model_driven_api 2.2.7 → 2.2.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6853bdb01eee7e8b2918c95bfcd73f01ad7ff31d68f532f4720a1ce2d4b1d6fc
-  data.tar.gz: 392a02744fe900c53df5541e2cbf77803959c2d3ffc2336905602ec2eab25e26
+  metadata.gz: 14519f57024c689e4c8014a89f9d9a0b1e632080e03b926331e1399eaa91190d
+  data.tar.gz: bb0936097178dd56f187952a2a8790952b940fbce2c609577c5854e97fca266b
 SHA512:
-  metadata.gz: 4189b03c5961b5b8f6798b37e2c339f5017e1492d8bc5117f9c124796cb10209b2ef3c22fc021de88cb33bd02105c0c8f523212b8f3f1ad8199c963ab9275d87
-  data.tar.gz: 870fa5fc5078602a2982e611728aab2057acb7bc4dbe5a81e052fe4c50ec6e6c9f2cfb330592499e07aff05e9b4e8dcd9cbdcae4f30af42c383dfa5907ce5c84
+  metadata.gz: fbabff68ac85c2f8fd1da033419f7b24c3747b39c26ead781ce0626586d300e15ecd8ca7f7144922b0e2539ea2c938523c9e688fb400154d7619b3ef78a7fbb1
+  data.tar.gz: db518714c92aa0208aac7977f388a45e21afada104a612c16c52d1e4c2bce3aec206fbc024e3e3db2efbd72e4e93a8839bab050cb0ac8e8bd54474689350e715

data/README.md

@@ -12,6 +12,12 @@ To have a comprehensive and meaningful API right out of the box by just creating
 Yes, this is the second version of such an effort and you can note it from the api calls, which are all under the ```/api/v2``` namespace the [/api/v1](https://github.com/gabrieletassoni/thecore_api) one, was were it all started, many ideas are ported from there, such as the generation of the automatic model based crud actions, as well as custom actions definitions and all the things that make also this gem useful for my daily job were already in place, but it was too coupled with [thecore](https://github.com/gabrieletassoni/thecore)'s [rails_admin](https://github.com/sferik/rails_admin) UI, making it impossible to create a complete UI-less, API only application, out of the box and directly based of the DB schema, with all the bells and whistles I needed (mainly self adapting, data and schema driven API functionalities).
 So it all began again, making a better thecore_api gem into this model_driven_api gem, more polished, more functional and self contained.
 
+## What has changed
+
+* Replace v1 with **v2** in the url
+* **Custom actions** defined in model's concerns now are triggered by a do querystring, for example: ```/api/v2/:model?do=custom_action``` or ```/api/v2/:model/:id?do=custom_action```
+* Searches using Ransack can be done either by GET or POST, but POST is preferred.
+
 # Standards Used
 
 * [JWT](https://github.com/jwt/ruby-jwt) for authentication.
@@ -71,7 +77,17 @@ with a POST body like the one below:
 ```
 
 This action will return in the header a *Token* you can use for the following requests.
-Bear in mind that the *Token* will expire within 15 minutes and that at each succesful request a new token is returned using the same *Token* header, so, at each interaction between client server, just making an authenticated and succesful request, will give you back a way of continuing to make authenticated requests without the extra overhead of an authentication for each one and without having to keep long expiry times for the *Token*.
+Bear in mind that the *Token* will expire within 15 minutes and that at each succesful request a new token is returned using the same *Token* header, so, at each interaction between client server, just making an authenticated and succesful request, will give you back a way of continuing to make **authenticated requests** without the extra overhead of an authentication for each one and without having to keep long expiry times for the *Token*.
+
+Keep in mind that the Token, if decoded, bears the information about the expiration time as part of the payload.
+
+#### Authenticated Requests
+
+Once the JWT has been retrieved, the **Authenticated Request**s must use it in a header of Bearer Type like this one:
+
+```
+Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1OTA3NzQyMzR9.Z-1yECp55VD560UcB7gIhgVWJNjn8HUerG5s4TVSRko
+```
 
 ### Info API
 
@@ -188,15 +204,14 @@ The *methods* key will list the **custom actions** that can be used in addition
 ## Testing
 
 If you want to manually test the API using [Insomnia](https://insomnia.rest/) you can find the chained request in Insomnia v4 json format inside the **test/insomnia** folder.
-In the next few days, I'll publish also the rspec tests.
+Once loaded the tests inside the insomnia application, please right click on the folder, then in the menu select *</> Environment* and change ```base_url```, ```email``` and ```password``` as needed to set them for all the subsequent actions.
 
 ## TODO
 
 * Integrate a settings gem
-* Add DSL for users and roles
 
 ## References
-THanks to all these people for ideas:
+Thanks to all these people for ideas:
 
 * [Billy Cheng](https://medium.com/@billy.sf.cheng/a-rails-6-application-part-1-api-1ee5ccf7ed01) For a way to have a nice and clean implementation of the JWT on top of Devise.
 * [Daniel](https://medium.com/@tdaniel/passing-refreshed-jwts-from-rails-api-using-headers-859f1cfe88e9) For a smart way to manage token expiration.

data/app/controllers/api/v2/info_controller.rb

@@ -1,3 +1,4 @@
+require 'model_driven_api/version'
 class Api::V2::InfoController < Api::V2::ApplicationController
   # Info uses a different auth method: username and password
   skip_before_action :authenticate_request, only: [:version], raise: false

data/lib/model_driven_api/version.rb

@@ -1,3 +1,3 @@
 module ModelDrivenApi
-  VERSION = '2.2.7'
+  VERSION = '2.2.8'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: model_driven_api
 version: !ruby/object:Gem::Version
-  version: 2.2.7
+  version: 2.2.8
 platform: ruby
 authors:
 - Gabriele Tassoni
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-29 00:00:00.000000000 Z
+date: 2020-06-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thecore_backend_commons