model_driven_api 2.4.1 → 2.4.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +9 -1
- data/app/commands/authenticate_user.rb +2 -2
- data/app/commands/authorize_machine_2_machine.rb +31 -0
- data/app/controllers/api/v2/application_controller.rb +15 -14
- data/app/controllers/api/v2/info_controller.rb +5 -0
- data/config/routes.rb +1 -0
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1ed6351d23e6db1dca7d4fffe1ac0e532d12492c404cdf37763afd644fc5cca5
|
|
4
|
+
data.tar.gz: 3003182226f97c82f510c5b5e3b38a78cd851eab30378035cb939afdc94a863c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 56ab41d307daf87674df375320d361d525bb941367dd7be9f95b3f9f0568f4ff91b243215720ba1e13fcb46130ce6dd2a60b780ca50700c97ec92ed87d0d6e8a
|
|
7
|
+
data.tar.gz: 2d4cbb4267a876d13ddd5f18a6bf89a794afccdb0cbc418c4080a5adf3716a80e9a9346529a80f0f18b78e9623cf1b0c3e06db5c2b61069c4618b8ace6cdab96
|
data/README.md
CHANGED
|
@@ -140,6 +140,14 @@ Once the JWT has been retrieved, the **Authenticated Request**s must use it in a
|
|
|
140
140
|
|
|
141
141
|
```
|
|
142
142
|
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1OTA3NzQyMzR9.Z-1yECp55VD560UcB7gIhgVWJNjn8HUerG5s4TVSRko
|
|
143
|
+
```
|
|
144
|
+
|
|
145
|
+
#### Token Refresh
|
|
146
|
+
|
|
147
|
+
If issued during the token validity period, this will just return a new JWT to be used during following API request.
|
|
148
|
+
|
|
149
|
+
```bash
|
|
150
|
+
:GET http://localhost:3000/api/v2/info/heartbeat
|
|
143
151
|
```
|
|
144
152
|
|
|
145
153
|
### CRUD Actions
|
|
@@ -299,7 +307,7 @@ Something like this can be retrieved:
|
|
|
299
307
|
By issuing this GET request:
|
|
300
308
|
|
|
301
309
|
```bash
|
|
302
|
-
GET http://localhost:3000/api/v2/info/
|
|
310
|
+
GET http://localhost:3000/api/v2/info/schema
|
|
303
311
|
```
|
|
304
312
|
|
|
305
313
|
You will get something like:
|
|
@@ -22,7 +22,7 @@ class AuthenticateUser
|
|
|
22
22
|
# The token is created and the api_user exists => Invalidating all the previous tokens
|
|
23
23
|
# Since this is a new login and I don't care from where it comes, new logins always
|
|
24
24
|
# Invalidate older tokens
|
|
25
|
-
UsedToken.where(user_id:
|
|
25
|
+
UsedToken.where(user_id: current_u.id).update(is_valid: false) if ENV["ALLOW_MULTISESSIONS"] == "false"
|
|
26
26
|
return {jwt: result, user: current_u}
|
|
27
27
|
end
|
|
28
28
|
nil
|
|
@@ -36,7 +36,7 @@ class AuthenticateUser
|
|
|
36
36
|
if !email.blank? && !password.blank?
|
|
37
37
|
user = User.find_by(email: email)
|
|
38
38
|
# Verify the password.
|
|
39
|
-
|
|
39
|
+
user = nil if user.blank? || user.authenticate(password).blank?
|
|
40
40
|
elsif !access_token.blank?
|
|
41
41
|
user = User.find_by(access_token: access_token)
|
|
42
42
|
end
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
class AuthorizeMachine2Machine
|
|
2
|
+
prepend SimpleCommand
|
|
3
|
+
|
|
4
|
+
def initialize(headers = {})
|
|
5
|
+
@headers = headers
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def call
|
|
9
|
+
api_user
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
private
|
|
13
|
+
|
|
14
|
+
attr_reader :headers
|
|
15
|
+
|
|
16
|
+
def api_user
|
|
17
|
+
token = http_auth_header
|
|
18
|
+
user = User.find_by(access_token: token) unless token.blank?
|
|
19
|
+
@api_user = user if user
|
|
20
|
+
@api_user || errors.add(:token, "Invalid token") && nil
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def http_auth_header
|
|
24
|
+
if headers['Authorization'].present?
|
|
25
|
+
return headers['Authorization'].split(' ').last
|
|
26
|
+
else
|
|
27
|
+
errors.add(:token, "Missing token")
|
|
28
|
+
end
|
|
29
|
+
nil
|
|
30
|
+
end
|
|
31
|
+
end
|
|
@@ -16,8 +16,8 @@ class Api::V2::ApplicationController < ActionController::API
|
|
|
16
16
|
authorize! :index, @model
|
|
17
17
|
|
|
18
18
|
# Custom Action
|
|
19
|
-
status, result = check_for_custom_action
|
|
20
|
-
return render json: result, status: 200 if status == true
|
|
19
|
+
status, result, status_number = check_for_custom_action
|
|
20
|
+
return render json: result, status: (status_number.presence || 200) if status == true
|
|
21
21
|
|
|
22
22
|
# Normal Index Action with Ransack querying
|
|
23
23
|
# Keeping this automation can be too dangerous and lead to unpredicted results
|
|
@@ -52,8 +52,8 @@ class Api::V2::ApplicationController < ActionController::API
|
|
|
52
52
|
authorize! :show, @record_id
|
|
53
53
|
|
|
54
54
|
# Custom Show Action
|
|
55
|
-
status, result = check_for_custom_action
|
|
56
|
-
return render json: result, status: 200 if status == true
|
|
55
|
+
status, result, status_number = check_for_custom_action
|
|
56
|
+
return render json: result, status: (status_number.presence || 200) if status == true
|
|
57
57
|
|
|
58
58
|
# Normal Show
|
|
59
59
|
result = @record.to_json(json_attrs)
|
|
@@ -65,8 +65,8 @@ class Api::V2::ApplicationController < ActionController::API
|
|
|
65
65
|
authorize! :create, @record
|
|
66
66
|
|
|
67
67
|
# Custom Action
|
|
68
|
-
status, result = check_for_custom_action
|
|
69
|
-
return render json: result, status: 200 if status == true
|
|
68
|
+
status, result, status_number = check_for_custom_action
|
|
69
|
+
return render json: result, status: (status_number.presence || 200) if status == true
|
|
70
70
|
|
|
71
71
|
# Normal Create Action
|
|
72
72
|
# Keeping this automation can be too dangerous and lead to unpredicted results
|
|
@@ -80,8 +80,8 @@ class Api::V2::ApplicationController < ActionController::API
|
|
|
80
80
|
authorize! :update, @record
|
|
81
81
|
|
|
82
82
|
# Custom Action
|
|
83
|
-
status, result = check_for_custom_action
|
|
84
|
-
return render json: result, status: 200 if status == true
|
|
83
|
+
status, result, status_number = check_for_custom_action
|
|
84
|
+
return render json: result, status: (status_number.presence || 200) if status == true
|
|
85
85
|
|
|
86
86
|
# Normal Update Action
|
|
87
87
|
# Raisl 6 vs Rails 6.1
|
|
@@ -93,8 +93,8 @@ class Api::V2::ApplicationController < ActionController::API
|
|
|
93
93
|
authorize! :destroy, @record
|
|
94
94
|
|
|
95
95
|
# Custom Action
|
|
96
|
-
status, result = check_for_custom_action
|
|
97
|
-
return render json: result, status: 200 if status == true
|
|
96
|
+
status, result, status_number = check_for_custom_action
|
|
97
|
+
return render json: result, status: (status_number.presence || 200) if status == true
|
|
98
98
|
|
|
99
99
|
# Normal Destroy Action
|
|
100
100
|
return api_error(status: 500) unless @record.destroy
|
|
@@ -114,8 +114,9 @@ class Api::V2::ApplicationController < ActionController::API
|
|
|
114
114
|
resource = "custom_action_#{params[:do]}"
|
|
115
115
|
raise NoMethodError unless @model.respond_to?(resource)
|
|
116
116
|
# return true, MultiJson.dump(params[:id].blank? ? @model.send(resource, params) : @model.send(resource, params[:id].to_i, params))
|
|
117
|
-
puts json_attrs
|
|
118
|
-
|
|
117
|
+
# puts json_attrs
|
|
118
|
+
body, status = @model.send(resource, params)
|
|
119
|
+
return true, body.to_json(json_attrs), status
|
|
119
120
|
end
|
|
120
121
|
# if it's here there is no custom action in the request querystring
|
|
121
122
|
return false
|
|
@@ -131,8 +132,8 @@ class Api::V2::ApplicationController < ActionController::API
|
|
|
131
132
|
def authenticate_request
|
|
132
133
|
@current_user = nil
|
|
133
134
|
Settings.ns(:security).allowed_authorization_headers.split(",").each do |header|
|
|
134
|
-
# puts "Found header #{header}: #{request.headers[header
|
|
135
|
-
check_authorization("Authorize#{header}".constantize.call(request.headers
|
|
135
|
+
# puts "Found header #{header}: #{request.headers[header]}"
|
|
136
|
+
check_authorization("Authorize#{header}".constantize.call(request.headers)) # if request.headers[header]
|
|
136
137
|
end
|
|
137
138
|
|
|
138
139
|
check_authorization AuthorizeApiRequest.call(request.headers) unless @current_user
|
|
@@ -73,4 +73,9 @@ class Api::V2::InfoController < Api::V2::ApplicationController
|
|
|
73
73
|
end
|
|
74
74
|
render json: pivot.to_json, status: 200
|
|
75
75
|
end
|
|
76
|
+
|
|
77
|
+
def settings
|
|
78
|
+
render json: ThecoreSettings::Setting.pluck(:ns, :key, :raw).inject({}){|result, array| (result[array.first] ||= {})[array.second] = array.third; result }.to_json, status: 200
|
|
79
|
+
end
|
|
80
|
+
|
|
76
81
|
end
|
data/config/routes.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: model_driven_api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.4.
|
|
4
|
+
version: 2.4.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gabriele Tassoni
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-02-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thecore_backend_commons
|
|
@@ -123,7 +123,7 @@ dependencies:
|
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
124
|
version: '1.2'
|
|
125
125
|
description: Ruby on Rails REST APIs built by convention using the DB schema as the
|
|
126
|
-
foundation.
|
|
126
|
+
foundation, please see README for mode of use.
|
|
127
127
|
email:
|
|
128
128
|
- gabriele.tassoni@gmail.com
|
|
129
129
|
executables: []
|
|
@@ -135,6 +135,7 @@ files:
|
|
|
135
135
|
- Rakefile
|
|
136
136
|
- app/commands/authenticate_user.rb
|
|
137
137
|
- app/commands/authorize_api_request.rb
|
|
138
|
+
- app/commands/authorize_machine_2_machine.rb
|
|
138
139
|
- app/controllers/api/v2/application_controller.rb
|
|
139
140
|
- app/controllers/api/v2/authentication_controller.rb
|
|
140
141
|
- app/controllers/api/v2/info_controller.rb
|