model_driven_api 2.2.9 → 2.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/app/commands/authenticate_user.rb +2 -2
- data/app/controllers/api/v2/application_controller.rb +31 -4
- data/lib/model_driven_api/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b3732e187808e98168a540463302b48f5c790b636ec3058d8fe1d1368fe8d00c
|
|
4
|
+
data.tar.gz: e3cc94ae51641832ad46712014fd5519937d1d2533e1c8866e1fd04a9372f57a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3cb118e13b3362bd98396a5cf639ba3de1f8e5e161c36e21f04f9bbfacb7c722a985aef6baf5a249fe12fc6ba4572c62277905cdeb148c4b42742abf069b0726
|
|
7
|
+
data.tar.gz: 3dddb43d8f95f6203523ef3d770867682179e5d8abc04838bd42ef5809c91b1f458093c799ddee7d3758a008560f6802315b90fce0d9b83b71ff3272849cdea5
|
data/README.md
CHANGED
|
@@ -422,7 +422,7 @@ Once loaded the tests inside the insomnia application, please right click on the
|
|
|
422
422
|
|
|
423
423
|
## TODO
|
|
424
424
|
|
|
425
|
-
*
|
|
425
|
+
* Document the new feature (from version 2.3.3) to add Authentication methods which override the JWT described above. Useful for Webhooks and machine2machine trusted dialogues.
|
|
426
426
|
|
|
427
427
|
## References
|
|
428
428
|
Thanks to all these people for ideas:
|
|
@@ -21,7 +21,7 @@ class Api::V2::ApplicationController < ActionController::API
|
|
|
21
21
|
|
|
22
22
|
# Normal Index Action with Ransack querying
|
|
23
23
|
@q = (@model.column_names.include?("user_id") ? @model.where(user_id: current_user.id) : @model).ransack(@query.presence|| params[:q])
|
|
24
|
-
@records_all = @q.result(distinct: true)
|
|
24
|
+
@records_all = @q.result # (distinct: true) Removing, but I'm not sure, with it I cannot sort in postgres for associated records (throws an exception on misuse of sort with distinct)
|
|
25
25
|
page = (@page.presence || params[:page])
|
|
26
26
|
per = (@per.presence || params[:per])
|
|
27
27
|
pages_info = (@pages_info.presence || params[:pages_info])
|
|
@@ -107,15 +107,34 @@ class Api::V2::ApplicationController < ActionController::API
|
|
|
107
107
|
# call an unwanted method in the AR Model.
|
|
108
108
|
resource = "custom_action_#{params[:do]}"
|
|
109
109
|
raise NoMethodError unless @model.respond_to?(resource)
|
|
110
|
-
return true, MultiJson.dump(params[:id].blank? ? @model.send(resource, params) : @model.send(resource, params[:id].to_i, params))
|
|
110
|
+
# return true, MultiJson.dump(params[:id].blank? ? @model.send(resource, params) : @model.send(resource, params[:id].to_i, params))
|
|
111
|
+
return true, MultiJson.dump(@model.send(resource, params))
|
|
111
112
|
end
|
|
112
113
|
# if it's here there is no custom action in the request querystring
|
|
113
114
|
return false
|
|
114
115
|
end
|
|
116
|
+
|
|
117
|
+
def class_exists?(class_name)
|
|
118
|
+
klass = Module.const_get(class_name)
|
|
119
|
+
return klass.is_a?(Class)
|
|
120
|
+
rescue NameError
|
|
121
|
+
return false
|
|
122
|
+
end
|
|
115
123
|
|
|
116
124
|
def authenticate_request
|
|
117
|
-
|
|
118
|
-
|
|
125
|
+
# puts request.headers.inspect
|
|
126
|
+
@current_user = nil
|
|
127
|
+
# puts "Are there wbehooks headers to check for? #{Settings.ns(:security).allowed_authorization_headers}"
|
|
128
|
+
Settings.ns(:security).allowed_authorization_headers.split(",").each do |header|
|
|
129
|
+
# puts "Found header #{header}: #{request.headers[header.underscore.dasherize]}"
|
|
130
|
+
check_authorization("Authorize#{header}".constantize.call(request.headers, request.raw_post)) if request.headers[header.underscore.dasherize]
|
|
131
|
+
end
|
|
132
|
+
return unauthenticated!(OpenStruct.new({message: @auth_errors})) unless @current_user
|
|
133
|
+
|
|
134
|
+
# This is the default one, if the header doesn't have a valid form for one of the other Auth methods, then use this Auth Class
|
|
135
|
+
check_authorization AuthorizeApiRequest.call(request.headers) unless @current_user
|
|
136
|
+
return unauthenticated!(OpenStruct.new({message: @auth_errors})) unless @current_user
|
|
137
|
+
|
|
119
138
|
current_user = @current_user
|
|
120
139
|
params[:current_user_id] = @current_user.id
|
|
121
140
|
# Now every time the user fires off a successful GET request,
|
|
@@ -147,6 +166,14 @@ class Api::V2::ApplicationController < ActionController::API
|
|
|
147
166
|
return not_found! if (!@model.new.is_a? ActiveRecord::Base rescue false)
|
|
148
167
|
end
|
|
149
168
|
|
|
169
|
+
def check_authorization cmd
|
|
170
|
+
if cmd.success?
|
|
171
|
+
@current_user = cmd.result
|
|
172
|
+
else
|
|
173
|
+
@auth_errors = cmd.errors
|
|
174
|
+
end
|
|
175
|
+
end
|
|
176
|
+
|
|
150
177
|
# Nullifying strong params for API
|
|
151
178
|
def params
|
|
152
179
|
request.parameters
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: model_driven_api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.3.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gabriele Tassoni
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-02-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thecore_backend_commons
|