model_driven_api 2.2.7 → 2.2.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +19 -4
- data/app/controllers/api/v2/info_controller.rb +1 -0
- data/lib/model_driven_api/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 14519f57024c689e4c8014a89f9d9a0b1e632080e03b926331e1399eaa91190d
|
4
|
+
data.tar.gz: bb0936097178dd56f187952a2a8790952b940fbce2c609577c5854e97fca266b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fbabff68ac85c2f8fd1da033419f7b24c3747b39c26ead781ce0626586d300e15ecd8ca7f7144922b0e2539ea2c938523c9e688fb400154d7619b3ef78a7fbb1
|
7
|
+
data.tar.gz: db518714c92aa0208aac7977f388a45e21afada104a612c16c52d1e4c2bce3aec206fbc024e3e3db2efbd72e4e93a8839bab050cb0ac8e8bd54474689350e715
|
data/README.md
CHANGED
@@ -12,6 +12,12 @@ To have a comprehensive and meaningful API right out of the box by just creating
|
|
12
12
|
Yes, this is the second version of such an effort and you can note it from the api calls, which are all under the ```/api/v2``` namespace the [/api/v1](https://github.com/gabrieletassoni/thecore_api) one, was were it all started, many ideas are ported from there, such as the generation of the automatic model based crud actions, as well as custom actions definitions and all the things that make also this gem useful for my daily job were already in place, but it was too coupled with [thecore](https://github.com/gabrieletassoni/thecore)'s [rails_admin](https://github.com/sferik/rails_admin) UI, making it impossible to create a complete UI-less, API only application, out of the box and directly based of the DB schema, with all the bells and whistles I needed (mainly self adapting, data and schema driven API functionalities).
|
13
13
|
So it all began again, making a better thecore_api gem into this model_driven_api gem, more polished, more functional and self contained.
|
14
14
|
|
15
|
+
## What has changed
|
16
|
+
|
17
|
+
* Replace v1 with **v2** in the url
|
18
|
+
* **Custom actions** defined in model's concerns now are triggered by a do querystring, for example: ```/api/v2/:model?do=custom_action``` or ```/api/v2/:model/:id?do=custom_action```
|
19
|
+
* Searches using Ransack can be done either by GET or POST, but POST is preferred.
|
20
|
+
|
15
21
|
# Standards Used
|
16
22
|
|
17
23
|
* [JWT](https://github.com/jwt/ruby-jwt) for authentication.
|
@@ -71,7 +77,17 @@ with a POST body like the one below:
|
|
71
77
|
```
|
72
78
|
|
73
79
|
This action will return in the header a *Token* you can use for the following requests.
|
74
|
-
Bear in mind that the *Token* will expire within 15 minutes and that at each succesful request a new token is returned using the same *Token* header, so, at each interaction between client server, just making an authenticated and succesful request, will give you back a way of continuing to make authenticated requests without the extra overhead of an authentication for each one and without having to keep long expiry times for the *Token*.
|
80
|
+
Bear in mind that the *Token* will expire within 15 minutes and that at each succesful request a new token is returned using the same *Token* header, so, at each interaction between client server, just making an authenticated and succesful request, will give you back a way of continuing to make **authenticated requests** without the extra overhead of an authentication for each one and without having to keep long expiry times for the *Token*.
|
81
|
+
|
82
|
+
Keep in mind that the Token, if decoded, bears the information about the expiration time as part of the payload.
|
83
|
+
|
84
|
+
#### Authenticated Requests
|
85
|
+
|
86
|
+
Once the JWT has been retrieved, the **Authenticated Request**s must use it in a header of Bearer Type like this one:
|
87
|
+
|
88
|
+
```
|
89
|
+
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1OTA3NzQyMzR9.Z-1yECp55VD560UcB7gIhgVWJNjn8HUerG5s4TVSRko
|
90
|
+
```
|
75
91
|
|
76
92
|
### Info API
|
77
93
|
|
@@ -188,15 +204,14 @@ The *methods* key will list the **custom actions** that can be used in addition
|
|
188
204
|
## Testing
|
189
205
|
|
190
206
|
If you want to manually test the API using [Insomnia](https://insomnia.rest/) you can find the chained request in Insomnia v4 json format inside the **test/insomnia** folder.
|
191
|
-
|
207
|
+
Once loaded the tests inside the insomnia application, please right click on the folder, then in the menu select *</> Environment* and change ```base_url```, ```email``` and ```password``` as needed to set them for all the subsequent actions.
|
192
208
|
|
193
209
|
## TODO
|
194
210
|
|
195
211
|
* Integrate a settings gem
|
196
|
-
* Add DSL for users and roles
|
197
212
|
|
198
213
|
## References
|
199
|
-
|
214
|
+
Thanks to all these people for ideas:
|
200
215
|
|
201
216
|
* [Billy Cheng](https://medium.com/@billy.sf.cheng/a-rails-6-application-part-1-api-1ee5ccf7ed01) For a way to have a nice and clean implementation of the JWT on top of Devise.
|
202
217
|
* [Daniel](https://medium.com/@tdaniel/passing-refreshed-jwts-from-rails-api-using-headers-859f1cfe88e9) For a smart way to manage token expiration.
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: model_driven_api
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.2.
|
4
|
+
version: 2.2.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Gabriele Tassoni
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-06-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thecore_backend_commons
|