model_driven_api 2.4.0 → 2.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +9 -1
  3. data/app/commands/authenticate_user.rb +2 -2
  4. data/app/commands/authorize_machine_2_machine.rb +31 -0
  5. data/app/controllers/api/v2/application_controller.rb +4 -3
  6. data/app/controllers/api/v2/info_controller.rb +5 -0
  7. data/config/routes.rb +1 -0
  8. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 83d29c7872f8a719a67efea2d255348bf1d45b59cfed6729a8eba63cd58a3679
4
- data.tar.gz: 0d351060548decf558e0d7332ca4c580729070d80ddfd94c7656da1cb45e815f
3
+ metadata.gz: fe7f4f3089407a7bdb2a1f4174c9c134599fbe2a3ffd7c4bd1fa8d45424fabfe
4
+ data.tar.gz: 1a863a98f07a3311782c8b6d4c8123ba6318ffa1476a056f35ed62fd75b25f3c
5
5
  SHA512:
6
- metadata.gz: fd8488a506791ee0394b4f148c8df23a47728603cc9e56ed2de894ff74cd8ed3bb701e3077c9ba2c512cb83478373448c7d34552eefd5995f64c1a5fcd43ad40
7
- data.tar.gz: 7afcfeb678f4c9d7609468e8e8fad1c5b59a54c41164c2598e201409cd49024be8d6b5f2dea08d1e58778d1905f410f1a826cea278b9b3e251ab850d853690ca
6
+ metadata.gz: 79cf4fd763c17311165ada17fa4067f9151914e62aaa494eb9661dfbe5c41a7d2248c92caf1803518c430eba6d1dd77692a4148db3a18b681618775a51151f59
7
+ data.tar.gz: 38b734d317dbb08b3b7bfce009b5636e38d1647cfd3bf40dea78703dfec89356fe09bcdbd2013a096b4c06a9456c10a9bc5419b512d125a757d1e588e77fab52
data/README.md CHANGED
@@ -140,6 +140,14 @@ Once the JWT has been retrieved, the **Authenticated Request**s must use it in a
140
140
 
141
141
  ```
142
142
  Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1OTA3NzQyMzR9.Z-1yECp55VD560UcB7gIhgVWJNjn8HUerG5s4TVSRko
143
+ ```
144
+
145
+ #### Token Refresh
146
+
147
+ If issued during the token validity period, this will just return a new JWT to be used during following API request.
148
+
149
+ ```bash
150
+ :GET http://localhost:3000/api/v2/info/heartbeat
143
151
  ```
144
152
 
145
153
  ### CRUD Actions
@@ -299,7 +307,7 @@ Something like this can be retrieved:
299
307
  By issuing this GET request:
300
308
 
301
309
  ```bash
302
- GET http://localhost:3000/api/v2/info/roles
310
+ GET http://localhost:3000/api/v2/info/schema
303
311
  ```
304
312
 
305
313
  You will get something like:
data/app/commands/authenticate_user.rb CHANGED
@@ -22,7 +22,7 @@ class AuthenticateUser
22
22
  # The token is created and the api_user exists => Invalidating all the previous tokens
23
23
  # Since this is a new login and I don't care from where it comes, new logins always
24
24
  # Invalidate older tokens
25
- UsedToken.where(user_id: api_user.id).update(is_valid: false) if ENV["ALLOW_MULTISESSIONS"] == "false"
25
+ UsedToken.where(user_id: current_u.id).update(is_valid: false) if ENV["ALLOW_MULTISESSIONS"] == "false"
26
26
  return {jwt: result, user: current_u}
27
27
  end
28
28
  nil
@@ -36,7 +36,7 @@ class AuthenticateUser
36
36
  if !email.blank? && !password.blank?
37
37
  user = User.find_by(email: email)
38
38
  # Verify the password.
39
- raise AccessDenied if user.blank? && user.authenticate(password).blank?
39
+ user = nil if user.blank? || user.authenticate(password).blank?
40
40
  elsif !access_token.blank?
41
41
  user = User.find_by(access_token: access_token)
42
42
  end
data/app/commands/authorize_machine_2_machine.rb ADDED
@@ -0,0 +1,31 @@
1
+ class AuthorizeMachine2Machine
2
+ prepend SimpleCommand
3
+
4
+ def initialize(headers = {})
5
+ @headers = headers
6
+ end
7
+
8
+ def call
9
+ api_user
10
+ end
11
+
12
+ private
13
+
14
+ attr_reader :headers
15
+
16
+ def api_user
17
+ token = http_auth_header
18
+ user = User.find_by(access_token: token) unless token.blank?
19
+ @api_user = user if user
20
+ @api_user || errors.add(:token, "Invalid token") && nil
21
+ end
22
+
23
+ def http_auth_header
24
+ if headers['Authorization'].present?
25
+ return headers['Authorization'].split(' ').last
26
+ else
27
+ errors.add(:token, "Missing token")
28
+ end
29
+ nil
30
+ end
31
+ end
data/app/controllers/api/v2/application_controller.rb CHANGED
@@ -84,7 +84,8 @@ class Api::V2::ApplicationController < ActionController::API
84
84
  return render json: result, status: 200 if status == true
85
85
 
86
86
  # Normal Update Action
87
- @record.update_attributes!(@body)
87
+ # Raisl 6 vs Rails 6.1
88
+ @record.respond_to?('update_attributes!') ? @record.update_attributes!(@body) : @record.update!(@body)
88
89
  render json: @record.to_json(json_attrs), status: 200
89
90
  end
90
91
 
@@ -130,8 +131,8 @@ class Api::V2::ApplicationController < ActionController::API
130
131
  def authenticate_request
131
132
  @current_user = nil
132
133
  Settings.ns(:security).allowed_authorization_headers.split(",").each do |header|
133
- # puts "Found header #{header}: #{request.headers[header.underscore.dasherize]}"
134
- check_authorization("Authorize#{header}".constantize.call(request.headers, request.raw_post)) if request.headers[header.underscore.dasherize]
134
+ # puts "Found header #{header}: #{request.headers[header]}"
135
+ check_authorization("Authorize#{header}".constantize.call(request.headers)) # if request.headers[header]
135
136
  end
136
137
 
137
138
  check_authorization AuthorizeApiRequest.call(request.headers) unless @current_user
data/app/controllers/api/v2/info_controller.rb CHANGED
@@ -73,4 +73,9 @@ class Api::V2::InfoController < Api::V2::ApplicationController
73
73
  end
74
74
  render json: pivot.to_json, status: 200
75
75
  end
76
+
77
+ def settings
78
+ render json: ThecoreSettings::Setting.pluck(:ns, :key, :raw).inject({}){|result, array| (result[array.first] ||= {})[array.second] = array.third; result }.to_json, status: 200
79
+ end
80
+
76
81
  end
data/config/routes.rb CHANGED
@@ -13,6 +13,7 @@ Rails.application.routes.draw do
13
13
  get :schema
14
14
  get :dsl
15
15
  get :heartbeat
16
+ get :settings
16
17
  end
17
18
 
18
19
  post "authenticate" => "authentication#authenticate"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: model_driven_api
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.4.0
4
+ version: 2.4.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gabriele Tassoni
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-05-28 00:00:00.000000000 Z
11
+ date: 2022-02-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thecore_backend_commons
@@ -123,7 +123,7 @@ dependencies:
123
123
  - !ruby/object:Gem::Version
124
124
  version: '1.2'
125
125
  description: Ruby on Rails REST APIs built by convention using the DB schema as the
126
- foundation.
126
+ foundation, please see README for mode of use.
127
127
  email:
128
128
  - gabriele.tassoni@gmail.com
129
129
  executables: []
@@ -135,6 +135,7 @@ files:
135
135
  - Rakefile
136
136
  - app/commands/authenticate_user.rb
137
137
  - app/commands/authorize_api_request.rb
138
+ - app/commands/authorize_machine_2_machine.rb
138
139
  - app/controllers/api/v2/application_controller.rb
139
140
  - app/controllers/api/v2/authentication_controller.rb
140
141
  - app/controllers/api/v2/info_controller.rb