app_rail-airtable 0.2.10 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3e57f8d279b01f1a7672be43fce5dda36da9df13bc3152399646f5be729d522c
-  data.tar.gz: 7928368ae9d1b4edfd75c651af688be2aa0e7697f31fd5c87afb1a9e96e3945c
+  metadata.gz: 592d97e9fc6dbe4177847fdbfbc5c003620d179caee7887efb23f91d5f736ca7
+  data.tar.gz: 985e3ac9e23f4fe318c4944c2c3720a656faead5b5de3e3149fe58013aaa173c
 SHA512:
-  metadata.gz: 5eef1c52f304ffe1b0050ff5a7278e47c825dce1e7e08a7af69550894070e23a465dc719fce7dddabfa06de9336f2b63d230685098d09a5c02711b17fe43394d
-  data.tar.gz: e3629a453d333d78aac608f45ac04b303b27c636f4350fb0f5c2b42c739756a274faabd55a08278b0cc445a5777f62ae57431acea477dae20575ff1cfac53e59
+  metadata.gz: 80ae0eea7fbd168f1b469a5bfc9255940f0c62875d232427fd654d123e3b02aab822646cf6fa23313ca3fe7e653d0d73935927b8c6dff74dec8a01acf5edd431
+  data.tar.gz: 83e8736f2dc7dc42d276c45a83d8597c98d1f38faee8cf09e581f19256f22f64de81fa34a1acf9f290f9e4638a4bc00f14e25787d29bf2507d2bc3bbba44a13b

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    app_rail-airtable (0.2.10)
+    app_rail-airtable (0.3.0)
       activesupport
       airrecord
       bcrypt

data/README.md

@@ -36,7 +36,18 @@ To provide support for routes, models can implement
 In order to support authentication you should create a class (normally `User`) and inherit from `AppRail::Airtable::AuthenticationRecord`. Your table needs `Email`, `Password Hash` and `Access Token` columns.
     
 ### Servers
-You should create a single server which extends `AppRail::Airtable::Sinatra`, then add routes with the `resources` macro to add `index`, `show` and `create` routes. You can also provide your own routes.
+You should create a single server which extends `AppRail::Airtable::Sinatra`.
+
+App Rail Airtable provides two helpers to generate routes
+
+**resources(name, only:)**
+Creates routes that map to a table. It delegates from the route to a model method
+* `index` to `ar_list_item`
+* `show` to `ar_stack`
+* `create` to `self.create_as_json`
+
+**authenticable_resources(name, , only:)** 
+Acts as `resources` but also takes a block of routes. Those nested routes will all call the `authenticate!` helper method before running. The `authenticate!` helper will call a lookup helper `find_authenticatable_resource(access_token:)` with the bearer token found in the `HTTP_AUTHORIZATION` header, which should be used to look up the correct object or return nil if none is found (resulting in a 401 response).
 
 ## License
 

data/lib/app_rail/airtable/authenticatable.rb

@@ -23,9 +23,10 @@ module AppRail
         end
   
         def find_by_email_and_password(email, password)
-          all(filter: "AND({Email} = \"#{email}\",{Password Hash} = \"#{password_hash(password)}\")").first
+          user = all(filter: "{Email} = \"#{email}\"").first
+          user.valid_password?(password) ? user : nil
         end
-  
+
         def find_by_access_token(access_token)
           all(filter: "{Access Token} = \"#{access_token}\"").first 
         end
@@ -38,6 +39,14 @@ module AppRail
           SecureRandom.hex
         end    
       end
+      
+      def valid_password?(password)
+        BCrypt::Password.new(password_hash) == password
+      end
+      
+      def password_hash
+        self["Password Hash"]
+      end
     
       def oauth_session
         { access_token: self["Access Token"], scope: :user, refresh_token: "", token_type: :bearer, expires_in: 60000 }

data/lib/app_rail/airtable/authentication_helpers.rb

@@ -6,7 +6,7 @@ module AppRail
       end
   
       def find_current_user
-        authorization_header && bearer_token ? User.find_by_access_token(bearer_token) : nil
+        authorization_header && bearer_token ? find_authenticatable_resource(access_token: bearer_token) : nil
       end
   
       def bearer_token

data/lib/app_rail/airtable/sinatra.rb

@@ -24,6 +24,7 @@ end
 module AppRail
   module Airtable
     class Sinatra < Sinatra::Base
+      @@authenticated_route = false
       
       helpers do
         def request_body_as_json
@@ -35,36 +36,52 @@ module AppRail
           request_body_as_json.merge(params)
         end
       end
+      
+      def self.authenticatable_resources(name, only: [:index, :show, :create])
+        
+        # If authentication is used then include the correct helpers
+        # Allowing the routes to use `authenticate!` and `current_user`
+        helpers AppRail::Airtable::AuthenticationHelpers
+        
+        resources(name, only: only)
+        @@authenticated_route = true
+        yield
+        @@authenticated_route = false
+      end
 
-      def self.resources(name, only: [:index, :show, :create], authenticated: false)
+      def self.resources(name, only: [:index, :show, :create])
         only = [only] if only.is_a?(Symbol)
         
-        index_route(name, authenticated) if only.include?(:index)
-        show_route(name, authenticated) if only.include?(:show)
-        create_route(name, authenticated) if only.include?(:create)
+        index_route(name, authenticated_route?) if only.include?(:index)
+        show_route(name, authenticated_route?) if only.include?(:show)
+        create_route(name, authenticated_route?) if only.include?(:create)
       end
       
-      def self.index_route(name, authenticated)
+      def self.index_route(name, authenticated_route)
         get "/#{name.to_s}" do
-          authenticate! if authenticated
-          name.classify_constantize.index(user: authenticated ? current_user : nil).map(&:ar_list_item_as_json).to_json
+          authenticate! if authenticated_route
+          name.classify_constantize.index(user: authenticated_route ? current_user : nil).map(&:ar_list_item_as_json).to_json
         end
       end
       
-      def self.show_route(name, authenticated)
+      def self.show_route(name, authenticated_route)
         get "/#{name.to_s}/:id" do
-          authenticate! if authenticated
+          authenticate! if authenticated_route
           name.classify_constantize.find(params['id']).ar_stack_as_json.to_json
         end
       end
       
-      def self.create_route(name, authenticated)
+      def self.create_route(name, authenticated_route)
         post "/#{name.to_s}" do
-          authenticate! if authenticated
-          as_json = name.classify_constantize.create_as_json(current_user: authenticated ? current_user : nil, params: params_and_body_as_json)
+          authenticate! if authenticated_route
+          as_json = name.classify_constantize.create_as_json(current_user: authenticated_route ? current_user : nil, params: params_and_body_as_json)
           [201, as_json.to_json] 
         end
       end
+      
+      def self.authenticated_route?
+        @@authenticated_route
+      end
     end
   end
 end

data/lib/app_rail/airtable/version.rb

@@ -1,5 +1,5 @@
 module AppRail
   module Airtable
-    VERSION = "0.2.10"
+    VERSION = "0.3.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: app_rail-airtable
 version: !ruby/object:Gem::Version
-  version: 0.2.10
+  version: 0.3.0
 platform: ruby
 authors:
 - Matt Brooke-Smith
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-10-06 00:00:00.000000000 Z
+date: 2021-10-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport