master_api_key 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 7095209e7a5c70fdb13ccca9ac51749ef7ea24fb
+  data.tar.gz: 4ba5cea4ae5a8c7cce16df468a4247cedfbcec30
+SHA512:
+  metadata.gz: a8f08b1267c0bfc3637896efc5fd3a148853d83c1d12d51cf590f64d3dc187d1d9a7c6a74c2a7b0161dd5530e19b334f43595670c1c3979a0070eb4a2b8622a9
+  data.tar.gz: d26894146e18ef660868a18dc256cebe197994b733a678a39f0c3fbb75375d00c0810f8c279791e2b84b686feb977a9e368897cd30f77a4efada8a8e68459616

data/app/controllers/master_api_key/api_keys_controller.rb

@@ -0,0 +1,54 @@
+require_dependency 'master_api_key/application_controller'
+
+module MasterApiKey
+  class ApiKeysController < ApplicationController
+    belongs_to_api_group :master_key
+    skip_before_action  :verify_authenticity_token
+    before_action :authorize_action
+
+    # POST /api_keys
+    def create
+      begin
+        @api_key = ApiKey.create!(group:group_param)
+        render json: { apiKey: @api_key, status: :created }
+      rescue ActionController::ParameterMissing => e
+        respond_with_error(e.message, :bad_request)
+      end
+    end
+
+    # DELETE /api_keys/1
+    def destroy
+      begin
+        ApiKey.delete_all(['id = ?', access_id_param])
+        head :ok
+      rescue ActionController::ParameterMissing => e
+        respond_with_error(e.message, :bad_request)
+      end
+    end
+
+    # DELETE /api_keys
+    def destroy_by_access_token
+      begin
+        Rails.logger.warn "the api token is #{access_token_param}"
+        ApiKey.delete_all(['api_token = ?', access_token_param])
+        head :ok
+      rescue ActionController::ParameterMissing => e
+        respond_with_error(e.message, :bad_request)
+      end
+    end
+
+    private
+
+    def group_param
+      params.require(:group)
+    end
+
+    def access_token_param
+      params.require(:api_token)
+    end
+
+    def access_id_param
+      params.require(:id)
+    end
+  end
+end

data/app/controllers/master_api_key/application_controller.rb

@@ -0,0 +1,11 @@
+module MasterApiKey
+  class ApplicationController < ActionController::Base
+    protect_from_forgery with: :exception
+
+    protected
+
+    def respond_with_error(msg, error)
+      render :text => {:error => msg}.to_json, :content_type => 'application/json', :status => error
+    end
+  end
+end

data/app/models/master_api_key/api_key.rb

@@ -0,0 +1,16 @@
+module MasterApiKey
+  class ApiKey < ActiveRecord::Base
+    validates :group, presence: true
+    before_create :generate_api_token
+
+    def as_json(options = {})
+      super(options.reverse_merge({only: [:id, :api_token, :group]}))
+    end
+
+    private
+
+    def generate_api_token
+      self.api_token ||= SecureRandom.urlsafe_base64
+    end
+  end
+end

data/config/master_api_key.gemversion

@@ -0,0 +1 @@
+1.0.0

data/config/routes.rb

@@ -0,0 +1,5 @@
+
+MasterApiKey::Engine.routes.draw do
+  delete '/api_keys', to: 'api_keys#destroy_by_access_token'
+  resources :api_keys, only: [:create, :destroy]
+end

data/db/migrate/20160329212147_create_master_api_key_api_keys.rb

@@ -0,0 +1,9 @@
+class CreateMasterApiKeyApiKeys < ActiveRecord::Migration
+  def change
+    create_table :master_api_key_api_keys do |t|
+      t.string :api_token
+
+      t.timestamps null: false
+    end
+  end
+end

data/db/migrate/20160330160153_add_group_column.rb

@@ -0,0 +1,5 @@
+class AddGroupColumn < ActiveRecord::Migration
+  def change
+    add_column :master_api_key_api_keys, :group, :string
+  end
+end

data/db/migrate/20160407194542_require_group_attribute.rb

@@ -0,0 +1,5 @@
+class RequireGroupAttribute < ActiveRecord::Migration
+  def change
+    change_column_null :master_api_key_api_keys, :group, false
+  end
+end

data/db/migrate/20160411152807_create_master_key.rb

@@ -0,0 +1,11 @@
+class CreateMasterKey < ActiveRecord::Migration
+  def up
+    unless MasterApiKey::ApiKey.where(:group => :master_key).count > 0
+      MasterApiKey::ApiKey.create(:group => :master_key)
+    end
+  end
+
+  def down
+    MasterApiKey::ApiKey.where(:group => :master_key).delete_all
+  end
+end

data/db/seeds.rb

@@ -0,0 +1,10 @@
+# This file should contain all the record creation needed to seed the database with its default values.
+# The data can then be loaded with the rake db:seed (or created alongside the db with db:setup).
+#
+# Examples:
+#
+#   cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }])
+#   Mayor.create(name: 'Emanuel', city: cities.first)
+unless MasterApiKey::ApiKey.where(:group => :master_key).count > 0
+  MasterApiKey::ApiKey.create(:group => :master_key)
+end

data/lib/master_api_key.rb

@@ -0,0 +1,4 @@
+require 'master_api_key/api_gatekeeper'
+require 'master_api_key/engine'
+
+ActionController::Base.send :include, MasterApiKey::ApiGatekeeper

data/lib/master_api_key/api_gatekeeper.rb

@@ -0,0 +1,56 @@
+require 'active_support'
+
+module MasterApiKey
+  module ApiGatekeeper
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      def belongs_to_api_group(group_name)
+        raise ArgumentError, "MasterApiKey: Didn't define an api group name" unless group_name.present?
+
+        self.module_eval("def api_group() :#{group_name} end")
+      end
+    end
+
+    def api_group
+      nil
+    end
+
+    protected
+
+    def authorize_action
+      if user_authenticated?
+        raise ArgumentError, "MasterApiKey: Didn't define an api group name" unless self.api_group.present?
+        if @api_key.group.casecmp(self.api_group.to_s) == 0
+          yield if block_given?
+        else
+          on_forbidden_request
+        end
+      else
+        on_authentication_failure
+      end
+    end
+
+    def on_authentication_failure
+      head(:unauthorized)
+    end
+
+    def on_forbidden_request
+      head(:forbidden)
+    end
+
+    private
+
+    def user_authenticated?
+     api_token.present? and (@api_key = MasterApiKey::ApiKey.find_by_api_token(api_token)).present?
+    end
+
+    def api_token
+      header('X-API-TOKEN')
+    end
+
+    def header(header)
+      request.headers[header]
+    end
+  end
+end

data/lib/master_api_key/engine.rb

@@ -0,0 +1,14 @@
+module MasterApiKey
+  class Engine < ::Rails::Engine
+    isolate_namespace MasterApiKey
+
+    config.generators do |g|
+      g.test_framework :rspec, :fixture => false
+      g.integration_tool :rspec, :fixture => false, :views => false
+      #g.fixture_replacement :factory_girl, :dir => 'spec/factories'
+      g.assets false
+      g.helper false
+    end
+
+  end
+end

data/lib/master_api_key/version.rb

@@ -0,0 +1,9 @@
+module MasterApiKey
+  VERSION = lambda {
+    version = '0.0.0'
+    File.open(File.join(File.dirname(__FILE__), '../../config/master_api_key.gemversion'), 'r') do |f|
+      version = f.readline
+    end
+    version
+  }.call
+end

data/spec/controllers/master_api_key/api_keys_controller_spec.rb

@@ -0,0 +1,130 @@
+require 'rails_helper'
+
+module MasterApiKey
+  RSpec.describe ApiKeysController, type: :controller do
+
+    before(:each) do
+      @routes = Engine.routes
+    end
+
+    # This should return the minimal set of values that should be in the session
+    # in order to pass any filters (e.g. authentication) defined in
+    # ApiKeysController. Be sure to keep this updated too.
+    let(:valid_session) { {} }
+
+    describe 'POST #create' do
+      context 'with master key' do
+        before(:each) do
+          @master_key = ApiKey.create!(:group => :master_key)
+          controller.request.headers['X-API-TOKEN'] = @master_key.api_token
+        end
+
+        context 'with valid params' do
+          before(:each) do
+            @valid_attributes = {:group => 'group_1'}
+          end
+
+          it 'creates a new ApiKey' do
+            expect {
+              post :create, @valid_attributes
+            }.to change(ApiKey, :count).by(1)
+          end
+
+          it 'assigns a newly created api_key as @api_key' do
+            post :create, @valid_attributes
+
+            expect(assigns(:api_key)).to be_a(ApiKey)
+            expect(assigns(:api_key)).to be_persisted
+          end
+        end
+
+        context 'with invalid params' do
+          before(:each) do
+          end
+
+          it 'should not change ApiKey count when group is nil' do
+            expect {
+              post :create, {:group => nil}
+            }.to_not change(ApiKey, :count)
+          end
+
+          it 'should not change ApiKey count when group param does not exist' do
+            expect {
+              post :create, {}
+            }.to_not change(ApiKey, :count)
+          end
+        end
+      end
+
+      context 'with incorrect api key' do
+        before(:each) do
+          @master_key = ApiKey.create!(:group => :wrong_group)
+          controller.request.headers['X-API-TOKEN'] = @master_key.api_token
+          @valid_attributes = {:group => 'group_1'}
+        end
+
+        it 'fails to create a new ApiKey' do
+          expect {
+            post :create, @valid_attributes
+          }.to_not change(ApiKey, :count)
+
+          expect(response.status).to be 403
+        end
+      end
+    end
+
+    describe 'DELETE #destroy' do
+      context 'with master key' do
+        before(:each) do
+          @master_key = ApiKey.create(:group => :master_key)
+          @api_key = ApiKey.create!(:group => 'group_1')
+          controller.request.headers['X-API-TOKEN'] = @master_key.api_token
+        end
+
+        it 'destroys the requested api_key with the id' do
+          expect {
+            delete :destroy, {:id => @api_key.to_param.to_i}
+          }.to change(ApiKey, :count).by(-1)
+        end
+
+        it 'destroys the requested api_key with the api token' do
+          expect {
+            delete :destroy_by_access_token, {:api_token => @api_key.api_token}
+          }.to change(ApiKey, :count).by(-1)
+        end
+
+        it 'does not change the ApiKey count when the key does not exist' do
+          expect {
+            delete :destroy_by_access_token, {:api_token => 'not_a_real_key'}
+          }.not_to change(ApiKey, :count)
+
+          expect(response).to be_success
+        end
+      end
+
+      context 'with incorrect api key' do
+        before(:each) do
+          @master_key = ApiKey.create!(:group => :wrong_group)
+          @api_key = ApiKey.create!(:group => 'group_1')
+          controller.request.headers['X-API-TOKEN'] = @master_key.api_token
+        end
+
+        it 'fails to destroy the ApiKey by id' do
+          expect {
+            delete :destroy, {:id => @api_key.to_param.to_i}
+          }.to_not change(ApiKey, :count)
+
+          expect(response.status).to be 403
+        end
+
+        it 'fails to destroy the ApiKey by api token' do
+          expect {
+            delete :destroy_by_access_token, {:api_token => @api_key.api_token}
+          }.to_not change(ApiKey, :count)
+
+          expect(response.status).to be 403
+        end
+      end
+    end
+  end
+end

data/spec/dummy/Rakefile

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Rails.application.load_tasks

data/spec/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,5 @@
+class ApplicationController < ActionController::Base
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
+end

data/spec/dummy/app/controllers/empty_group_controller.rb

@@ -0,0 +1,7 @@
+class EmptyGroupController < ApplicationController
+  belongs_to_api_group('')
+
+  def index
+    head(:ok)
+  end
+end

data/spec/dummy/app/controllers/nil_group_controller.rb

@@ -0,0 +1,7 @@
+class NilGroupController < ApplicationController
+  belongs_to_api_group(nil)
+
+  def index
+    head(:ok)
+  end
+end

data/spec/dummy/bin/bundle

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+load Gem.bin_path('bundler', 'bundle')

data/spec/dummy/bin/rails

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+APP_PATH = File.expand_path('../../config/application', __FILE__)
+require_relative '../config/boot'
+require 'rails/commands'

data/spec/dummy/bin/rake

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+require_relative '../config/boot'
+require 'rake'
+Rake.application.run

data/spec/dummy/bin/setup

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+require 'pathname'
+
+# path to your application root.
+APP_ROOT = Pathname.new File.expand_path('../../',  __FILE__)
+
+Dir.chdir APP_ROOT do
+  # This script is a starting point to setup your application.
+  # Add necessary setup steps to this file:
+
+  puts "== Installing dependencies =="
+  system "gem install bundler --conservative"
+  system "bundle check || bundle install"
+
+  # puts "\n== Copying sample files =="
+  # unless File.exist?("config/database.yml")
+  #   system "cp config/database.yml.sample config/database.yml"
+  # end
+
+  puts "\n== Preparing database =="
+  system "bin/rake db:setup"
+
+  puts "\n== Removing old logs and tempfiles =="
+  system "rm -f log/*"
+  system "rm -rf tmp/cache"
+
+  puts "\n== Restarting application server =="
+  system "touch tmp/restart.txt"
+end