harpiya_api 4.3.0.alpha

data/harpiya_api.gemspec

@@ -0,0 +1,36 @@
+# -*- encoding: utf-8 -*-
+require_relative '../core/lib/harpiya/core/version.rb'
+
+Gem::Specification.new do |s|
+  s.name          = "harpiya_api"
+  s.version       = Harpiya.version
+  s.authors       = ["Ryan Bigg"]
+  s.email         = ["ryan@harpiyacommerce.com"]
+  s.summary       = %q{Harpiya's API}
+  s.description   = %q{Harpiya's API}
+  s.homepage      = 'https://harpiyacommerce.org'
+  s.license       = 'BSD-3-Clause'
+
+  s.metadata = {
+    "bug_tracker_uri"   => "https://github.com/harpiya/harpiya/issues",
+    "changelog_uri"     => "https://github.com/harpiya/harpiya/releases/tag/v#{s.version}",
+    "documentation_uri" => "https://guides.harpiyacommerce.org/",
+    "source_code_uri"   => "https://github.com/harpiya/harpiya/tree/v#{s.version}",
+  }
+
+  s.required_ruby_version = '>= 2.5'
+
+  s.files         = `git ls-files`.split($\).reject { |f| f.match(/^spec/) && !f.match(/^spec\/fixtures/) }
+  s.executables   = s.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_development_dependency 'jsonapi-rspec'
+  s.add_development_dependency 'rswag-specs'
+  s.add_development_dependency 'multi_json'
+
+  s.add_dependency 'harpiya_core', s.version
+  s.add_dependency 'rabl', '~> 0.14', '>= 0.14.2'
+  s.add_dependency 'jsonapi-serializer', '~> 2.1'
+  s.add_dependency 'doorkeeper', '~> 5.2', '>= 5.2.1'
+  s.add_dependency 'responders'
+end

data/lib/harpiya/api.rb

@@ -0,0 +1,11 @@
+require 'harpiya/core'
+
+require 'rabl'
+require 'responders'
+
+module Harpiya
+  module Api
+  end
+end
+
+require 'harpiya/api/engine'

data/lib/harpiya/api/controller_setup.rb

@@ -0,0 +1,19 @@
+require 'harpiya/api/responders'
+
+module Harpiya
+  module Api
+    module ControllerSetup
+      def self.included(klass)
+        klass.class_eval do
+          include CanCan::ControllerAdditions
+
+          prepend_view_path Rails.root + 'app/views'
+          append_view_path File.expand_path('../../../app/views', File.dirname(__FILE__))
+
+          self.responder = Harpiya::Api::Responders::AppResponder
+          respond_to :json
+        end
+      end
+    end
+  end
+end

data/lib/harpiya/api/engine.rb

@@ -0,0 +1,30 @@
+require 'rails/engine'
+
+module Harpiya
+  module Api
+    class Engine < Rails::Engine
+      isolate_namespace Harpiya
+      engine_name 'harpiya_api'
+
+      # sets the manifests / assets to be precompiled, even when initialize_on_precompile is false
+      initializer 'harpiya.assets.precompile', group: :all do |app|
+        app.config.assets.precompile += %w[
+          harpiya/api/all*
+        ]
+      end
+
+      initializer 'harpiya.api.environment', before: :load_config_initializers do |_app|
+        Harpiya::Api::Config = Harpiya::ApiConfiguration.new
+        Harpiya::Api::Dependencies = Harpiya::ApiDependencies.new
+      end
+
+      initializer 'harpiya.api.checking_migrations' do
+        Migrations.new(config, engine_name).check
+      end
+
+      def self.root
+        @root ||= Pathname.new(File.expand_path('../../..', __dir__))
+      end
+    end
+  end
+end

data/lib/harpiya/api/responders.rb

@@ -0,0 +1,11 @@
+require 'harpiya/api/responders/rabl_template'
+
+module Harpiya
+  module Api
+    module Responders
+      class AppResponder < ActionController::Responder
+        include RablTemplate
+      end
+    end
+  end
+end

data/lib/harpiya/api/responders/rabl_template.rb

@@ -0,0 +1,28 @@
+module Harpiya
+  module Api
+    module Responders
+      module RablTemplate
+        def to_format
+          if template
+            render template, status: options[:status] || 200
+          else
+            super
+          end
+        rescue ActionView::MissingTemplate => e
+          api_behavior
+        end
+
+        def template
+          options[:default_template]
+        end
+
+        def api_behavior
+          if controller.params[:action] == 'destroy'
+            # Render a blank template
+            super
+          end
+        end
+      end
+    end
+  end
+end

data/lib/harpiya/api/testing_support/caching.rb

@@ -0,0 +1,10 @@
+RSpec.configure do |config|
+  config.before(:each, caching: true) do
+    ActionController::Base.perform_caching = true
+  end
+
+  config.after(:each, caching: true) do
+    ActionController::Base.perform_caching = false
+    Rails.cache.clear
+  end
+end

data/lib/harpiya/api/testing_support/helpers.rb

@@ -0,0 +1,44 @@
+module Harpiya
+  module Api
+    module TestingSupport
+      module Helpers
+        def json_response
+          case body = JSON.parse(response.body)
+          when Hash
+            body.with_indifferent_access
+          when Array
+            body
+          end
+        end
+
+        def assert_not_found!
+          expect(json_response).to eq('error' => 'The resource you were looking for could not be found.')
+          expect(response.status).to eq 404
+        end
+
+        def assert_unauthorized!
+          expect(json_response).to eq('error' => 'You are not authorized to perform that action.')
+          expect(response.status).to eq 401
+        end
+
+        def stub_authentication!
+          allow(Harpiya.user_class).to receive(:find_by).with(hash_including(:harpiya_api_key)) { current_api_user }
+        end
+
+        # This method can be overriden (with a let block) inside a context
+        # For instance, if you wanted to have an admin user instead.
+        def current_api_user
+          @current_api_user ||= stub_model(Harpiya.user_class, email: 'harpiya@example.com')
+        end
+
+        def image(filename)
+          File.open(Harpiya::Api::Engine.root + 'spec/fixtures' + filename)
+        end
+
+        def upload_image(filename)
+          fixture_file_upload(image(filename).path, 'image/jpg')
+        end
+      end
+    end
+  end
+end

data/lib/harpiya/api/testing_support/setup.rb

@@ -0,0 +1,16 @@
+module Harpiya
+  module Api
+    module TestingSupport
+      module Setup
+        def sign_in_as_admin!
+          let!(:current_api_user) do
+            user = stub_model(Harpiya.user_class)
+            allow(user).to receive_message_chain(:harpiya_roles, :pluck).and_return(['admin'])
+            allow(user).to receive(:has_harpiya_role?).with('admin').and_return(true)
+            user
+          end
+        end
+      end
+    end
+  end
+end

data/lib/harpiya/api/testing_support/v2/base.rb

@@ -0,0 +1,13 @@
+shared_context 'API v2 tokens' do
+  let(:token) { Doorkeeper::AccessToken.create!(resource_owner_id: user.id, expires_in: nil) }
+  let(:headers_bearer) { { 'Authorization' => "Bearer #{token.token}" } }
+  let(:headers_order_token) { { 'X-Harpiya-Order-Token' => order.token } }
+end
+
+[200, 201, 204, 400, 401, 404, 403, 422].each do |status_code|
+  shared_examples "returns #{status_code} HTTP status" do
+    it "returns #{status_code}" do
+      expect(response.status).to eq(status_code)
+    end
+  end
+end

data/lib/harpiya/api/testing_support/v2/current_order.rb

@@ -0,0 +1,79 @@
+def ensure_order_totals
+  order.update_totals
+  order.persist_totals
+end
+
+shared_context 'creates order with line item' do
+  let!(:line_item) { create(:line_item, order: order, currency: currency) }
+  let!(:headers)   { headers_bearer }
+
+  before { ensure_order_totals }
+end
+
+shared_context 'creates guest order with guest token' do
+  let(:guest_token) { 'guest_token' }
+  let!(:order)      { create(:order, token: guest_token, store: store, currency: currency) }
+  let!(:line_item)  { create(:line_item, order: order, currency: currency) }
+  let!(:headers)    { headers_order_token }
+
+  before { ensure_order_totals }
+end
+
+shared_examples 'returns valid cart JSON' do
+  it 'returns a valid cart JSON response' do
+    order.reload
+    expect(json_response['data']).to be_present
+    expect(json_response['data']).to have_id(order.id.to_s)
+    expect(json_response['data']).to have_type('cart')
+    expect(json_response['data']).to have_attribute(:number).with_value(order.number)
+    expect(json_response['data']).to have_attribute(:state).with_value(order.state)
+    expect(json_response['data']).to have_attribute(:payment_state).with_value(order.payment_state)
+    expect(json_response['data']).to have_attribute(:shipment_state).with_value(order.shipment_state)
+    expect(json_response['data']).to have_attribute(:token).with_value(order.token)
+    expect(json_response['data']).to have_attribute(:total).with_value(order.total.to_s)
+    expect(json_response['data']).to have_attribute(:item_total).with_value(order.item_total.to_s)
+    expect(json_response['data']).to have_attribute(:ship_total).with_value(order.ship_total.to_s)
+    expect(json_response['data']).to have_attribute(:adjustment_total).with_value(order.adjustment_total.to_s)
+    expect(json_response['data']).to have_attribute(:included_tax_total).with_value(order.included_tax_total.to_s)
+    expect(json_response['data']).to have_attribute(:additional_tax_total).with_value(order.additional_tax_total.to_s)
+    expect(json_response['data']).to have_attribute(:display_additional_tax_total).with_value(order.display_additional_tax_total.to_s)
+    expect(json_response['data']).to have_attribute(:display_included_tax_total).with_value(order.display_included_tax_total.to_s)
+    expect(json_response['data']).to have_attribute(:tax_total).with_value(order.tax_total.to_s)
+    expect(json_response['data']).to have_attribute(:currency).with_value(order.currency.to_s)
+    expect(json_response['data']).to have_attribute(:email).with_value(order.email)
+    expect(json_response['data']).to have_attribute(:display_item_total).with_value(order.display_item_total.to_s)
+    expect(json_response['data']).to have_attribute(:display_ship_total).with_value(order.display_ship_total.to_s)
+    expect(json_response['data']).to have_attribute(:display_adjustment_total).with_value(order.display_adjustment_total.to_s)
+    expect(json_response['data']).to have_attribute(:display_tax_total).with_value(order.display_tax_total.to_s)
+    expect(json_response['data']).to have_attribute(:item_count).with_value(order.item_count)
+    expect(json_response['data']).to have_attribute(:special_instructions).with_value(order.special_instructions)
+    expect(json_response['data']).to have_attribute(:promo_total).with_value(order.promo_total.to_s)
+    expect(json_response['data']).to have_attribute(:display_promo_total).with_value(order.display_promo_total.to_s)
+    expect(json_response['data']).to have_attribute(:display_total).with_value(order.display_total.to_s)
+    expect(json_response['data']).to have_attribute(:pre_tax_item_amount).with_value(order.pre_tax_item_amount.to_s)
+    expect(json_response['data']).to have_attribute(:display_pre_tax_item_amount).with_value(order.display_pre_tax_item_amount.to_s)
+    expect(json_response['data']).to have_attribute(:pre_tax_total).with_value(order.pre_tax_total.to_s)
+    expect(json_response['data']).to have_attribute(:display_pre_tax_total).with_value(order.display_pre_tax_total.to_s)
+    expect(json_response['data']).to have_relationships(:user, :line_items, :variants, :billing_address, :shipping_address, :payments, :shipments, :promotions)
+  end
+end
+
+shared_examples 'no current order' do
+  context "order doesn't exist" do
+    before do
+      order.destroy
+      execute
+    end
+
+    it_behaves_like 'returns 404 HTTP status'
+  end
+
+  context 'already completed order' do
+    before do
+      order.update_column(:completed_at, Time.current)
+      execute
+    end
+
+    it_behaves_like 'returns 404 HTTP status'
+  end
+end

data/lib/harpiya/api/testing_support/v2/platform_contexts.rb

@@ -0,0 +1,213 @@
+class String
+  def articleize
+    %w(a e i o u).include?(self[0].downcase) ? "an #{self}" : "a #{self}"
+  end
+end
+
+shared_context 'Platform API v2' do
+  let(:admin_app) { Doorkeeper::Application.find_or_create_by!(name: 'Admin Panel', scopes: 'admin', redirect_uri: '') }
+  let(:read_app) { Doorkeeper::Application.find_or_create_by!(name: 'Read App', scopes: 'read', redirect_uri: '') }
+  let(:oauth_token) do
+    Doorkeeper::AccessToken.create!(
+      application_id: admin_app.id,
+      scopes: admin_app.scopes
+    )
+  end
+  let(:read_oauth_token) do
+    Doorkeeper::AccessToken.create!(
+      application_id: read_app.id,
+      scopes: read_app.scopes
+    )
+  end
+  let(:user_oauth_token) do
+    Doorkeeper::AccessToken.create!(
+      resource_owner_id: user.id,
+      application_id: admin_app.id,
+      scopes: admin_app.scopes
+    )
+  end
+
+  let(:valid_authorization) { "Bearer #{oauth_token.token}" }
+  let(:valid_read_authorization) { "Bearer #{read_oauth_token.token}" }
+  let(:valid_user_authorization) { "Bearer #{user_oauth_token.token}" }
+  let(:bogus_authorization) { "Bearer #{::Base64.strict_encode64('bogus:bogus')}" }
+
+  let(:Authorization) { valid_authorization }
+end
+
+shared_context 'jsonapi pagination' do
+  let(:page) { 1 }
+  let(:per_page) { '' }
+  parameter name: :page, in: :query, type: :integer, example: 1
+  parameter name: :per_page, in: :query, type: :integer, example: 50
+end
+
+JSON_API_INCLUDES_DESCRIPTION = 'Select which associated resources you would like to fetch'\
+                                ', see: <a href="https://jsonapi.org/format/#fetching-includes">'\
+                                'https://jsonapi.org/format/#fetching-includes</a>'.freeze
+JSON_API_FILTER_DESCRIPTION = ''
+
+def json_api_include_parameter(example = '')
+  let(:include) { nil }
+  parameter name: :include, in: :query, type: :string, descripton: JSON_API_INCLUDES_DESCRIPTION, example: example
+end
+
+def json_api_filter_parameter(example = '')
+  let(:filter) { nil }
+  parameter name: :filter, in: :query, type: :string, descripton: JSON_API_FILTER_DESCRIPTION, example: example
+end
+
+shared_examples 'authentication failed' do
+  response '401', 'Authentication Failed' do
+    let(:Authorization) { bogus_authorization }
+    schema '$ref' => '#/components/schemas/error'
+    run_test!
+  end
+end
+
+shared_examples 'record not found' do
+  response '404', 'Record not found' do
+    let(:id) { 'invalid' }
+    schema '$ref' => '#/components/schemas/error'
+    run_test!
+  end
+end
+
+shared_examples 'record found' do
+  response '200', 'Record found' do
+    schema '$ref' => '#/components/schemas/resource'
+    run_test!
+  end
+end
+
+shared_examples 'record deleted' do
+  response '204', 'Record deleted' do
+    run_test!
+  end
+end
+
+shared_examples 'records returned' do
+  response '200', 'Records returned' do
+    schema '$ref' => '#/components/schemas/resources_list'
+    run_test!
+  end
+end
+
+shared_examples 'record created' do
+  response '201', 'record created' do
+    schema '$ref' => '#/components/schemas/resource'
+    run_test!
+  end
+end
+
+shared_examples 'record updated' do
+  response '200', 'record updated' do
+    schema '$ref' => '#/components/schemas/resource'
+    run_test!
+  end
+end
+
+shared_examples 'invalid request' do |param_name|
+  response '422', 'invalid request' do
+    let(param_name) { invalid_param_value }
+    schema '$ref' => '#/components/schemas/validation_errors'
+    run_test!
+  end
+end
+
+# index action
+shared_examples 'GET records list' do |resource_name, include_example, filter_example|
+  get "Returns a list of #{resource_name.pluralize}" do
+    tags resource_name.pluralize
+    security [ bearer_auth: [] ]
+    include_context 'jsonapi pagination'
+    json_api_include_parameter(include_example)
+    json_api_filter_parameter(filter_example)
+
+    before { records_list }
+
+    it_behaves_like 'records returned'
+    it_behaves_like 'authentication failed'
+  end
+end
+
+# show
+shared_examples 'GET record' do |resource_name, include_example|
+  get "Returns #{resource_name.articleize}" do
+    tags resource_name.pluralize
+    security [ bearer_auth: [] ]
+    parameter name: :id, in: :path, type: :string
+    json_api_include_parameter(include_example)
+
+    it_behaves_like 'record found'
+    it_behaves_like 'record not found'
+    it_behaves_like 'authentication failed'
+  end
+end
+
+# create
+shared_examples 'POST create record' do |resource_name, include_example|
+  param_name = resource_name.parameterize.to_sym
+
+  post "Creates #{resource_name.articleize}" do
+    tags resource_name.pluralize
+    consumes 'application/json'
+    security [ bearer_auth: [] ]
+    parameter name: param_name, in: :body, schema: { '$ref' => "#/components/schemas/#{param_name}_params" }
+    json_api_include_parameter(include_example)
+
+    let(param_name) { valid_create_param_value }
+
+    it_behaves_like 'record created'
+    it_behaves_like 'invalid request', param_name
+  end
+end
+
+# update
+shared_examples 'PUT update record' do |resource_name, include_example|
+  param_name = resource_name.parameterize.to_sym
+
+  put "Updates #{resource_name.articleize}" do
+    tags resource_name.pluralize
+    security [ bearer_auth: [] ]
+    consumes 'application/json'
+    parameter name: :id, in: :path, type: :string
+    parameter name: param_name, in: :body, schema: { '$ref' => "#/components/schemas/#{param_name}_params" }
+    json_api_include_parameter(include_example)
+
+    let(param_name) { valid_update_param_value }
+
+    it_behaves_like 'record updated'
+    it_behaves_like 'invalid request', param_name
+    it_behaves_like 'record not found'
+    it_behaves_like 'authentication failed'
+  end
+end
+
+# destroy
+shared_examples 'DELETE record' do |resource_name|
+  delete "Deletes #{resource_name.articleize}" do
+    tags resource_name.pluralize
+    security [ bearer_auth: [] ]
+    parameter name: :id, in: :path, type: :string
+
+    it_behaves_like 'record deleted'
+    it_behaves_like 'record not found'
+    it_behaves_like 'authentication failed'
+  end
+end
+
+shared_examples 'CRUD examples' do |resource_name, include_example, filter_example|
+  resource_path = resource_name.pluralize.parameterize
+
+  path "/api/v2/platform/#{resource_path}" do
+    include_examples 'GET records list', resource_name, include_example, filter_example
+    include_examples 'POST create record', resource_name, include_example
+  end
+
+  path "/api/v2/platform/#{resource_path}/{id}" do
+    include_examples 'GET record', resource_name, include_example
+    include_examples 'PUT update record', resource_name, include_example
+    include_examples 'DELETE record', resource_name
+  end
+end