dash_api 0.0.16

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 945983e9aaba31d04f8fde011da5a657e2d0d6159e6586e83ba8f6c03fa6653f
+  data.tar.gz: 24bc114dc3585acf020fcca25d0795a7da97edab9b433d37913fb9cbd99b7afb
+SHA512:
+  metadata.gz: 68eba8c684f9193eeb6495852659941655d66ef24a9ac7ae33201fa9e8e93ad384476eef60e9060ca8771b846a634f4b24b40bc36cd2b5bffcf8dcda0eae467e
+  data.tar.gz: d29484f82a3715c8af5fe7703e0115818c04ecd2a9be2ac5dd4eeaab672c0d7a4879990560cfb280e9c674de8925cff31fc125e8e9f94a965f109107be6474e4

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2021 Rami Bitar
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,406 @@
+# Dash API
+Dash API is a Rails engine that mounts an instant REST API for your Ruby on Rails applications 
+using your Postgres database. DashAPI can be queried using a flexible and expressive syntax from URL parameters. 
+
+DashAPI is also designed to be performant, scalable and secure. 
+
+Note: DashAPI is a pre-release product and not yet recommended for any production applications.
+
+## Features
+DashAPI is an instant REST API for your Postgres database built using Ruby on Rails. 
+DashAPI supports several features out of the box with little or no configuration required:
+ - Full-text search
+ - Filtering
+ - Sorting
+ - Selects 
+ - Associations
+ - Pagination
+ - JWT token authorization
+
+DashAPI is designed to help rapidly build fully functional, scalable and secure applications 
+by automatically generating REST APIs using any Postgres database. DashAPI also supports 
+advanced features including join associations between tables, full-text keyword search using the 
+native search capabilities of postgres, and 
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'dash_api'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Mount the Dash API by updating your `routes.rb` file:
+```
+  mount DashApi::Engine, at: "/dash/api"
+```
+
+Or install it yourself as:
+```bash
+$ gem install dash_api
+```
+
+You can also configure DashApi with an initializer by creating a file at `config/initializers/dash_api.rb`.
+
+```
+# Place file at config/initializers/dash_api.rb
+
+DashApi.tap |config|
+  config.enable_auth = ENV['DASH_ENABLE_AUTH'] === true  
+  config.api_token = ENV['DASH_API_TOKEN']
+  config.jwt_secret = ENV['DASH_JWT_SECRET']
+  config.exclude_fields = ENV['DASH_API_TOKEN'].split(" ") || []
+  config.exclude_tables = ENV['DASH_API_TOKEN'].split(" ") || []
+end 
+```
+The DashAPI is now ready. You can view all tables at:
+`/dash/api`
+
+You can query a table at:
+`/dash/api/<table_name>`
+
+## Requirements
+
+Dash API requires Ruby on Rails and Postgres, and below are recommended versions: 
+ - Rails 6+ 
+ - Ruby 2.7.4+
+ - Postgres 9+ database
+
+## Documentation 
+
+Dash supports a flexible, expressive query syntax using URL parameters to query a Postgres database.
+
+All tables can be queried by passing in the table name to the dash API endpoint where you mounted
+the Dash rails engine: 
+
+```
+GET /dash/api/<table>
+```
+
+Example:
+
+```
+GET /dash/api/books 
+```
+
+### Schema 
+
+Your database schema is available in order to inspect available tables and column data. 
+
+```
+GET /dash/api/schema
+```
+
+You can inspect any specific table using the schema endpoint:
+
+```
+GET /dash/api/schema/<table_name>
+```
+
+Example:
+```
+GET /dash/api/schema/books
+```
+
+### Filtering 
+
+You can filter queries using the pattern 
+
+```
+GET /dash/api/table?filters=<resource_field>:<operator>:<value>
+```
+
+Example:
+Below is an example to find all users with ID less than 10:
+```
+GET /dash/api/books?filters=id:lt:10 
+```
+You can also chain filters to support multiple filters that are ANDed together:
+
+```
+GET /dash/api/books?filters=id:lt:10,published:eq:true 
+```
+
+The currently supported operators are:
+```
+eq  - Equals
+neq - Not equals
+gt  - Greater than
+gte - Greater than or equal too
+lt  - Less than
+lte - Less than or equal too
+```
+
+### Sorting 
+
+You can sort queries using the pattern:
+
+```
+GET /dash/api/table?order=<field>:<asc|desc>
+```
+
+Example:
+
+```
+GET /dash/api/books?order=title:desc
+```
+
+### Pagination
+
+Dash API uses page based pagination. By default results are paginated with 20 results per page. 
+You can paginate results with the following query pattern:
+
+```
+GET /dash/api/table?page=<page>&per_page=<per_page>
+```
+
+Example:
+```
+GET /dash/api/books?page=2&per_page=10
+```
+
+### Select 
+
+Select fields allow you to return only specific fields from a table, similar to the SQL select statement. 
+Select fields follows the query pattern:
+
+```
+GET /dash/api/table?select=<field>,<field>
+```
+
+Example:
+You can comma separate the fields to include multiple fields in the response
+
+```
+GET /dash/api/books?select=id,title,summary
+```
+
+### Full-text search 
+
+DashAPI supports native full-text search capabilities. You can search against all fields of a tables with the 
+query syntax:
+
+```
+GET /dash/api/table?keywords=<search_terms>
+```
+
+Example:
+You can find all users that match the search term below. All keywords are URI decoded prior to issuing a search.
+```
+GET /dash/api/books?keywords=ruby+on+rails
+```
+
+Warning: At this time all fields are searchable and using this API which may include any sensitive data in your database.
+
+
+### Associations 
+
+Dash takes advantage of Ruby on Rails expressive and powerful ORM, ActiveRecord, to 
+dymacally infer associations between tables and serialize them. Associations currently 
+supported are belongs_to and has_many, and this feature is only available 
+for tables that follow strict Rails naming conventions. 
+
+To include a belongs_to table association, use the singular form of the table name:
+```
+GET /dash/api/books?includes=author
+```
+
+To include a has_manay table association, use the plural form of the table name:
+```
+GET /dash/api/books?includes=reviews 
+```
+
+To combine associations together comma seperate the included tables:
+
+```
+GET /dash/api/books?includes=author,reviews 
+```
+
+
+### Create
+
+Create table rows:
+
+```
+POST /dash/api/<table_name>
+
+Body
+
+{
+  <table_name>: {
+    field: value,    
+    ... 
+  }
+}
+```
+
+### Update
+
+Update table rows by ID:
+
+```
+PUT /dash/api/<table_name>/<id>
+
+Body
+
+{
+  <table_name>: {
+    field: value,    
+    ... 
+  }
+}
+
+```
+
+### Delete
+
+Delete table rows by id:
+
+```
+DELETE /dash/api/<table_name>/<id>
+```
+
+### Update many 
+
+Bulk update multiple rows by passing in an array of integers the the JSON attributes to update:
+
+```
+POST /dash/api/<table_name>/update_many 
+
+Body
+
+{
+  ids: [Integer],
+  <table_name>: {
+    field: value,    
+    ... 
+  }
+}
+```
+
+### Delete many 
+
+Bulk delete rows by passing in an array of IDs to delete:
+
+```
+POST /dash/api/<table_name>/delete_many 
+
+Body
+
+{
+  ids: [Integer]
+}
+```
+
+### API Token Authentication 
+
+You may secure the Dash API using a dedicated API token or using a JWT token. 
+
+For a fast and simple way to secure your API, you can specify an api_token in `config/initializers/dash_api.rb` which will allow all API requests.
+
+
+```
+# /config/initializers/dash_api.rb
+
+DashApi.tap do |config|
+  config.enable_auth = true
+  config.api_token = ENV['DASH_API_TOKEN']  
+  ...
+end 
+```
+
+Ensure that the enable authentication flag `enable_auth` is set to `true`. 
+
+
+### JWT Token Authentication 
+
+The recommended and preferred way to secure your API is to use a JWT token. To enable a JWT token, you must first 
+specify the JWT secret key in your `config/initializers/dash_api.rb` 
+
+Note that if your Dash API works alongside an existing API or an additional server which handles authentication, you can use a shared JWT secret that is used by both services to decode the JWT token. The JWT tokenization 
+uses the RS
+
+
+```
+# /config/initializers/dash_api.rb
+
+DashApi.tap do |config|
+  config.enable_auth = true
+  config.jwt_secret = ENV['DASH_JWT_SECRET']  
+  ...
+end 
+```
+
+Ensure that the enable authentication flag `enable_auth` is set to `true`. 
+
+The JWT token will also inspect for the `exp` key and if present will only allow requests with valid 
+expiration timestamps. For security purposes it's recommended that you encode your JWT tokens with an exp 
+timestamp. 
+
+To setup and test JWT tokens, we recommend you explore [jwt.io](https://jwt.io). 
+
+### API Authorization
+
+Once you've setup your authentication strategy above, either using the `api_token` or the `jwt_secret`, 
+you should pass your token to the DashAPI either as a URL parameter or using Bearer authentication 
+
+You can pass the token as a url paramter:
+```
+?token=<JWT_TOKEN>
+```
+
+The preferred strategy is to pass the token using Bearer authentication in your headers:
+```
+Authorization: 'Bearer <JWT_TOKEN>'
+```
+
+
+### Exclude fields and tables 
+
+The Dash API is not yet suitable for production scale applications. Please use with caution. 
+
+You can exclude fields from being serialized by specifying DASH_EXCLUDE_FIELDS
+
+```
+# /config/initializers/dash_api.rb
+DashApi.tap do |config|
+  ...
+  config.exclude_fields = ENV['DASH_EXCLUDE_FIELDS'].split(' ') || []  
+  ...
+end 
+```
+
+Example: 
+```
+config.exclude_fields = "encrypted_password hashed_password secret_token"
+```
+
+You can also exclude tables from the API using the exclude_tables configuration:
+
+```
+# /config/initializers/dash_api.rb
+DashApi.tap do |config|
+  ...
+  config.exclude_tables = ENV['DASH_EXCLUDE_TABLES'].split(' ') || []  
+  ...
+end 
+```
+
+Example: 
+```
+config.exclude_tables = "api_tokens users private_notes"
+```
+
+
+## Contributing
+Contributions are welcome by issuing a pull request at our github repository:
+https:/github.com/skillhire/dash_api
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https:/opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+require "bundler/setup"
+
+APP_RAKEFILE = File.expand_path("spec/dummy/Rakefile", __dir__)
+load "rails/tasks/engine.rake"
+
+load "rails/tasks/statistics.rake"
+
+require "bundler/gem_tasks"

data/app/assets/config/dash_manifest.js

@@ -0,0 +1 @@
+//= link_directory ../stylesheets/dash_api.css

data/app/assets/stylesheets/dash/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/dash_api/api_controller.rb

@@ -0,0 +1,89 @@
+module DashApi
+  class ApiController < ApplicationController 
+
+    skip_before_action :verify_authenticity_token
+
+    before_action :authenticate_request!
+    before_action :load_table 
+    before_action :parse_query_params
+
+    def index                     
+      @dash_table.query(
+        keywords:       @query[:keywords],
+        select_fields:  @query[:select_fields],
+        sort_by:        @query[:sort_by],
+        sort_direction: @query[:sort_direction],
+        filters:        @query[:filters],
+        associations:   @query[:associations],  
+        page:           @query[:page],
+        per_page:       @query[:per_page]        
+      )      
+
+      render json: { 
+        data: @dash_table.serialize, 
+        meta: @dash_table.page_info 
+      }
+    end 
+
+    def show 
+      resource = @dash_table.query(
+        associations: @query[:associations],
+        filters: [{ field: :id, operator: "=", value: params[:id] }],
+        page: 1,
+        per_page: 1
+      )
+      render json: { data: @dash_table.serialize[0] }
+    end 
+
+    def create  
+      resource = @dash_table.create!(dash_params)
+      render json: { data: resource }    
+    end 
+
+    def update 
+      resource = @dash_table.find(params[:id])
+      if resource.update(dash_params)
+        render json: { data: resource }
+      else 
+        render json: { error: resource.errors.full_messages }, status: 422
+      end 
+    end 
+
+    def destroy  
+      resource = @dash_table.find(params[:id])
+      resource.destroy 
+      render json: { data: resource }    
+    end 
+
+    def update_many 
+      resources = @dash_table.where(id: params[:ids])
+      resources.update(dash_params)
+      render json: { data: resources }
+    end 
+
+    def delete_many       
+      resources = @dash_table.where(id: params[:ids])
+      resources.destroy_all
+      render json: { data: resources }
+    end 
+
+    private
+
+    def parse_query_params
+      @query = DashApi::Query.parse(params)
+    end 
+
+    def load_table 
+      raise "This resource is excluded." if DashApi.exclude_tables.include?(params[:table_name])      
+      @dash_table = DashTable.modelize(params[:table_name])
+      @dash_table.table_name = params[:table_name] 
+    end 
+
+    def dash_params
+      params
+        .require(params[:table_name])
+        .permit!
+    end 
+
+  end 
+end 

data/app/controllers/dash_api/application_controller.rb

@@ -0,0 +1,42 @@
+module DashApi
+  class ApplicationController < ActionController::Base
+    
+    rescue_from Exception, with: :unprocessable_entity
+    rescue_from StandardError, with: :unprocessable_entity
+    rescue_from ActiveRecord::RecordNotFound, with: :unprocessable_entity
+    rescue_from ActiveRecord::ActiveRecordError, with: :unprocessable_entity
+
+  
+    def authenticate_request!       
+      if DashApi.enable_auth === true                
+        return true if auth_token === DashApi.api_token && !DashApi.api_token.blank?
+        jwt_token
+      end 
+    end 
+
+    private
+
+    def jwt_token      
+      DashApi::JsonWebToken.decode(auth_token)   
+      rescue JWT::ExpiredSignature
+        raise "JWT token has expired"
+      rescue JWT::VerificationError, JWT::DecodeError
+        raise "Invalid JWT token"     
+    end 
+
+    def auth_token
+      http_token || params['token']      
+    end
+  
+    def http_token
+      if request.headers['Authorization'].present?
+        request.headers['Authorization'].split(' ').last
+      end
+    end
+  
+    def unprocessable_entity(e)
+      render json: { error: e }, status: :unprocessable_entity
+    end
+
+  end
+end

data/app/controllers/dash_api/schema_controller.rb

@@ -0,0 +1,22 @@
+module DashApi
+  class SchemaController < ApplicationController 
+    
+    before_action :authenticate_request!
+
+    def index 
+      tables = DashApi::Schema.table_names 
+      render json: { data: tables }
+    end 
+    
+    def schema       
+      schema = DashApi::Schema.db_schema
+      render json: { data: schema }
+    end 
+
+    def show         
+      table_schema = DashApi::Schema.table_schema(params[:table_name])
+      render json: { data: table_schema }
+    end 
+
+  end 
+end 

data/app/helpers/dash_api/application_helper.rb

@@ -0,0 +1,4 @@
+module DashApi
+  module ApplicationHelper
+  end
+end

data/app/jobs/dash_api/application_job.rb

@@ -0,0 +1,4 @@
+module DashApi
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/dash_api/application_mailer.rb

@@ -0,0 +1,6 @@
+module DashApi
+  class ApplicationMailer < ActionMailer::Base
+    default from: 'from@example.com'
+    layout 'mailer'
+  end
+end

data/app/models/concerns/dash_api/dash_model.rb

@@ -0,0 +1,203 @@
+module DashApi 
+  module DashModel 
+    extend ActiveSupport::Concern
+
+    class_methods do 
+
+        attr_accessor :scope, :includes
+
+        def query(
+          keywords: nil,
+          select_fields: nil,
+          associations: nil,
+          sort_by: 'id',
+          sort_direction: 'asc',
+          filters: nil,
+          page: 1,
+          per_page: 20
+        )      
+
+        @current_scope = self.all       
+
+        filter(filters: filters)            
+        
+        sort(sort_by: sort_by, sort_direction: sort_direction)                  
+
+        full_text_search(keywords: keywords)          
+              
+        join_associations(associations: associations)
+
+        select_fields(fields: select_fields)               
+
+        paginate(page: page, per_page: per_page) 
+
+        @current_scope     
+      end 
+
+      # Filtering
+      # Filtering follows the URL pattern <field>.<attribute>=<operator>.<value>
+      # Filters can also be chained to AND filter queries together
+      #
+      # Example: /books?books.id=lte.10 returns all books with id <= 10 
+
+      def filter(filters: [])
+        filters.each do |filter|
+          @current_scope = @current_scope.where(["#{filter[:field]} #{filter[:operator]} ?", filter[:value]])        
+        end 
+      end
+
+      # Sorting 
+      # Sort any field in ascending or descending direction 
+      # Example: /books?order=title.asc
+
+      def sort(sort_by: nil, sort_direction: nil) 
+        return self unless sort_by && sort_direction
+        @current_scope = @current_scope.order("#{sort_by}": sort_direction)
+      end 
+
+      # Select 
+      # Only return select fields from the table, equivalent to SQL select()
+      # Example: /books?select=id,title,summary
+
+      def select_fields(fields: nil)
+        return unless fields              
+        @current_scope = @current_scope.select(fields) 
+      end 
+
+      # Search 
+      # Full-text search using the pg_search gem
+      # pg_search_scope is assigned dynamically against all table columns
+      # Example: books?keywords=Ruby+on+Rails
+
+      def full_text_search(keywords: nil) 
+        return if keywords.blank?
+        self.pg_search_scope(
+          :pg_search, 
+          against: self.searchable_fields, 
+          using: { 
+            tsearch: { 
+              any_word: false
+            } 
+          }
+        )
+        results = pg_search(keywords)      
+        @current_scope = results 
+      end 
+
+      # Paginate 
+      # Paginate the results with an offset and limit 
+      # Example: books?page=1&per_page=20
+
+      def paginate(per_page: 20, page: 1)
+        @page = page 
+        @per_page = per_page      
+        offset = (page-1)*per_page
+        @current_scope = @current_scope.limit(per_page).offset(offset)
+      end 
+
+      # Join associations
+      # We infer the association as either belongs_to or has_many 
+      # based on whether the associated table name is singular or plural.
+      # We dynamically create the ActiveRecord class and set the appropriate 
+      # ActiveRecord:Relation relationships
+      #
+      # Example: books?includes=author,reviews
+
+      def join_associations(associations: nil)
+        return nil unless associations
+        @associations = associations
+        associations.each do |table_name|
+          klass = DashTable.modelize(table_name)
+          if is_singular?(table_name)
+            self.belongs_to table_name.singularize.to_sym 
+            klass.has_many self.table_name.pluralize.to_sym 
+            @current_scope = @current_scope.includes(table_name.singularize.to_sym)
+          else
+            self.has_many table_name.pluralize.to_sym 
+            klass.belongs_to self.table_name.singularize.to_sym 
+            @current_scope = @current_scope.includes(table_name.pluralize.to_sym)
+          end 
+        end
+      end 
+
+      # Serialize
+      # We serialize with the appropriate associations
+      # based on whether the assocation is singular or plural.        
+      def serialize
+        if @associations
+          associations_sym = @associations.map{|table_name| 
+            is_singular?(table_name) ? 
+              table_name.singularize.to_sym : 
+              table_name.pluralize.to_sym 
+          }
+
+          include_hash = {}
+          associations_sym.each do |association|
+            include_hash.merge!({
+              "#{association}": { 
+                except: DashApi.exclude_fields
+              } 
+            })
+          end 
+
+          @current_scope.as_json(
+            include: include_hash, 
+            except: DashApi.exclude_fields
+          )
+        else
+          @current_scope.as_json(except: DashApi.exclude_fields)
+        end 
+      end 
+
+      def is_singular?(name)
+        name && name.singularize == name 
+      end 
+
+      def page_info       
+        {
+          page: @page,
+          per_page: @per_page     
+        }
+      end
+
+      def table_columns
+        return [] if self.table_name.nil?
+        self.columns
+      end 
+
+      def searchable_fields
+        return [] if self.table_name.nil?
+        self.columns.map(&:name).filter{|column| 
+          column unless DashApi.exclude_fields.include?(column.to_sym) 
+        }
+      end 
+
+      def modelize(table_name) 
+        class_name = table_name.singularize.capitalize
+        if Object.const_defined? class_name
+          class_name.constantize
+        else 
+          Object.const_set class_name, Class.new(DashApi::DashTable)
+        end 
+      end 
+          
+      def foreign_keys 
+        self.columns.map{|col| 
+          if col.name.downcase.split("_")[-1] == 'id' && col.name.downcase != 'id'
+            col.name 
+          end 
+        }.compact
+      end 
+
+      def foreign_table(foreign_key)
+        foreign_key.downcase.split('_').first.pluralize 
+      end 
+
+      def foreign_tables
+        foreign_keys.map{ |foreign_key| 
+          foreign_table(foreign_key)
+        }
+      end 
+    end 
+  end 
+end 

data/app/models/dash_api/application_record.rb

@@ -0,0 +1,5 @@
+module DashApi
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/models/dash_api/dash_table.rb

@@ -0,0 +1,9 @@
+module DashApi 
+  class DashTable < ApplicationRecord   
+    include PgSearch::Model 
+    include DashApi::DashModel     
+    
+    self.abstract_class = true    
+    
+  end
+end

data/app/services/dash_api/json_web_token.rb

@@ -0,0 +1,19 @@
+module DashApi 
+  module JsonWebToken
+    require 'jwt'
+
+    JWT_HASH_ALGORITHM = 'HS256'
+
+    def self.encode(payload:, expiration:)
+      payload[:exp] = expiration || Time.now.advance(minutes: 15)
+      JWT.encode(payload, DashApi.jwt_secret, DashApi.jwt_hash_algorithm ||JWT_HASH_ALGORITHM)
+    end
+
+    def self.decode(jwt_token)
+      HashWithIndifferentAccess.new(JWT.decode(jwt_token, DashApi.jwt_secret, true, {
+        algorithm: DashApi.jwt_algorithm || JWT_HASH_ALGORITHM
+      })[0])
+    end
+
+  end
+end

data/app/services/dash_api/query.rb

@@ -0,0 +1,72 @@
+  module DashApi 
+    module Query 
+
+    PER_PAGE = 20
+
+    SORT_DIRECTIONS = ['asc', 'desc']
+
+    DELIMITER = ":"
+
+    OPERATORS = {
+      "gt": ">",
+      "gte": ">=",
+      "lt": "<",
+      "lte": "<=",
+      "eq": "=",
+      "neq": "!="
+    }
+
+    # perform
+    # @params params 
+    #
+    # DashApi::Query is a helper module which parses URL parameters 
+    # passed to a Rails Controller into attributes used to query a DashTable 
+
+    def self.parse(params)       
+      
+      keywords = params[:keywords]
+      
+      if params[:select]
+        select_fields = params[:select]&.split(',')
+      end 
+      
+      if params[:order]
+        sort_by, sort_direction = params[:order].split(DELIMITER)        
+        sort_direction = "desc" if sort_direction and !SORT_DIRECTIONS.include?(sort_direction)
+      end 
+
+      if params[:includes] 
+        associations = params[:includes].split(",").map(&:strip)
+      end 
+
+      filters = []
+      if params[:filters]
+        params[:filters].split(',').each do |filter_param|   
+          field, rel, value = filter_param.split(DELIMITER)
+          rel = "eq" unless OPERATORS.keys.include?(rel.to_sym)      
+          operator = OPERATORS[rel.to_sym] || '='
+          filters << { 
+            field: field, 
+            operator: operator, 
+            value: value 
+          }
+        end 
+      end 
+      
+      page = params[:page]&.to_i || 1 
+      per_page = params[:per_page]&.to_i || PER_PAGE 
+
+      {
+        keywords: keywords,
+        select_fields: select_fields,
+        sort_by: sort_by,
+        sort_direction: sort_direction,
+        filters: filters,
+        page: page,
+        associations: associations,
+        per_page: per_page 
+      }
+    end 
+
+  end
+end 

data/app/services/dash_api/schema.rb

@@ -0,0 +1,57 @@
+module DashApi
+  module Schema 
+
+    EXCLUDED_TABLES = [
+      'ar_internal_metadata', 
+      'schema_migrations'
+    ]
+
+    attr_accessor :tables 
+
+    def self.table_names
+      @tables = ActiveRecord::Base.connection.tables
+      @tables.filter!{|t| !EXCLUDED_TABLES.include?(t)}.sort!
+    end 
+
+    def self.table_schema(table_name) 
+      @tables = table_names 
+      dash_table = DashTable.modelize(table_name)
+      dash_table.reset_column_information      
+      dash_table.columns.map{ |column| 
+        render_column(column)
+      } 
+    end 
+
+    def self.db_schema 
+      @tables = table_names
+      schema = {
+        tables: @tables
+      }
+      @tables.each do |table_name|
+        schema[table_name] = table_schema(table_name)
+      end      
+      schema   
+    end 
+
+    def self.render_column(column)      
+      {
+        name: column.name,
+        type: column.sql_type_metadata.type,
+        limit: column.sql_type_metadata.limit,
+        precision: column.sql_type_metadata.precision,
+        foreign_key: foreign_key?(column.name),
+        foreign_table: foreign_table(column.name) 
+      }
+    end 
+
+    def self.foreign_key?(column_name)      
+      column_name[-2..-1]&.downcase === 'id' && column_name.downcase != 'id'
+    end 
+
+    def self.foreign_table(column_name)
+      table_prefix = column_name[0...-3]      
+      @tables.find{|t| t === table_prefix || t === table_prefix.pluralize }
+    end 
+    
+  end 
+end 

data/app/views/layouts/dash_api/application.html.erb

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Dash</title>
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+
+  <%= stylesheet_link_tag    "dash/application", media: "all" %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/routes.rb

@@ -0,0 +1,17 @@
+DashApi::Engine.routes.draw do
+
+  root 'schema#index'
+
+  get 'schema' => 'schema#schema'
+  get 'schema/:table_name' => 'schema#show'
+  
+  get '/:table_name' => 'api#index'
+  get '/:table_name/:id' => 'api#show'
+  put '/:table_name/:id' => 'api#update'
+  post '/:table_name' => 'api#create'
+  delete '/:table_name/:id' => 'api#destroy'
+  
+  post '/:table_name/update_many' => 'api#update_many'
+  post '/:table_name/delete_many' => 'api#delete_many'
+
+end

data/lib/dash_api/engine.rb

@@ -0,0 +1,5 @@
+module DashApi
+  class Engine < ::Rails::Engine
+    isolate_namespace DashApi
+  end
+end

data/lib/dash_api/version.rb

@@ -0,0 +1,3 @@
+module DashApi
+  VERSION = '0.0.16'
+end

data/lib/dash_api.rb

@@ -0,0 +1,16 @@
+require "dash_api/version"
+require "dash_api/engine"
+
+module DashApi
+    
+  mattr_accessor :enable_auth
+  mattr_accessor :jwt_secret 
+  mattr_accessor :jwt_algorithm
+
+  mattr_accessor :api_token
+
+  mattr_accessor :exclude_fields
+  mattr_accessor :exclude_tables
+  
+
+end

data/lib/tasks/dash_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :dash do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,160 @@
+--- !ruby/object:Gem::Specification
+name: dash_api
+version: !ruby/object:Gem::Version
+  version: 0.0.16
+platform: ruby
+authors:
+- Rami Bitar
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2021-10-31 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.1.4
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.1.4.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.1.4
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.1.4.1
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pg_search
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: kaminari
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: dotenv-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Dash is a Rails engine that auto-generates a REST API for your postgres
+  database.
+email:
+- rami@skillhire.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/assets/config/dash_manifest.js
+- app/assets/stylesheets/dash/application.css
+- app/controllers/dash_api/api_controller.rb
+- app/controllers/dash_api/application_controller.rb
+- app/controllers/dash_api/schema_controller.rb
+- app/helpers/dash_api/application_helper.rb
+- app/jobs/dash_api/application_job.rb
+- app/mailers/dash_api/application_mailer.rb
+- app/models/concerns/dash_api/dash_model.rb
+- app/models/dash_api/application_record.rb
+- app/models/dash_api/dash_table.rb
+- app/services/dash_api/json_web_token.rb
+- app/services/dash_api/query.rb
+- app/services/dash_api/schema.rb
+- app/views/layouts/dash_api/application.html.erb
+- config/routes.rb
+- lib/dash_api.rb
+- lib/dash_api/engine.rb
+- lib/dash_api/version.rb
+- lib/tasks/dash_tasks.rake
+homepage: https://github.com/skillhire/dash_api.git
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/skillhire/dash_api.git
+  source_code_uri: https://github.com/skillhire/dash_api.git
+  changelog_uri: https://github.com/skillhire/dash_api.git
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.6
+signing_key:
+specification_version: 4
+summary: REST API for your postgres database.
+test_files: []