darjeelink 0.11.8 → 0.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5f077cd42297ac6611f454687f572c0ba3b2b5b0e6adbaedbbcae1bd905b16c8
-  data.tar.gz: 5b7879fc14f7e65438b3196a20f05d3a052f43aa3959617f8cb0276c59a7aaf1
+  metadata.gz: ca8f37399422052422670335b4e69c6f52de45549aa93ec34311b29347aab47d
+  data.tar.gz: 204d687368b9708e6ef8b6f0b06318bffd7fac0ad177b7f4cdfc5b44d415b3c2
 SHA512:
-  metadata.gz: 5a69637a14edf0be055e45e615117c794dfc5bb6d86661d1e92105d56dc874a12542a667fc0f27a5edc983c0e26662f5411cb01c99b82278356f1b91011e9319
-  data.tar.gz: 46d895118941de94c2b2134d809003d7c63c3acbb6fb0e581ad4c23b27c818f3c70d9cf1ee77ad00407a3be83111915429c735630ba597161c7290ed99ac6f84
+  metadata.gz: cd1b3cc45ccb146106aa6acd72aa625269e4730432078c1bb803b4179bf9095b2aa5fa42f3960e6570235b9a280fc318772fdade81ccd77a566a1f1dcb6550e4
+  data.tar.gz: 848a20765a23dde62eb9c3f937c4384917577e78af8bca65417c3ae17cc447011c021aaae9bb7eabde13e114daaa0a8522ba10270c9943a96b7d5a1ce561c4be

data/README.md

@@ -19,6 +19,48 @@ There is a UTM generator, where you can provide:
 - a campaign identifier
 And you can get a link with UTM params all filled in, and shortern it with one click.
 
+## API
+There is an API available to create short links.
+To create a short link via the API:
+
+First, create an api token `Darjeelink::ApiToken.create!(username: <username>, active: true)`.
+Then grab the token.
+
+Next, make a request
+```
+POST /api
+Authorization => Token token=<username>:<token>
+{
+  short_link: {
+    url: 'https://www.example.com',
+    shortened_path: 'xmpl' (optional)
+  }
+}
+```
+`url` is the absolute URI that you wish to shorten
+`shortened_path` is the path that you will visit to get redirected to your original link.  It is optional.  If it is not provided one will be generated automatically
+
+If successful you will get a response like:
+```
+STATUS 201
+{
+  short_link: <shortened_url>
+}
+```
+
+If unsuccessful you will get a response like
+```
+STATUS 400
+{
+  error: "information on what went wrong"
+}
+```
+
+If authorization failed you will get a response like
+```
+STATUS 401
+{}
+```
 ## Installation
 ### Gemfile
 Add these lines to your app's Gemfile
@@ -72,6 +114,20 @@ Run `cp .env.sample spec/dummy/.env.test`
 
 Change the database url to be different to the development one i.e. `postgres://darjeelink_dbuser:password@localhost/darjeelink-test`
 
+## Releasing
+Darjeelink follows [Semantic Versioning](https://semver.org)
+
+Once all necessary changes have made it in to master and you are ready to do a release you need to do these steps.
+
+Note that if you are running in a vagrant VM, most of these steps can be done from within the VM.
+
+- Update `lib/darjeelink/version.rb` to the new version
+- Run `bundle install` to pick up the change in Gemfile.lock
+- Commit the changes to `lib/darjeelink/version.rb` and `Gemfile.lock`, and push them to GitHub
+- Go to `https://github.com/38degrees/darjeelink/releases` and create a release tag in GitHub
+- Run `gem build darjeelink.gemspec` this will output a file `darjeelink-X.X.X.gem` the version should match what version.rb and github.
+- Run `gem push darjeelink-X.X.X.gem`
+
 ## GDPR
 No personally identifiable data is stored about the public by this gem.
 It does not store information on individual clicks, only a counter of how many times a link has been clicked.

data/app/controllers/darjeelink/api_controller.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+module Darjeelink
+  class ApiController < Darjeelink::ApplicationController
+    skip_before_action :check_ip_whitelist
+    skip_before_action :authenticate
+
+    before_action :authenticate_token
+
+    def create
+      short_link = Darjeelink::ShortLink.create!(short_link_params)
+
+      render(
+        json: { short_link: "#{Darjeelink.domain}/#{short_link.shortened_path}" },
+        status: :created
+      )
+    rescue ActiveRecord::RecordNotUnique
+      render(
+        json: { error: "#{short_link_params[:shortened_path]} already used! Choose a different custom path" },
+        status: :bad_request
+      )
+    rescue ActiveRecord::RecordInvalid => e
+      render(
+        json: { error: e.message.to_s },
+        status: :bad_request
+      )
+    rescue ActionController::ParameterMissing
+      render(
+        json: { error: 'Missing required params' },
+        status: :bad_request
+      )
+    end
+
+    private
+
+    def short_link_params
+      params.require(:short_link).permit(:url, :shortened_path)
+    end
+
+    def authenticate_token
+      # The Authorization header must be supplied in the following format:
+      # "Authorization" => "Token token=#{username}:#{token}"
+      authenticate_or_request_with_http_token do |username_token, _options|
+        # Perform token comparison; avoid timing attacks and length leaks
+        # See: https://thisdata.com/blog/timing-attacks-against-string-comparison/
+        return head(:unauthorized) unless valid_authorization_token?(username_token)
+
+        return true
+      end
+    end
+
+    def valid_authorization_token?(username_token)
+      username, token = username_token.split ':'
+
+      stored_token = ApiToken.find_by(username: username, active: true)&.token
+      return false if stored_token.nil?
+
+      ActiveSupport::SecurityUtils.secure_compare(
+        token,
+        stored_token
+      )
+    end
+  end
+end

data/app/models/darjeelink/api_token.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Darjeelink
+  class ApiToken < ApplicationRecord
+    validates :username, uniqueness: true
+    validates :token, length: { minimum: 32 }, uniqueness: true
+
+    before_validation :generate_token
+
+    def generate_token
+      self.token = SecureRandom.uuid if token.blank?
+    end
+  end
+end

data/app/models/darjeelink/short_link.rb

@@ -50,7 +50,7 @@ module Darjeelink
         i /= base
       end
 
-      generated_path.join('').reverse
+      generated_path.join.reverse
     end
   end
 end

data/config/brakeman.ignore

@@ -0,0 +1,26 @@
+{
+  "ignored_warnings": [
+    {
+      "warning_type": "Mass Assignment",
+      "warning_code": 70,
+      "fingerprint": "4c710243b0d9f3f174b1b0b465dcd19aca14b1f1a9658572b13a1172855b6ed7",
+      "check_name": "MassAssignment",
+      "message": "Parameters should be whitelisted for mass assignment",
+      "file": "app/controllers/darjeelink/short_links_controller.rb",
+      "line": 83,
+      "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
+      "code": "params.permit!",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Darjeelink::ShortLinksController",
+        "method": "build_url"
+      },
+      "user_input": null,
+      "confidence": "Medium",
+      "note": "The params aren't being use to create a record, we just use it to merge params that might be present on the shortened url and the source url"
+    }
+  ],
+  "updated": "2020-07-23 16:52:33 +0000",
+  "brakeman_version": "4.8.2"
+}

data/config/initializers/darjeelink.rb

@@ -14,14 +14,17 @@ Darjeelink.configure do |config|
     'sms-blast': 'SMS Blast',
     'google-advert': 'Google advert',
     'instagram-advert': 'Instagram Advert',
-    'chatbot': 'Chatbot',
-    'template': 'Template',
-    'other': 'Other',
-    'spotify': 'Spotify',
-    'youtube': 'Youtube',
+    'instagram-post': 'Instagram Post',
+    'instagram-story': 'Instagram Story',
+    chatbot: 'Chatbot',
+    template: 'Template',
+    other: 'Other',
+    spotify: 'Spotify',
+    youtube: 'Youtube',
     'google-search': 'Google search',
     'google-display': 'Google display',
-    'snapchat-advert': 'Snapchat Advert'
+    'snapchat-advert': 'Snapchat Advert',
+    'digitalorganiser-share': 'Digital Organiser'
   }
 
   config.auth_domain = ENV['AUTH_DOMAIN']

data/config/routes.rb

@@ -5,6 +5,7 @@ Darjeelink::Engine.routes.draw do
 
   resources :short_links
   resources :tracking_links, only: :new
+  resources :api, only: :create
 
   # OmniAuth
   get '/auth/:provider/callback', to: 'sessions#create'

data/db/migrate/20210610083330_create_darjeelink_api_tokens.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class CreateDarjeelinkApiTokens < ActiveRecord::Migration[6.1]
+  def change
+    create_table :darjeelink_api_tokens do |t|
+      t.string :token, null: false
+      t.string :username, null: false
+      t.boolean :active, null: false, default: false
+      t.timestamps
+    end
+
+    add_index(:darjeelink_api_tokens, :username, unique: true)
+    add_index(:darjeelink_api_tokens, :token, unique: true)
+  end
+end

data/lib/darjeelink/configuration.rb

@@ -2,11 +2,7 @@
 
 module Darjeelink
   class Configuration
-    attr_accessor :domain
-    attr_accessor :source_mediums
-    attr_accessor :auth_domain
-    attr_accessor :rebrandly_api_key
-    attr_accessor :fallback_url
+    attr_accessor :domain, :source_mediums, :auth_domain, :rebrandly_api_key, :fallback_url
 
     def initialize
       @domain = nil

data/lib/darjeelink/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Darjeelink
-  VERSION = '0.11.8'
+  VERSION = '0.13.0'
 end

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: darjeelink
 version: !ruby/object:Gem::Version
-  version: 0.11.8
+  version: 0.13.0
 platform: ruby
 authors:
 - James Hulme
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-06-17 00:00:00.000000000 Z
+date: 2021-11-03 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
 - !ruby/object:Gem::Dependency
   name: omniauth-google-oauth2
   requirement: !ruby/object:Gem::Requirement
@@ -44,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '6'
 - !ruby/object:Gem::Dependency
   name: rebrandly
   requirement: !ruby/object:Gem::Requirement
@@ -108,6 +122,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: brakeman
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler-audit
   requirement: !ruby/object:Gem::Requirement
@@ -164,7 +192,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
+description:
 email:
 - james@38degrees.org.uk
 executables: []
@@ -179,6 +207,7 @@ files:
 - app/assets/javascripts/darjeelink/sparkleh.js
 - app/assets/javascripts/darjeelink/tracking_link_generator.js
 - app/assets/stylesheets/darjeelink/application.css
+- app/controllers/darjeelink/api_controller.rb
 - app/controllers/darjeelink/application_controller.rb
 - app/controllers/darjeelink/sessions_controller.rb
 - app/controllers/darjeelink/short_links_controller.rb
@@ -188,6 +217,7 @@ files:
 - app/importers/darjeelink/short_link_importer.rb
 - app/jobs/darjeelink/application_job.rb
 - app/mailers/darjeelink/application_mailer.rb
+- app/models/darjeelink/api_token.rb
 - app/models/darjeelink/application_record.rb
 - app/models/darjeelink/short_link.rb
 - app/views/darjeelink/short_links/_short_link_form.erb
@@ -196,6 +226,7 @@ files:
 - app/views/darjeelink/short_links/new.html.erb
 - app/views/darjeelink/tracking_links/new.erb
 - app/views/layouts/darjeelink/application.html.erb
+- config/brakeman.ignore
 - config/initializers/darjeelink.rb
 - config/initializers/omniauth.rb
 - config/initializers/rebrandly.rb
@@ -204,16 +235,17 @@ files:
 - db/migrate/20190304094710_case_insensitive_index_short_link_shortened_path.rb
 - db/migrate/20200505220716_rename_portkey_short_links_to_darjeelink_short_links.rb
 - db/migrate/20200505221026_rename_portkey_short_link_index.rb
+- db/migrate/20210610083330_create_darjeelink_api_tokens.rb
 - lib/darjeelink.rb
 - lib/darjeelink/configuration.rb
 - lib/darjeelink/engine.rb
 - lib/darjeelink/version.rb
 - lib/tasks/darjeelink.rake
-homepage: https://github.com/38dgs/darjeelink
+homepage: https://github.com/38degrees/darjeelink
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -221,15 +253,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.8
-signing_key: 
+rubygems_version: 3.1.6
+signing_key:
 specification_version: 4
 summary: URL Shortener
 test_files: []