RubyGems - bookingsync_application - Versions diffs - 0.5.0 → 1.0.0 - Mend

bookingsync_application 0.5.0 → 1.0.0

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2f8fb2b1a6a8bcefd6d73a7e9e745b6aa7600df8
-  data.tar.gz: cdd243437c4a1f7f6cdd41277699217b261ebb8e
+  metadata.gz: 90582eda500acd3957936b6500efc62c9d806a77
+  data.tar.gz: 86ae92357ae31b8d8665f2399e812c20a0093488
 SHA512:
-  metadata.gz: 6cb676ca895252b170785de522dbd12581c1730f3cf57a988db515a8d6b053915277e0d355f0f0eb0e0dc6f40f238bb438d969cf2308cede8f36227a65a5ef18
-  data.tar.gz: 0f3e893c58e1b3a569f0f2c8fe06fdda9d4d995af8256d8945fcb6e465b8e5dfeaa6a06fea982106578e7393c3e35202127bb764f228c18cccc20896906abc52
+  metadata.gz: 30b3703d3986fe9e4f275bfbdf5e65eb36ccc013a8fe343266a40b737ee2ab38f4753f8ddb34a26934953701ae39b33d260e68f3edb50bf0aeeb5408474b9758
+  data.tar.gz: 86e2ad190884380f79b11422faed1fbcd048b25056b2882979e4c687b169452c746e7668a2549cde504d2b144b6da5bc5de2a48c9b2eb1b04707c9ecaca5e2dc

data/README.md CHANGED Viewed

@@ -76,9 +76,9 @@ We now want to provide secured controllers, this controllers will be accessible
 You have 2 options pre built for this:
-1) Create base admin controller (it will be `json` based):
+1) Create base API controller (it will be `json` based):
 ```
-class Admin::BaseController < BookingsyncApplication::Admin::BaseController
+class Api::BaseController < BookingsyncApplication::Api::BaseController
 end
 ```
@@ -87,13 +87,46 @@ end
 class Admin::BaseHTMLController < ApplicationController
   respond_to :html
-  include BookingsyncApplication::Admin::CommonBaseController
+  include BookingsyncApplication::Controllers::CommonBase
 end
 ```
 _Note: When saving new token, this gem uses a separate thread with new db connection to ensure token save (in case of a rollback in the main transaction). To make room for the new connections, it is recommended to increase db `pool` size by 2-3._
+### BookingSync Universe API
+You can expose the application API by taking advantage of BookingSync Universe API concept. BookingSync Universe API is about making all the APIs accessible by the same token that is acquired in standard OAuth flow as outlined in the [docs](http://developers.bookingsync.com/reference/authorization/). The authentication is handled on BookingSync Core API, but the authorization is up to the application to handle.
+To enable BookingSync Universe API for the controller, include `BookingsyncApplication::Controllers::BookingsyncUniverseApiAccess` module:
+``` ruby
+class Api::ControllerForBookingsyncUniverseApi < BookingsyncApplication::Api::BaseController
+  include BookingsyncApplication::Controllers::BookingsyncUniverseApiAccess
+  def index
+    head 200
+  end
+end
+```
+If the request includes `Authorization` header (you can read more about the expected format in the [docs](http://developers.bookingsync.com/reference/)), it will be proxied to BookingSync Core API to check if the token is valid or not. If the token is not valid, `401` error will be returned with the corresponding error in the body. If it's valid, the account that is the owner of the token will be authenticated. By default there is no any extra authorization layer and as long as BookingSync Universe API is enabled all the endpoints will be accessible. To handle authorization you can use `bookingsync_universe_authorize_request!` method:
+``` ruby
+class Api::ControllerForBookingsyncUniverseApi < BookingsyncApplication::Api::BaseController
+  include BookingsyncApplication::Controllers::BookingsyncUniverseApiAccess
+  before_action -> { bookingsync_universe_authorize_request! :clients_read, :clients_write },
+    only: :index
+  def index
+    head 200
+  end
+end
+```
+`bookingsync_universe_authorize_request!` expects the list of [scopes](http://developers.bookingsync.com/reference/authorization/#scopes) that are required to access this endpoint. If at least one of them is present on the token, the request will be authorized. Otherwise `403` error will be returned with the corresponding error message in the body.
 ## Configuration
 The engine is configured by the following ENV variables:

data/app/controllers/bookingsync_application/{admin → api}/base_controller.rb RENAMED Viewed

@@ -1,9 +1,9 @@
 require 'jsonapi/resource_controller'
-class BookingsyncApplication::Admin::BaseController < JSONAPI::ResourceController
+class BookingsyncApplication::Api::BaseController < JSONAPI::ResourceController
   before_action :set_json_format
-  include BookingsyncApplication::Admin::CommonBaseController
+  include BookingsyncApplication::Controllers::CommonBase
   protected

data/lib/bookingsync_application/controllers/bookingsync_universe_api_access.rb ADDED Viewed

@@ -0,0 +1,74 @@
+module BookingsyncApplication
+  module Controllers
+    module BookingsyncUniverseApiAccess
+      private
+      def authenticate_account!
+        if auth = request.headers["Authorization"].presence
+          response = Faraday.new(url: bookingsync_url).get do |req|
+            req.url auth_path
+            req.headers["Authorization"] = auth
+          end
+          if response.success?
+            @scope = AuthorizationScope.from_response(response)
+            session[:account_id] = scope.account_id
+          else
+            render json: response.body, status: response.status and return
+          end
+        else
+          super
+        end
+      end
+      def bookingsync_url
+        "#{ENV['BOOKINGSYNC_URL']}"
+      end
+      def auth_path
+        "/api/v3/auth"
+      end
+      def scope
+        @scope
+      end
+      def bookingsync_universe_authorize_request!(*required_scopes)
+        if !scope.allows_access_for?(Array(required_scopes).map(&:to_s))
+          render json: { errors: [ { code: :forbidden } ] }, status: 403 and return
+        end
+      end
+      class AuthorizationScope
+        attr_reader :response_hash
+        private     :response_hash
+        def self.from_response(response)
+          new(JSON.parse(response.body))
+        end
+        def initialize(response_hash)
+          @response_hash = response_hash
+        end
+        def scopes
+          auth.fetch("scopes").map(&:to_s)
+        end
+        def account_id
+          auth.fetch("account_id")
+        end
+        def allows_access_for?(required_scopes)
+          required_scopes.any? { |scope| scopes.include?(scope) }
+        end
+        private
+        def auth
+          @auth ||= response_hash.fetch("auth")
+        end
+      end
+    end
+  end
+end

data/lib/bookingsync_application/{admin/common_base_controller.rb → controllers/common_base.rb} RENAMED Viewed

@@ -1,6 +1,6 @@
 module BookingsyncApplication
-  module Admin
-    module CommonBaseController
+  module Controllers
+    module CommonBase
       def self.included(base)
         base.class_eval do
           force_ssl

data/lib/bookingsync_application/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module BookingsyncApplication
-  VERSION = '0.5.0'
+  VERSION = '1.0.0'
 end

data/lib/bookingsync_application.rb CHANGED Viewed

@@ -3,7 +3,8 @@ require 'synced'
 require 'dotenv-rails'
 require 'jsonapi-resources'
 require 'bookingsync_application/engine'
-require 'bookingsync_application/admin/common_base_controller'
+require 'bookingsync_application/controllers/common_base'
+require 'bookingsync_application/controllers/bookingsync_universe_api_access'
 module BookingsyncApplication
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bookingsync_application
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Marcin Nowicki
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-12-24 00:00:00.000000000 Z
+date: 2017-06-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -18,28 +18,34 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4.1'
+        version: '4.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4.1'
+        version: '4.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.1'
 - !ruby/object:Gem::Dependency
   name: bookingsync-engine
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.0
+        version: 2.0.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.0
+        version: 2.0.1
 - !ruby/object:Gem::Dependency
   name: jsonapi-resources
   requirement: !ruby/object:Gem::Requirement
@@ -190,11 +196,12 @@ files:
 - MIT-LICENSE
 - README.md
 - Rakefile
-- app/controllers/bookingsync_application/admin/base_controller.rb
+- app/controllers/bookingsync_application/api/base_controller.rb
 - app/controllers/bookingsync_application/webhooks/base_controller.rb
 - config/routes.rb
 - lib/bookingsync_application.rb
-- lib/bookingsync_application/admin/common_base_controller.rb
+- lib/bookingsync_application/controllers/bookingsync_universe_api_access.rb
+- lib/bookingsync_application/controllers/common_base.rb
 - lib/bookingsync_application/engine.rb
 - lib/bookingsync_application/spec_helper.rb
 - lib/bookingsync_application/version.rb
@@ -219,7 +226,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.5.2
+rubygems_version: 2.6.10
 signing_key:
 specification_version: 4
 summary: A Rails engine to simplify building BookingSync Applications