bullet_train 1.2.5 → 1.2.7

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fa2dfac5d71da28521ac903aef4acba2c5834f2da5c83ed89f4eb2dd1badf143
4
- data.tar.gz: 7786d24e4271cf0547b495addefabbc46b0aaf58eb1672a3ab24ff5cb22a366e
3
+ metadata.gz: a8af0861111947e0fad526fe89c7d1b6180f65b9122610eeaf26f8503ba50fed
4
+ data.tar.gz: 307372ed882d3e0e07f4a32810926cbeaf9497561d4db4faa1927765657ec961
5
5
  SHA512:
6
- metadata.gz: cf4cb1f74f1c85df573e544a7e6d03eac8d0db92a7fdb847de163d26527d153d7343cef139450e88d4d5332fe3728fbc9dc61f592ad84eeaf314bc40f378b40c
7
- data.tar.gz: a347aa6b5e8234d6a90ce95a3c3e19e372597b45d4272e1e9a6feecc28bfbbfe5d9e24e6bc914ceb7e95eb8cdf9b187bc7a564ee30d8bd6c5f9d5e089ea62782
6
+ metadata.gz: 993b1e6a8b6e73bad6f04c4e3c2caa1c3d5476ee0bea64972ee7ed9b2bfcefa69ebffc4af3fb3a33fdbbbd1fc8c49d0bd23c5f50894f2a7544132d3b6304ec5b
7
+ data.tar.gz: d76a30a93bab13b98f8e0ac8dbedab25c6eb74f7158211e200e74e4e636ede62eae4fa0be688601c3bf817a2ad73e218dad96a05db2cb77ef9b942fc95d6113a
@@ -3,8 +3,14 @@ module DocumentationSupport
3
3
 
4
4
  def docs
5
5
  target = params[:page].presence || "index"
6
- all_paths = ([Rails.root.to_s] + `bundle show --paths`.lines.map(&:chomp))
7
- @path = all_paths.map { |path| path + "/docs/#{target}.md" }.detect { |path| File.exist?(path) }
6
+
7
+ # TODO For some reason this didn't work on Heroku.
8
+ # all_paths = ([Rails.root.to_s] + `bundle show --paths`.lines.map(&:chomp))
9
+ # @path = all_paths.map { |path| path + "/docs/#{target}.md" }.detect { |path| File.exist?(path) }
10
+
11
+ # TODO Trying to just brute force this for now.
12
+ @path = `bundle show bullet_train`.chomp + "/docs/#{target}.md"
13
+
8
14
  render :docs, layout: "docs"
9
15
  end
10
16
  end
@@ -215,15 +215,21 @@
215
215
  <% end %>
216
216
 
217
217
  <%= render 'account/shared/menu/section', title: 'Integration' do %>
218
- <%= render 'account/shared/menu/item', url: '/docs/oauth', label: 'OAuth Providers' do |p| %>
218
+ <%= render 'account/shared/menu/item', url: '/docs/api', label: 'REST API' do |p| %>
219
219
  <% p.content_for :icon do %>
220
- <i class="fal fa-at ti ti-reload"></i>
220
+ <i class="fal fa-brackets-curly ti ti-settings"></i>
221
221
  <% end %>
222
222
  <% end %>
223
223
 
224
- <%= render 'account/shared/menu/item', url: '/docs/api', label: 'REST API' do |p| %>
224
+ <%= render 'account/shared/menu/item', url: '/docs/zapier', label: 'Zapier' do |p| %>
225
225
  <% p.content_for :icon do %>
226
- <i class="fal fa-brackets-curly ti ti-settings"></i>
226
+ <i class="fal fa-bolt ti ti-bolt"></i>
227
+ <% end %>
228
+ <% end %>
229
+
230
+ <%= render 'account/shared/menu/item', url: '/docs/oauth', label: 'OAuth Providers' do |p| %>
231
+ <% p.content_for :icon do %>
232
+ <i class="fal fa-at ti ti-reload"></i>
227
233
  <% end %>
228
234
  <% end %>
229
235
 
@@ -0,0 +1,63 @@
1
+ # API Versioning
2
+ Bullet Train's API layer is designed to help support the need of software developers to evolve their API over time while continuing to maintain support for versions of the API that users have already built against.
3
+
4
+ ## What is API versioning?
5
+ By default, Bullet Train will build out a "V1" version of your API. The version number is intended to represent a contract with your users that as long as they're hitting `/api/v1` endpoints, the structure of URLs, requests, and responses won't change in a way that will break the integrations they've created.
6
+
7
+ If a change to the API would break the established contract, we want to bump the API version number so we can differentiate between developers building against the latest version of the API (e.g. "V2") and developers who wrote code against the earlier version of the API (e.g. "V1"). This allows us the opportunity to ensure that older versions of the API continue to work as previously expected by the earlier developers.
8
+
9
+ ## When should you take advantage of API versioning?
10
+ You want to bump API versions as sparingly as possible. Even with all the tooling Bullet Train provides, maintaining backwards compatibility of older API versions comes at an ongoing cost. Generally speaking, you should only bump your API version when a customer is already using an API endpoint and you're making changes to the structure of your domain model that are not strictly additive and will break the established contract.
11
+
12
+ Importantly, if the changes you're making to your domain model are only additive, you don't need to bump your API version. Users shouldn't care that you're adding new attributes or new endpoints to your API, just as long as the ones they're already using don't change in a way that is breaking for them.
13
+
14
+ ## Background
15
+ By default, the following components in your API are created in versioned namespaces:
16
+
17
+ - API controllers are in `app/controllers/api/v1` and live in an `Api::V1` module.
18
+ - JSON views are in `app/controllers/api/v1`.
19
+ - Routes are in `config/routes/api/v1.rb`.
20
+ - Tests are in `test/controllers/api/v1` and live in an `Api::V1` module.
21
+
22
+ > It's also impotant to keep in mind that some dependencies of your API and API tests like models, factories, and permissions are not versioned, but as we'll cover later, this is something our approach helps you work around.
23
+
24
+ ## Bumping Your API Version
25
+
26
+ ⚠️ You must do this _before_ making the breaking changes to your API.
27
+
28
+ If you're in a situation where you know you need to bump your API version to help lock-in a backward compatible version of your API, you can simply run:
29
+
30
+ ```
31
+ rake bullet_train:api:bump_version
32
+ ```
33
+
34
+ > TODO This Rake task doesn't exist yet.
35
+
36
+ ## What happens when you bump an API version?
37
+ When you bump your API version, all of the files and directories that are namespaced with the API version number will be duplicated into a new namespace for the new API version number.
38
+
39
+ For example, when bumping from "V1" to "V2":
40
+
41
+ - A copy of all the API controllers in `app/controllers/api/v1` are copied into `app/controllers/api/v2`.
42
+ - A copy of all the JSON views in `app/views/api/v1` are copied into `app/views/api/v2`.
43
+ - A copy of all the routes in `config/routes/api/v1.rb` are copied into `config/routes/api/v2.rb`.
44
+ - A copy of all the tests in `test/controllers/api/v1` are copied into `test/controllers/api/v2`.
45
+
46
+ We also bump the value of `BulletTrain::Api.current_version` in `config/initializers/api.rb` so tools like Super Scaffolding know which version of your API to update going forward.
47
+
48
+ ## How does this help?
49
+ As a baseline, keeping a wholesale copy of the versioned API components helps lock in their behavior and protect them from change going forward. It's not a silver bullet, since unversioned dependencies (like your model, factories, and permissions) can still affect the behavior of these versioned API components, but even in that case these copied files give us a place where we can implement the logic that helps older versions of the API continue to operate even as unversioned components like our domain model continue changing.
50
+
51
+ ### Versioned API Tests
52
+ By versioning our API tests, we lock in a copy of what the assumptions were for older versions of the API. Should unversioned dependencies like our domain model change in ways that break earlier versions of our API, the test suite will let us know and help us figure out when we've implemented the appropriate logic in the older version of the API controller to restore the expected behavior for that version of the API.
53
+
54
+ ## Advanced Topics
55
+
56
+ ### Object-Oriented Inheritance
57
+ In order to reduce the surface area of legacy API controllers that you're maintaining, it might make sense in some cases to have an older versioned API controller simply inherit from a newer version or the current version of the same API controller. For example, this might make sense for endpoints that you know didn't have breaking changes across API versions.
58
+
59
+ ### Backporting New Features to Legacy API Versions
60
+ Typically we'd recommend you use new feature availability to encourage existing API users to upgrade to the latest version of the API. However, in some situations you may really need to make a newer API feature available to a user who is locked into a legacy version of your API for some other endpoint. This is totally fine if the feature is only additive. For example, if you're just adding a newer API endpoint in a legacy version of the API, you can simply have the new API controller in the legacy version of the API inherit from the API controller in the current version of the API.
61
+
62
+ ### Pruning Unused Legacy API Endpoints
63
+ Maintaining legacy endpoints has a very real cost, so you may choose to identify which endpoints aren't being used on legacy versions of your API and prune them from that version entirely. This has the effect of requiring existing API users to keep their API usage up-to-date before expanding the surface area of usage, which may or may not be desirable for you.
data/docs/api.md ADDED
@@ -0,0 +1,106 @@
1
+ # REST API
2
+ We believe every SaaS application should have an API and [webhooks](/docs/webhooks/outgoing.md) available to users, so Bullet Train aims to help automate the creation of a production-grade REST API using Rails-native tooling and provides a forward-thinking strategy for its long-term maintenance.
3
+
4
+ ## Background
5
+ Vanilla Rails scaffolding actually provides simple API functionality out-of-the-box: You can append `.json` to the URL of any scaffold and it will render a JSON representation instead of an HTML view. This functionality continues to work in Bullet Train, but our API implementation also builds on this simple baseline using the same tools with additional organization and some new patterns.
6
+
7
+ ## Goals
8
+
9
+ ### Zero-Effort API
10
+ As with vanilla Rails scaffolding, Super Scaffolding automatically generates your API as you scaffold new models, and unlike vanilla Rails scaffolding, it will automatically keep it up-to-date as you scaffold additional attributes onto your models.
11
+
12
+ ### Versioning by Default
13
+ By separating out and versioning API controllers, views, routes, and tests, Bullet Train provides [a methodology and tooling](/docs/api/versioning.md) to help ensure that once users have built against your API, changes in the structure of your domain model and API don't unexpectedly break existing integrations. You can [read more about API versioning](/docs/api/versioning.md).
14
+
15
+ ### Standard Rails Tooling
16
+ APIs are built using standard Rails tools like `ActiveController::API`, [Strong Parameters](https://api.rubyonrails.org/classes/ActionController/StrongParameters.html), `config/routes.rb`, and [Jbuilder](https://github.com/rails/jbuilder). Maintaining API endpoints doesn't require special knowledge and feels like regular Rails development.
17
+
18
+ ### Outsourced Authentication
19
+ In the same way we've adopted [Devise](https://github.com/heartcombo/devise) for best-of-breed and battle-tested authentication on the browser side, we've adopted [Doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) for best-of-breed and battle-tested authentication on the API side.
20
+
21
+ ### DRY Authorization Logic
22
+ Because our API endpoints are standard Rails controllers, they're able to leverage the exact same [permissions definitions and authorization logic](https://github.com/bullet-train-co/bullet_train-base/blob/main/docs/permissions.md) as our account controllers.
23
+
24
+ ## Structure
25
+ Where vanilla Rails uses a single controller in `app/controllers` for both in-browser and API requests, Bullet Train splits these into two separate controllers, one in `app/controllers/account` and another in `app/controllers/api/v1`, although a lot of logic is shared between the two.
26
+
27
+ API endpoints are defined in three parts:
28
+
29
+ 1. Routes are defined in `config/routes/api/v1.rb`.
30
+ 2. Controllers are defined in the `app/controllers/api/v1` directory.
31
+ 3. Jbuilder views are defined in the `app/views/api/v1` directory.
32
+
33
+ ## "API First" and Supporting Account Controllers
34
+ As previously mentioned, there is a lot of shared logic between account and API controllers. Importantly, there are a couple of responsbilities that are implemented "API first" in API controllers and then utilized by account controllers.
35
+
36
+ ### Strong Parameters
37
+ The primary definition of Strong Parameters for a given resource is defined in the most recent version of the API controller and included from there by the account controller. In account controllers, where you might expect to see a Strong Parameters definition, you'll see the following instead:
38
+
39
+ ```ruby
40
+ include strong_parameters_from_api
41
+ ```
42
+
43
+ > This may feel counter-intuitive to some developers and you might wonder why we don't flip this around and have the primary definition in the account controller and have the API controller delegate to it. The answer is a pragmatic one: creating and maintaining the defintion of Strong Paramters in the API controller means it gets automatically frozen in time should you ever need to [bump your API version number](/api/docs/versioning.md). We probably _could_ accomplish this if things were the other way around, but it wouldn't happen automatically.
44
+
45
+ If by chance there are additional attributes that should be permitted or specific logic that needs to be run as part of the account controller (or inversely, only in the API controller), you can specify that in the controller like so:
46
+
47
+ ```ruby
48
+ def permitted_fields
49
+ [:some_specific_attribute]
50
+ end
51
+
52
+ def permitted_arrays
53
+ {some_collection: []}
54
+ end
55
+
56
+ def process_params(strong_params)
57
+ assign_checkboxes(strong_params, :some_checkboxes)
58
+ strong_params
59
+ end
60
+ ```
61
+
62
+ ### Delegating `.json` View Rendering on Account Controllers
63
+
64
+ In Bullet Train, when you append `.json` to an account URL, the account controller doesn't actually have any `.json.jbuilder` templates in its view directory within `app/views/account`. Instead, by default the controller is configured to delegate the JSON rendering to the corresponding Jbuilder templates in the most recent version of the API, like so:
65
+
66
+ ```ruby
67
+ # GET /account/projects/:id or /account/projects/:id.json
68
+ def show
69
+ delegate_json_to_api
70
+ end
71
+ ```
72
+
73
+ ## Usage Example
74
+ First, provision a platform application in section titled "Your Applications" in the "Developers" menu of the application. When you create a new platform application, an access token that doesn't automatically expire will be automatically provisioned along with it. You can then use the access token to hit the API, as seen in the following Ruby-based example:
75
+
76
+ ```ruby
77
+ require 'net/http'
78
+ require 'uri'
79
+
80
+ # Configure an API client.
81
+ client = Net::HTTP.new('localhost', 3000)
82
+
83
+ headers = {
84
+ "Content-Type" => "application/json",
85
+ "Authorization" => "Bearer GfNLkDmzOTqAacR1Kqv0VJo7ft2TT-S_p8C6zPDBFhg"
86
+ }
87
+
88
+ # Fetch the team details.
89
+ response = client.get("/api/v1/teams/1", headers)
90
+
91
+ # Parse response.
92
+ team = JSON.parse(response.body)
93
+
94
+ # Update team name.
95
+ team["name"] = "Updated Team Name"
96
+
97
+ # Push the update to the API.
98
+ # Note that the team attributes are nested under a `team` key in the JSON body.
99
+ response = client.patch("/api/v1/teams/1", {team: team}.to_json, headers)
100
+ ```
101
+
102
+ ## Advanced Topics
103
+ - [API Versioning](/docs/api/versioning.md)
104
+
105
+ ## A Note About Other Serializers and API Frameworks
106
+ In early versions of Bullet Train we made the decision to adopt a specific serialization library, [ActiveModelSerializers](https://github.com/rails-api/active_model_serializers) and in subsequent versions we went as far as to adopt an entire third-party framework ([Grape](https://github.com/ruby-grape/grape)) and a third-party API specification ([JSON:API](https://jsonapi.org)). We now consider it out-of-scope to try and make such decisions on behalf of developers. Support for them in Bullet Train applications and in Super Scaffolding could be created by third-parties.
data/docs/index.md CHANGED
@@ -40,11 +40,12 @@
40
40
  - [Stripe](/docs/billing/stripe.md)
41
41
 
42
42
  ## Integration
43
- - [OAuth Providers](/docs/oauth.md)
44
43
  - [REST API](/docs/api.md)
44
+ - [Zapier](/docs/zapier.md)
45
+ - [OAuth Providers](/docs/oauth.md)
45
46
  - [Outgoing Webhooks](/docs/webhooks/outgoing.md)
46
47
  - [Incoming Webhooks](/docs/webhooks/incoming.md)
47
-
48
+
48
49
  ## Add-Ons
49
50
  - [Font Awesome Pro](/docs/font-awesome-pro.md)
50
51
 
data/docs/zapier.md ADDED
@@ -0,0 +1,46 @@
1
+ # Integrating with Zapier
2
+ Bullet Train provides out-of-the-box support for Zapier. New Bullet Train projects include a preconfigured Zapier CLI project that is ready to `zapier deploy`.
3
+
4
+ ## Background
5
+ Zapier was designed to take advantage of an application's existing [REST API](/docs/api.md), [outgoing webhook capabilities](/docs/webhooks/outgoing.md), and OAuth2 authorization workflows. Thankfully for us, Bullet Train provides the first two and pre-configures Doorkeeper to provide the latter. We also have an smooth OAuth2 connection workflow that accounts for the mismatch between the user-based OAuth2 standard and team-based multitenancy.
6
+
7
+ ## Prerequitesites
8
+ - You must be developing in an environment with [tunneling enabled](/docs/tunneling.md).
9
+
10
+ ## Getting Started in Development
11
+ First, install the Zapier CLI tooling and deploy:
12
+
13
+ ```
14
+ cd zapier
15
+ yarn install
16
+ zapier login
17
+ zapier register
18
+ zapier push
19
+ ```
20
+
21
+ Once the application is registered in your account, you can re-run seeds in your development environment and it will create a `Platform::Application` record for Zapier:
22
+
23
+ ```
24
+ cd ..
25
+ rake db:seed
26
+ ```
27
+
28
+ When you do this for the first time, it will output some credentials for you to go back and configure for the Zapier application, like so:
29
+
30
+ ```
31
+ cd zapier
32
+ zapier env:set 1.0.0 \
33
+ BASE_URL=https://andrewculver.ngrok.io \
34
+ CLIENT_ID=... \
35
+ CLIENT_SECRET=...
36
+ cd ..
37
+ ```
38
+
39
+ You're done and can now test creating Zaps that react to example objects being created or create example objects based on other triggers.
40
+
41
+ ## Deploying in Production
42
+ We haven't figured out a good suggested process for breaking out development and production versions of the Zapier application yet, but we'll update this section when we have.
43
+
44
+ ## Future Plans
45
+ - Extend Super Scaffolding to automatically add new resources to the Zapier CLI project. For now you have to extend the Zapier CLI definitions manually.
46
+
@@ -1,3 +1,3 @@
1
1
  module BulletTrain
2
- VERSION = "1.2.5"
2
+ VERSION = "1.2.7"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bullet_train
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.5
4
+ version: 1.2.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Culver
@@ -626,6 +626,8 @@ files:
626
626
  - db/migrate/20211020200855_add_doorkeeper_application_to_memberships.rb
627
627
  - db/migrate/20211027002944_add_doorkeeper_application_to_users.rb
628
628
  - docs/action-models.md
629
+ - docs/api.md
630
+ - docs/api/versioning.md
629
631
  - docs/application-options.md
630
632
  - docs/authentication.md
631
633
  - docs/billing/stripe.md
@@ -662,6 +664,7 @@ files:
662
664
  - docs/upgrades.md
663
665
  - docs/webhooks/incoming.md
664
666
  - docs/webhooks/outgoing.md
667
+ - docs/zapier.md
665
668
  - lib/bullet_train.rb
666
669
  - lib/bullet_train/core_ext/string_emoji_helper.rb
667
670
  - lib/bullet_train/engine.rb