby
+gem 'apicasso'
+```
+
+And then execute this to generate the required migrations:
+```bash
+$ rails g apicasso:install
+```
+You will need to use a database with JSON fields support to use this gem.
+
+## Usage
+After installing APIcasso into your application you can mount a full-fledged CRUD JSON API just by attaching into some route. Usually you will have it under a scoped route like `/api/v1` or a subdomain. You can do that by adding this into your `config/routes.rb`:
+```ruby
+  # To mount your APIcasso routes under the path scope `/api/v1`
+  mount Apicasso::Engine, at: "/api/v1"
+  # or, if you prefer subdomain scope isolation
+  constraints subdomain: 'apiv1' do
+    mount Apicasso::Engine, at: "/"
+  end
+```
+Your API will reflect very similarly a `resources :resource` statement with the following routes:
+```ruby
+  get '/:resource/' # Index action, listing a `:resource` collection from your application
+  post '/:resource/' # Create action for one `:resource` from your application
+  get '/:resource/:id' # Show action for one `:resource` from your application
+  patch '/:resource/:id' # Update action for one `:resource` from your application
+  delete '/:resource/:id' # Destroy action for one `:resource` from your application
+  get '/:resource/:id/:nested/' # Index action, listing a collection of a `:nested` relation from one of your application's `:resource`
+  options '/:resource/' # A schema dump for the required `:resource`
+  options '/:resource/:id/:nested/' # A schema dump for the required `:nested` relation from one of your application's `:resource`
+```
+This means all your application's models will be exposed as `:resource` and it's relations will be exposed as `:nested`. It will enable you to CRUD and get schema metadata from your records.
+
+ > But this is permissive as hell! I do not want to expose my entire application like this, haven't you thought about security?
+
+*Sure!* The API is being exposed using authentication through `Authorization: Token` [HTTP header authentication](http://tools.ietf.org/html/draft-hammer-http-token-auth-01). The API key objects are manageable through the `Apicasso::Key` model, which gets setup at install. When a new key is created a `.token` is generated using an [Universally Unique Identifier(RFC 4122)](https://tools.ietf.org/html/rfc4122).
+
+Your API is then exposed based on each `Apicasso::Key.scope` definition
+```ruby
+  Apicasso::Key.create(scope:
+                        { manage:
+                            [{ order: true }, { user: { account_id: 1 } }],
+                          read:
+                            [{ account: { id: 1 } }]
+                        })
+```
+This translates directly into which parts of your application is exposed to each APIcasso keys.
+
+The key from this example will have full access to all orders and to users with `account_id == 1`. It will have also read-only access to accounts with `id == 1`.
+
+This saves you the trouble of having to setup each and every controller for each model. And even if your application really need it, just make your controllers inherit from `Apicasso::CrudController` and extend it's functionalities. This authorization feature is why one of the dependencies for this gem is [CanCanCan](https://github.com/CanCanCommunity/cancancan), that abstracts the scope field into authorization for your application's resources.
+
+The `crud#index` and `crud#nested_index` actions are already equipped with pagination, ordering and filtering.
+
+ - You can pass `params[:sort]` with field names preffixed with `+` or `-` to configure custom ordering per request. I.E.: `?sort=+updated_at,-name`
+ - You can pass `params[:q]` using [ransack's search matchers](https://github.com/activerecord-hackery/ransack#search-matchers) to build a search query. I.E.: `?q[full_name_start]=Picasso`
+ - You can pass `params[:page]` and `params[:per_page]` to build pagination options. I.E.: `?page=2&per_page=12`
+
+## Contributing
+Bug reports and pull requests are welcome on GitHub at https://github.com/ErvalhouS/APIcasso. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant code of conduct](http://contributor-covenant.org/).
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of conduct
+Everyone interacting in the APIcasso project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/ErvalhouS/APIcasso/blob/master/CODE_OF_CONDUCT.md).
+
+## TODO
+
+ - Add gem options like: Token rotation, Alternative authentication methods
+ - Response fields selecting
+ - Rate limiting
+ - Testing suite
+ - Travis CI

data/Rakefile

@@ -1,32 +1,32 @@
-begin
-  require 'bundler/setup'
-rescue LoadError
-  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
-end
-
-require 'rdoc/task'
-
-RDoc::Task.new(:rdoc) do |rdoc|
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title    = 'Apicasso'
-  rdoc.options << '--line-numbers'
-  rdoc.rdoc_files.include('README.md')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end
-
-APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
-load 'rails/tasks/engine.rake'
-
-load 'rails/tasks/statistics.rake'
-
-require 'bundler/gem_tasks'
-
-require 'rake/testtask'
-
-Rake::TestTask.new(:test) do |t|
-  t.libs << 'test'
-  t.pattern = 'test/**/*_test.rb'
-  t.verbose = false
-end
-
-task default: :test
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Apicasso'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test

data/app/assets/config/apicasso_manifest.js

@@ -1,2 +1,2 @@
-//= link_directory ../javascripts/apicasso .js
-//= link_directory ../stylesheets/apicasso .css
+//= link_directory ../javascripts/apicasso .js
+//= link_directory ../stylesheets/apicasso .css

data/app/assets/javascripts/apicasso/application.js

@@ -1,15 +1,15 @@
-// This is a manifest file that'll be compiled into application.js, which will include all the files
-// listed below.
-//
-// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
-// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
-//
-// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
-// compiled file. JavaScript code in this file should be added after the last require_* statement.
-//
-// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
-// about supported directives.
-//
-//= require rails-ujs
-//= require activestorage
-//= require_tree .
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file. JavaScript code in this file should be added after the last require_* statement.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require rails-ujs
+//= require activestorage
+//= require_tree .

data/app/assets/stylesheets/apicasso/application.css

@@ -1,15 +1,15 @@
-/*
- * This is a manifest file that'll be compiled into application.css, which will include all the files
- * listed below.
- *
- * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
- * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
- *
- * You're free to add application-wide styles to this file and they'll appear at the bottom of the
- * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
- * files in this directory. Styles in this file should be added after the last require_* statement.
- * It is generally better to create a new file per style scope.
- *
- *= require_tree .
- *= require_self
- */
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/apicasso/application_controller.rb

@@ -1,104 +1,104 @@
-# frozen_string_literal: true
-
-module Apicasso
-  # Controller to extract common API features,
-  # such as authentication and authorization
-  class ApplicationController < ActionController::API
-    include ActionController::HttpAuthentication::Token::ControllerMethods
-    prepend_before_action :restrict_access
-    after_action :register_api_request
-
-    # Sets the authorization scope for the current API key
-    def current_ability
-      @current_ability ||= Apicasso::Ability.new(@api_key)
-    end
-
-    private
-
-    # Identifies API key used in the request, avoiding unauthenticated access
-    def restrict_access
-      authenticate_or_request_with_http_token do |token, _options|
-        @api_key = Apicasso::Key.find_by!(token: token)
-      end
-    end
-
-    # Creates a request object in databse, registering the API key and
-    # a hash of the request and the response
-    def register_api_request
-      Apicasso::Request.delay.create(api_key_id: @api_key.id,
-                                     object: { request: request_hash,
-                                               response: response_hash })
-    end
-
-    # Request data built as a hash.
-    # Returns UUID, URL, HTTP Headers and origin IP
-    def request_hash
-      {
-        uuid: request.uuid,
-        url: request.original_url,
-        headers: request.env.select { |key, _v| key =~ /^HTTP_/ },
-        ip: request.remote_ip
-      }
-    end
-
-    # Resonse data built as a hash.
-    # Returns HTTP Status and request body
-    def response_hash
-      {
-        status: response.status,
-        body: JSON.parse(response.body)
-      }
-    end
-
-    # Used to avoid errors parsing the search query,
-    # which can be passed as a JSON or as a key-value param
-    def parsed_query
-      JSON.parse(params[:q])
-    rescue JSON::ParserError, TypeError
-      params[:q]
-    end
-
-    # Used to avoid errors in included associations parsing
-    def parsed_include
-      params[:include].split(',')
-    rescue NoMethodError
-      []
-    end
-
-    # Receives a `.paginate`d collection and returns the pagination
-    # metadata to be merged into response
-    def pagination_metadata_for(records)
-      { total: records.total_entries,
-        total_pages: records.total_pages,
-        last_page: records.next_page.blank?,
-        previous_page: previous_link_for(records),
-        next_page: next_link_for(records),
-        out_of_bounds: records.out_of_bounds?,
-        offset: records.offset }
-    end
-
-    # Generates a contextualized URL of the next page for this request
-    def next_link_for(records)
-      uri = URI.parse(request.original_url)
-      query = Rack::Utils.parse_query(uri.query)
-      query['page'] = records.next_page
-      uri.query = Rack::Utils.build_query(query)
-      uri.to_s
-    end
-
-    # Generates a contextualized URL of the previous page for this request
-    def previous_link_for(records)
-      uri = URI.parse(request.original_url)
-      query = Rack::Utils.parse_query(uri.query)
-      query['page'] = records.previous_page
-      uri.query = Rack::Utils.build_query(query)
-      uri.to_s
-    end
-
-    # Receives a `:action, :resource, :object` hash to validate authorization
-    def authorize_for(opts = {})
-      authorize! opts[:action], opts[:resource] if opts[:resource].present?
-      authorize! opts[:action], opts[:object] if opts[:object].present?
-    end
-  end
-end
+# frozen_string_literal: true
+
+module Apicasso
+  # Controller to extract common API features,
+  # such as authentication and authorization
+  class ApplicationController < ActionController::API
+    include ActionController::HttpAuthentication::Token::ControllerMethods
+    prepend_before_action :restrict_access
+    after_action :register_api_request
+
+    # Sets the authorization scope for the current API key
+    def current_ability
+      @current_ability ||= Apicasso::Ability.new(@api_key)
+    end
+
+    private
+
+    # Identifies API key used in the request, avoiding unauthenticated access
+    def restrict_access
+      authenticate_or_request_with_http_token do |token, _options|
+        @api_key = Apicasso::Key.find_by!(token: token)
+      end
+    end
+
+    # Creates a request object in databse, registering the API key and
+    # a hash of the request and the response
+    def register_api_request
+      Apicasso::Request.delay.create(api_key_id: @api_key.id,
+                                     object: { request: request_hash,
+                                               response: response_hash })
+    end
+
+    # Request data built as a hash.
+    # Returns UUID, URL, HTTP Headers and origin IP
+    def request_hash
+      {
+        uuid: request.uuid,
+        url: request.original_url,
+        headers: request.env.select { |key, _v| key =~ /^HTTP_/ },
+        ip: request.remote_ip
+      }
+    end
+
+    # Resonse data built as a hash.
+    # Returns HTTP Status and request body
+    def response_hash
+      {
+        status: response.status,
+        body: JSON.parse(response.body)
+      }
+    end
+
+    # Used to avoid errors parsing the search query,
+    # which can be passed as a JSON or as a key-value param
+    def parsed_query
+      JSON.parse(params[:q])
+    rescue JSON::ParserError, TypeError
+      params[:q]
+    end
+
+    # Used to avoid errors in included associations parsing
+    def parsed_include
+      params[:include].split(',')
+    rescue NoMethodError
+      []
+    end
+
+    # Receives a `.paginate`d collection and returns the pagination
+    # metadata to be merged into response
+    def pagination_metadata_for(records)
+      { total: records.total_entries,
+        total_pages: records.total_pages,
+        last_page: records.next_page.blank?,
+        previous_page: previous_link_for(records),
+        next_page: next_link_for(records),
+        out_of_bounds: records.out_of_bounds?,
+        offset: records.offset }
+    end
+
+    # Generates a contextualized URL of the next page for this request
+    def next_link_for(records)
+      uri = URI.parse(request.original_url)
+      query = Rack::Utils.parse_query(uri.query)
+      query['page'] = records.next_page
+      uri.query = Rack::Utils.build_query(query)
+      uri.to_s
+    end
+
+    # Generates a contextualized URL of the previous page for this request
+    def previous_link_for(records)
+      uri = URI.parse(request.original_url)
+      query = Rack::Utils.parse_query(uri.query)
+      query['page'] = records.previous_page
+      uri.query = Rack::Utils.build_query(query)
+      uri.to_s
+    end
+
+    # Receives a `:action, :resource, :object` hash to validate authorization
+    def authorize_for(opts = {})
+      authorize! opts[:action], opts[:resource] if opts[:resource].present?
+      authorize! opts[:action], opts[:object] if opts[:object].present?
+    end
+  end
+end