model_driven_api 2.4.0 → 2.4.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 83d29c7872f8a719a67efea2d255348bf1d45b59cfed6729a8eba63cd58a3679
-  data.tar.gz: 0d351060548decf558e0d7332ca4c580729070d80ddfd94c7656da1cb45e815f
+  metadata.gz: fe7f4f3089407a7bdb2a1f4174c9c134599fbe2a3ffd7c4bd1fa8d45424fabfe
+  data.tar.gz: 1a863a98f07a3311782c8b6d4c8123ba6318ffa1476a056f35ed62fd75b25f3c
 SHA512:
-  metadata.gz: fd8488a506791ee0394b4f148c8df23a47728603cc9e56ed2de894ff74cd8ed3bb701e3077c9ba2c512cb83478373448c7d34552eefd5995f64c1a5fcd43ad40
-  data.tar.gz: 7afcfeb678f4c9d7609468e8e8fad1c5b59a54c41164c2598e201409cd49024be8d6b5f2dea08d1e58778d1905f410f1a826cea278b9b3e251ab850d853690ca
+  metadata.gz: 79cf4fd763c17311165ada17fa4067f9151914e62aaa494eb9661dfbe5c41a7d2248c92caf1803518c430eba6d1dd77692a4148db3a18b681618775a51151f59
+  data.tar.gz: 38b734d317dbb08b3b7bfce009b5636e38d1647cfd3bf40dea78703dfec89356fe09bcdbd2013a096b4c06a9456c10a9bc5419b512d125a757d1e588e77fab52

data/README.md

@@ -140,6 +140,14 @@ Once the JWT has been retrieved, the **Authenticated Request**s must use it in a
 
 ```
 Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1OTA3NzQyMzR9.Z-1yECp55VD560UcB7gIhgVWJNjn8HUerG5s4TVSRko
+```
+
+ #### Token Refresh
+ 
+If issued during the token validity period, this will just return a new JWT to be used during following API request.
+
+```bash
+:GET http://localhost:3000/api/v2/info/heartbeat
 ```
 
 ### CRUD Actions
@@ -299,7 +307,7 @@ Something like this can be retrieved:
 By issuing this GET request:
 
 ```bash
-GET http://localhost:3000/api/v2/info/roles
+GET http://localhost:3000/api/v2/info/schema
 ```
 
 You will get something like:

data/app/commands/authenticate_user.rb

@@ -22,7 +22,7 @@ class AuthenticateUser
             # The token is created and the api_user exists => Invalidating all the previous tokens
             # Since this is a new login and I don't care from where it comes, new logins always
             # Invalidate older tokens
-            UsedToken.where(user_id: api_user.id).update(is_valid: false) if ENV["ALLOW_MULTISESSIONS"] == "false"
+            UsedToken.where(user_id: current_u.id).update(is_valid: false) if ENV["ALLOW_MULTISESSIONS"] == "false"
             return {jwt: result, user: current_u}
         end
         nil
@@ -36,7 +36,7 @@ class AuthenticateUser
         if !email.blank? && !password.blank?
             user = User.find_by(email: email)
             # Verify the password.
-            raise AccessDenied if user.blank? && user.authenticate(password).blank?
+            user = nil if user.blank? || user.authenticate(password).blank?
         elsif !access_token.blank?
             user = User.find_by(access_token: access_token)
         end

data/app/commands/authorize_machine_2_machine.rb

@@ -0,0 +1,31 @@
+class AuthorizeMachine2Machine
+    prepend SimpleCommand
+    
+    def initialize(headers = {})
+        @headers = headers
+    end
+    
+    def call
+        api_user
+    end
+    
+    private
+    
+    attr_reader :headers
+    
+    def api_user
+        token = http_auth_header
+        user = User.find_by(access_token: token) unless token.blank?
+        @api_user = user if user
+        @api_user || errors.add(:token, "Invalid token") && nil
+    end
+    
+    def http_auth_header
+        if headers['Authorization'].present?
+            return headers['Authorization'].split(' ').last
+        else
+            errors.add(:token, "Missing token")
+        end
+        nil
+    end
+end

data/app/controllers/api/v2/application_controller.rb

@@ -84,7 +84,8 @@ class Api::V2::ApplicationController < ActionController::API
         return render json: result, status: 200 if status == true
 
         # Normal Update Action
-        @record.update_attributes!(@body)
+        # Raisl 6 vs Rails 6.1
+        @record.respond_to?('update_attributes!') ? @record.update_attributes!(@body) : @record.update!(@body)
         render json: @record.to_json(json_attrs), status: 200
     end
     
@@ -130,8 +131,8 @@ class Api::V2::ApplicationController < ActionController::API
     def authenticate_request
         @current_user = nil
         Settings.ns(:security).allowed_authorization_headers.split(",").each do |header|
-            # puts "Found header #{header}: #{request.headers[header.underscore.dasherize]}" 
-            check_authorization("Authorize#{header}".constantize.call(request.headers, request.raw_post)) if request.headers[header.underscore.dasherize]
+            # puts "Found header #{header}: #{request.headers[header]}" 
+            check_authorization("Authorize#{header}".constantize.call(request.headers)) # if request.headers[header]
         end
         
         check_authorization AuthorizeApiRequest.call(request.headers) unless @current_user

data/app/controllers/api/v2/info_controller.rb

@@ -73,4 +73,9 @@ class Api::V2::InfoController < Api::V2::ApplicationController
     end
     render json: pivot.to_json, status: 200
   end
+
+  def settings
+    render json: ThecoreSettings::Setting.pluck(:ns, :key, :raw).inject({}){|result, array| (result[array.first] ||= {})[array.second] = array.third; result }.to_json, status: 200
+  end
+
 end

data/config/routes.rb

@@ -13,6 +13,7 @@ Rails.application.routes.draw do
                 get :schema
                 get :dsl
                 get :heartbeat
+                get :settings
             end
 
             post "authenticate" => "authentication#authenticate"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: model_driven_api
 version: !ruby/object:Gem::Version
-  version: 2.4.0
+  version: 2.4.4
 platform: ruby
 authors:
 - Gabriele Tassoni
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-05-28 00:00:00.000000000 Z
+date: 2022-02-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thecore_backend_commons
@@ -123,7 +123,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.2'
 description: Ruby on Rails REST APIs built by convention using the DB schema as the
-  foundation.
+  foundation, please see README for mode of use.
 email:
 - gabriele.tassoni@gmail.com
 executables: []
@@ -135,6 +135,7 @@ files:
 - Rakefile
 - app/commands/authenticate_user.rb
 - app/commands/authorize_api_request.rb
+- app/commands/authorize_machine_2_machine.rb
 - app/controllers/api/v2/application_controller.rb
 - app/controllers/api/v2/authentication_controller.rb
 - app/controllers/api/v2/info_controller.rb