ctws 0.1.5.alpha

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 0a79d5e21625b0567f9a3cca15eaee2828f01a34
+  data.tar.gz: 4ca11d4f89b12d6b0c353cbc0541efb9a7b2d07c
+SHA512:
+  metadata.gz: b7d96fa180bc72676e003910f0ef4cf6aec988db26625dbbd39d67a0e5b9a96675df1969ea574b74275761766fe0068d70eaa1f50ecfb552d0afffe5879626ae
+  data.tar.gz: 22a334939b4b7f159d62fa9d01f6db7cec8dae94e4f7232852aac0113ebfec742b09eb3971652574994e0211a44e3d7d9dd827f90e2ad4a26f493f53986371b3

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 CodiTramuntana
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,295 @@
+# ctws
+
+Rails gem to be used as Webservice RESTful JSON API with Rails 5.
+
+With `MinAppVersion` and `User` resources, with token based authentication [JSON Web Tokens](https://jwt.io/).
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'ctws'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install ctws
+```
+
+## Mounting the Engine
+
+To make the `ctws` engine's functionality accessible from within your application, it needs to be mounted in that application's `config/routes.rb` file:
+
+```ruby
+mount Ctws::Engine, at: "/ws"
+```
+
+This line will mount the engine at `/ws` in the application. Making it accessible at `http://localhost:3000/ws` when the application runs with rails
+server. It can be whatever you want.
+
+## Engine setup
+
+The engine contains migrations for the `ctws_min_app_version` and `xxx` table which need to be created in the application's database so that the engine's models can query them correctly. 
+To copy these migrations into the application run the following command from the Rails App root, then run these migrations:
+
+```bash
+rails ctws:install:migrations
+rails db:migrate
+``` 
+
+If you want to revert engine's migrations before removing it. To revert all migrations from blorgh engine you can run code such as:
+
+```bash
+bin/rails db:migrate SCOPE=ctws VERSION=0
+```
+
+### Hook the application `User` model with the engine
+
+By default the user model is `User` but you can change it by creating or editing the `ctws.rb` initializer file in `config/initializers` and put this content in it:
+
+```ruby 
+Ctws.user_class = "Account"
+```
+
+The application `User` model **must have the `email` attribute**.
+
+The **`password` is optional** by default a user is validated with password, for `password` validation [`ActiveModel::SecurePassword::InstanceMethodsOnActivation authenticate`](https://apidock.com/rails/v4.2.7/ActiveModel/SecurePassword/InstanceMethodsOnActivation/authenticate) and [`Devise::Models::DatabaseAuthenticatable#valid_password?`](http://www.rubydoc.info/github/plataformatec/devise/Devise%2FModels%2FDatabaseAuthenticatable:valid_password%3F) User instance methods are supported.
+
+To opt out the user validation with the password change it by creating or editing the `ctws.rb` initializer file in `config/initializers` and put this content in it:
+
+```ruby 
+Ctws.user_validate_with_password = false
+```
+You can edit your app's required fields for signup by creating or editing the `ctws.rb` initializer file in `config/initializers` and put your strong parameters:
+
+```ruby 
+Ctws.user_class_strong_params = %i(email password password_confirmation
+```
+
+### Set the `JWT` expiry time
+
+By default the token expiry time is 24h but you can change it by creating or editing the `ctws.rb` initializer file in `config/initializers` and put this content in it:
+
+```ruby 
+Ctws.jwt_expiration_time = 24.hours.from_now
+```
+
+<!--
+Change the app's models so that they know that they are supposed to act like ctws:
+
+```ruby
+# app/models/user.rb
+
+class User < ApplicationRecord
+  acts_as_ctws
+end
+```
+-->
+
+## Endpoints
+
+| Endpoint                                           | Functionality                                    | Requires Authentication?  |
+| -------------------------------------------------- | -----------------------------------------------: | :-----------------------: |
+| `GET    /ctws/v1/min_app_version`                  | Get latest minimum app version for all platforms | No                        |
+| `POST   /ctws/signup`                              | Signup                                           | No                        |
+| `POST   /ctws/login`                               | Login                                            | No                        |
+<!--
+| `GET    /ctws/v1/min_app_versions`                 | List all min_app_versions                        | Yes                       |
+| `GET    /ctws/v1/min_app_versions/:id `            | Get a min_app_version                            | Yes                       |
+| `POST   /ctws/v1/min_app_versions`                 | Creates a min_app_version                        | Yes                       |
+| `PUT    /ctws/v1/min_app_versions/:id`             | Updates a min_app_version                        | Yes                       |
+| `DELETE /ctws/v1/min_app_versions/:id`             | Delete a min_app_version                         | Yes                       |
+-->
+
+### min_app_version
+
+**request:**
+
+```bash
+curl localhost:3000/ws/v1/min_app_version
+```
+
+**response:**
+
+```json
+HTTP/1.1 200 OK
+Cache-Control: max-age=0, private, must-revalidate
+Content-Type: application/vnd.api+json; charset=utf-8
+ETag: W/"8dcf1379b7ee203a6d72b3c7773d47f4"
+Transfer-Encoding: chunked
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Request-Id: c1924546-0212-45fe-b86a-83ee3a3b2fa4
+X-Runtime: 0.003897
+X-XSS-Protection: 1; mode=block
+
+{
+  "data": [
+    {
+      "id": 3, 
+      "type": "min_app_version",
+      "attributes": {
+        "codename": "Second release", 
+        "description": "Second release Description text", 
+        "min_version": "0.0.2", 
+        "platform": "android", 
+        "store_uri": "htttps://fdsafdsafdsaf.cot", 
+        "updated_at": "2017-06-22T17:53:31.252+02:00"
+      }
+    }, 
+    {
+      "type": "min_app_version",
+      "id": 1, 
+      "attributes": {
+        "codename": "First Release", 
+        "description": "You need to update your app. You will be redirected to the corresponding store", 
+        "min_version": "0.0.1", 
+        "platform": "ios", 
+        "store_uri": "https://itunes.apple.com/", 
+        "updated_at": "2017-06-21T14:29:59.348+02:00"
+      }
+    }
+  ]
+}
+```
+### signup
+
+**request:**
+
+```bash
+curl -X POST -F "email=user@example.com" -F "password=123456789" http://localhost:3000/ws/v1/signup
+```
+
+**Successful response:**
+
+```json
+HTTP/1.1 201 Created
+Cache-Control: max-age=0, private, must-revalidate
+Content-Type: application/vnd.api+json; charset=utf-8
+ETag: W/"ab43e77c2d67636c5c0cd707e661c311"
+Transfer-Encoding: chunked
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Request-Id: 75f9d9cc-4ce2-4aed-9349-e995bb122f39
+X-Runtime: 1.727068
+X-XSS-Protection: 1; mode=block
+
+{
+  "data": {
+    "type": "user",
+    "id": 20, 
+    "attributes": {
+      "message": "Account created successfully",
+      "auth_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoyMCwiZXhwIjoxNDk5ODU1MjQ5fQ.H9ljjShWOAv8b9xn9ZLKv-zgmH8xkPe6dkdhH4JrJPw", 
+      "created_at": "2017-07-11T12:27:27.916+02:00"
+    }
+  }
+}
+```
+
+**Error response:**
+
+```json
+HTTP/1.1 401 Unauthorized
+Cache-Control: no-cache
+Content-Type: application/vnd.api+json; charset=utf-8
+Transfer-Encoding: chunked
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Request-Id: b0d91125-446d-4ed3-95cb-4a702ee24289
+X-Runtime: 0.091940
+X-XSS-Protection: 1; mode=block
+
+{
+    "errors": {
+        "message": "Invalid credentials"
+    }
+}
+```
+
+### login
+
+**request:**
+
+```bash
+curl -X POST -F "email=user@example.com" -F "password=123456789" http://localhost:3000/ws/v1/login
+```
+
+**Successful response:**
+
+```json
+HTTP/1.1 200 OK
+Cache-Control: max-age=0, private, must-revalidate
+Content-Type: application/vnd.api+json; charset=utf-8
+ETag: W/"4e7a5faaf9eb480a7a7dadb734d01da1"
+Transfer-Encoding: chunked
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Request-Id: 565a8015-9087-480c-b5b6-1dbf634c7d83
+X-Runtime: 0.278055
+X-XSS-Protection: 1; mode=block
+
+{
+  "data": {
+    "type": "authentication",
+    "attributes": {
+      "message": "Authenticated user successfully",
+      "auth_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxNiwiZXhwIjoxNDk5ODU2MDgyfQ.FOLNcInu0yxnp_dqVnyzfzGNwKyv_ERoflhW4cvTa60"
+    }
+  }
+}
+```
+
+**Error response:**
+
+```json
+HTTP/1.1 401 Unauthorized
+Cache-Control: no-cache
+Content-Type: application/vnd.api+json; charset=utf-8
+Transfer-Encoding: chunked
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Request-Id: e95e4b63-3a83-409f-bd05-4cf2dea6136a
+X-Runtime: 0.015463
+X-XSS-Protection: 1; mode=block
+
+{
+    "errors": {
+        "message": "Invalid credentials"
+    }
+}
+```
+
+## Tests
+
+running `rspec` will run tests and output a report, first run migrations the tests:
+
+```bash 
+rails db:migrate RAILS_ENV=test
+rspec
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+## License
+
+`ctws` is Copyright © 2017 CodiTramuntana SL. It is free software, and may be redistributed under the terms specified in the LICENSE file.
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+
+# About CodiTramuntana
+
+![CodiTramuntana's Logo](https://avatars0.githubusercontent.com/u/27996979?v=3&u=b0256e23ae7b2f237e3d1b5f2b2abdfe3092b24c&s=400)
+
+Maintained by [CodiTramuntana](http://www.coditramuntana.com).
+
+The names and logos for CodiTramuntana are trademarks of CodiTramuntana SL.
+
+We love open source software!

data/Rakefile

@@ -0,0 +1,21 @@
+#!/usr/bin/env rake
+begin
+ require 'bundler/setup'
+rescue LoadError
+ puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+Bundler::GemHelper.install_tasks
+
+Dir[File.join(File.dirname(__FILE__), 'tasks/**/*.rake')].each {|f| load f }
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+
+desc "Run all specs in spec directory (excluding plugin specs)"
+RSpec::Core::RakeTask.new(:spec => 'app:db:test:prepare')
+
+task :default => :spec

data/app/auth/ctws/authenticate_user.rb

@@ -0,0 +1,36 @@
+module Ctws
+  class AuthenticateUser
+    def initialize(email, password="12346")
+      @email = email
+      @password = password
+    end
+    
+    # Service entry point
+    def call
+      Ctws::JsonWebToken.encode(user_id: user.id) if user
+      
+      # attrs_hash = {}
+      # Ctws.jwt_auth_token_attrs.each {|a| attrs_hash.merge!({"user_#{a}": user.try(a)})}
+      # Ctws::JsonWebToken.encode(attrs_hash) if user
+    end
+    
+    private
+    
+    attr_reader :email, :password
+    
+    # verify user credentials
+    def user
+      user = Ctws.user_class.find_by(email: email)
+      
+      if Ctws.user_validate_with_password
+        # try method of  Active Record's has_secure_password or Devise valid_password?
+        authenticated = user.try(:authenticate, password) || user.try(:valid_password?, password)
+      elsif !Ctws.user_validate_with_password
+        authenticated = true
+      end
+      return user if user && authenticated
+      # raise Authentication error if credentials are invalid
+      raise(Ctws::ExceptionHandler::AuthenticationError, Ctws::Message.invalid_credentials)
+    end
+  end
+end

data/app/auth/ctws/authorize_api_request.rb

@@ -0,0 +1,44 @@
+module Ctws
+  class AuthorizeApiRequest
+    def initialize(headers = {})
+      @headers = headers
+    end
+
+    # Service entry point - return valid user object
+    def call
+      {
+        user: user
+      }
+    end
+
+    private
+
+    attr_reader :headers
+
+    def user
+      # check if user is in the database
+      # memoize user object
+      @user ||= Ctws.user_class.find(decoded_auth_token[:user_id]) if decoded_auth_token
+      # handle user not found
+    rescue ActiveRecord::RecordNotFound => e
+      # raise custom error
+      raise(
+        ExceptionHandler::InvalidToken,
+        ("#{Ctws::Message.invalid_token} #{e.message}")
+      )
+    end
+
+    # decode authentication token
+    def decoded_auth_token
+      @decoded_auth_token ||= Ctws::JsonWebToken.decode(http_auth_header)
+    end
+
+    # check for token in `Authorization` header
+    def http_auth_header
+      if headers['Authorization'].present?
+        return headers['Authorization'].split(' ').last
+      end
+        raise(ExceptionHandler::MissingToken, Ctws::Message.missing_token)
+    end
+  end
+end

data/app/controllers/concerns/ctws/exception_handler.rb

@@ -0,0 +1,58 @@
+module Ctws
+  #  In the case where the record does not exist, 
+  # ActiveRecord will throw an exception ActiveRecord::RecordNotFound. 
+  # We'll rescue from this exception and return a 404 message.
+  # List of Rails Status Code Symbols http://billpatrianakos.me/blog/2013/10/13/list-of-rails-status-code-symbols
+  
+  module ExceptionHandler
+    # provides the more graceful `included` method
+    extend ActiveSupport::Concern
+    
+    # Define custom error subclasses - rescue catches `StandardErrors`
+    class AuthenticationError < StandardError; end
+    class MissingToken < StandardError; end
+    class InvalidToken < StandardError; end
+    class ExpiredSignature < StandardError; end
+    class UnprocessableEntity < StandardError; end
+    class RoutingError < StandardError; end
+
+    included do
+      # Define custom handlers
+      rescue_from ActiveRecord::RecordInvalid, with: :four_twenty_two
+      rescue_from ExceptionHandler::AuthenticationError, with: :unauthorized_request
+      rescue_from ExceptionHandler::MissingToken, with: :four_twenty_two
+      rescue_from ExceptionHandler::InvalidToken, with: :four_twenty_two
+      rescue_from ExceptionHandler::UnprocessableEntity, with: :four_twenty_two
+      rescue_from ExceptionHandler::ExpiredSignature, with: :four_ninety_eight
+      rescue_from ExceptionHandler::RoutingError, with: :not_found
+      rescue_from ActiveRecord::RecordNotFound, with: :not_found
+      rescue_from ActionController::RoutingError, with: :not_found
+      
+      rescue_from ActiveRecord::RecordInvalid do |e|
+        json_response({ message: e.message }, :unprocessable_entity)
+      end
+    end
+    
+    # JSON response with message; Status code 401 - Unauthorized
+    def unauthorized_request(e)
+      json_response({ message: e.message }, :unauthorized)
+    end
+    
+    # JSON response with message; Status code 401 - Unauthorized
+    def not_found(e)
+      json_response({ message: e.message }, :not_found)
+    end
+    
+    # JSON response with message; Status code 422 - unprocessable entity
+    def four_twenty_two(e)
+      json_response({ message: e.message }, :unprocessable_entity)
+    end
+
+    
+    # JSON response with message; Status code 498 - Invalid Token
+    def four_ninety_eight(e)
+      json_response({ message: e.message }, :invalid_token)
+    end
+    
+  end
+end

data/app/controllers/concerns/ctws/response.rb

@@ -0,0 +1,25 @@
+module Ctws
+  module Response
+    # responds with JSON and an HTTP status code (200 by default)
+    # json_response(@todo, :created)
+    def payload? object, status
+      case status
+      when :not_found, :unprocessable_entity, :unauthorized, :invalid_token
+        self.errors_payload(object)
+      else
+        self.data_payload(object)
+      end
+    end
+    
+    def json_response(object = {}, status = :ok)
+      render json: self.payload?(object, status), status: status
+    end
+    
+    def data_payload(object)
+      {data: object}
+    end
+    def errors_payload(object)
+      {errors: object}
+    end
+  end
+end

data/app/controllers/concerns/ctws/v1/exception_handler.rb

@@ -0,0 +1,6 @@
+module Ctws
+  module V1
+    class ExceptionHandler < Ctws::ExceptionHandler
+    end
+  end
+end

data/app/controllers/concerns/ctws/v1/response.rb

@@ -0,0 +1,6 @@
+module Ctws
+  module V1
+    module Response  < Ctws::Response
+    end
+  end
+end

data/app/controllers/ctws/application_controller.rb

@@ -0,0 +1,5 @@
+module Ctws
+  class ApplicationController < ActionController::API
+    # protect_from_forgery with: :exception
+  end
+end

data/app/controllers/ctws/authentication_controller.rb

@@ -0,0 +1,28 @@
+module Ctws
+  class AuthenticationController < CtwsController
+    skip_before_action :authorize_request, only: :authenticate
+    
+    # return auth token once user is authenticated
+    def authenticate
+      auth_token = Ctws::AuthenticateUser.new(auth_params[:email], auth_params[:password]).call
+      json_response auth_as_jsonapi(auth_token)
+      
+    end
+    
+    private
+    
+    def auth_as_jsonapi auth_token
+      {
+        type: controller_name,
+        attributes: {
+          message: Ctws::Message.authenticated_user_success, 
+          auth_token: auth_token, 
+        }
+      }
+    end
+    
+    def auth_params
+      params.permit(:email, :password)
+    end
+  end
+end

data/app/controllers/ctws/ctws_controller.rb

@@ -0,0 +1,24 @@
+require_dependency "ctws/application_controller"
+
+module Ctws
+  class CtwsController < ApplicationController
+    include Response
+    include ExceptionHandler
+    # Generic API stuff here
+    
+    # called before every action on controllers
+    before_action :authorize_request
+    skip_before_action :authorize_request, only: [:raise_not_found!]
+    attr_reader :current_user
+    
+    def raise_not_found!
+      raise Ctws::ExceptionHandler::RoutingError, ("#{Ctws::Message.unmatched_route(params[:unmatched_route])}")
+    end
+    private
+
+    # Check for valid request token and return user
+    def authorize_request
+      @current_user = (Ctws::AuthorizeApiRequest.new(request.headers).call)[:user]
+    end
+  end
+end

data/app/controllers/ctws/min_app_versions_controller.rb

@@ -0,0 +1,55 @@
+module Ctws
+  class MinAppVersionsController < CtwsController
+    skip_before_action :authorize_request, only: [:min_app_version]
+    before_action :set_min_app_version, only: [:show, :update, :destroy]
+
+    # GET /min_app_version
+    def min_app_version
+      min_app_versions = []
+      MinAppVersion.group(:platform).each do |platform|
+        min_app_versions << platform.as_jsonapi
+      end
+      json_response min_app_versions
+    end
+    
+    # GET /min_app_versions
+    def index
+      json_response MinAppVersion.all
+    end
+
+    # GET /min_app_versions/1
+    def show
+      json_response @min_app_version.as_jsonapi
+    end
+
+    # POST /min_app_versions
+    def create
+      @min_app_version = MinAppVersion.create!(min_app_version_params)
+      json_response @min_app_version, :created
+    end
+
+    # PATCH/PUT /min_app_versions/1
+    def update
+      @min_app_version.update(min_app_version_params)
+      head :no_content
+    end
+
+    # DELETE /min_app_versions/1
+    def destroy
+      @min_app_version.destroy
+      head :no_content
+    end
+
+    private
+      # Use callbacks to share common setup or constraints between actions.
+      def set_min_app_version
+        @min_app_version = MinAppVersion.find(params[:id])
+      end
+
+      # Only allow a trusted parameter "white list" through.
+      def min_app_version_params
+        params.require(:min_app_version).permit(:codename, :description, :platform, :min_version, :store_uri)
+      end
+  end
+end
+

data/app/controllers/ctws/users_controller.rb

@@ -0,0 +1,39 @@
+module Ctws
+  class UsersController < CtwsController
+    skip_before_action :authorize_request, only: :create
+    
+    # POST /signup
+    # return authenticated token upon signup
+    def create
+      # We use Active Record's create! method so that in the event there's an error, 
+      # an exception will be raised and handled in the exception handler.
+      ctws_user = Ctws.user_class.create!(ctws_user_params)
+      if Ctws.user_validate_with_password
+        auth_token = Ctws::AuthenticateUser.new(ctws_user.email, ctws_user.password).call
+      elsif !Ctws.user_validate_with_password
+        auth_token = Ctws::AuthenticateUser.new(ctws_user.email).call
+      end
+      # response = { message: Ctws::Message.account_created, auth_token: auth_token }
+      
+      json_response(user_as_jsonapi(ctws_user, auth_token), :created)
+    end
+    
+    private
+    
+    def user_as_jsonapi user, auth_token
+      {
+        type: ActiveModel::Naming.param_key(Ctws.user_class),
+        id: user.id,
+        attributes: {
+          message: Ctws::Message.account_created, 
+          auth_token: auth_token, 
+          created_at: user.created_at
+        }
+      }
+    end
+    
+    def ctws_user_params
+      params.permit(Ctws.user_class_strong_params)
+    end
+  end
+end

data/app/controllers/ctws/v1/authentication_controller.rb

@@ -0,0 +1,6 @@
+module Ctws
+  module V1
+    class AuthenticationController < Ctws::AuthenticationController
+    end
+  end
+end