n_base_rails 0.1.1

data/lib/public/swagger/v1/app.html

@@ -0,0 +1,19 @@
+<!-- HTML for static distribution bundle build -->
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8">
+    <title>Swagger UI</title>
+    <link rel="stylesheet" type="text/css" href="../swagger-ui.css" />
+    <link rel="stylesheet" type="text/css" href="../index.css" />
+    <link rel="icon" type="image/png" href="../favicon-32x32.png" sizes="32x32" />
+    <link rel="icon" type="image/png" href="../favicon-16x16.png" sizes="16x16" />
+  </head>
+
+  <body>
+    <div id="swagger-ui"></div>
+    <script src="../swagger-ui-bundle.js" charset="UTF-8"> </script>
+    <script src="../swagger-ui-standalone-preset.js" charset="UTF-8"> </script>
+    <script src="./swagger-initializer.js" charset="UTF-8"> </script>
+  </body>
+</html>

data/lib/public/swagger/v1/swagger-initializer.js

@@ -0,0 +1,25 @@
+window.onload = function() {
+  //<editor-fold desc="Changeable Configuration Block">
+
+  // the following lines will be replaced by docker/configurator, when it runs in a docker-container
+  window.ui = SwaggerUIBundle({
+    url: "/docs/api/v1/paths/index.yaml",
+    dom_id: '#swagger-ui',
+    deepLinking: true,
+    presets: [
+      SwaggerUIBundle.presets.apis,
+      SwaggerUIStandalonePreset
+    ],
+    plugins: [
+      SwaggerUIBundle.plugins.DownloadUrl
+    ],
+    layout: "StandaloneLayout",
+    requestInterceptor: (req) => {
+
+      req.headers["Authorization"] = "Bearer " + req.headers["Authorization"]
+      return req
+    }
+  });
+
+  //</editor-fold>
+};

data/lib/serializers/action_not_allowed_serializer.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class ActionNotAllowedSerializer
+  def initialize(error)
+    @error = error
+  end
+
+  def serialize
+    {
+      success: false,
+      errors: [I18n.t(:not_allowed, scope: %i[errors action])]
+    }
+  end
+
+  private
+
+  attr_reader :error
+end

data/lib/serializers/api/admin/base_serializer.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+class Api::Admin::BaseSerializer < ActiveModel::Serializer
+  def initialize(object, options = {})
+    @type = options[:type]
+    super(object, options)
+  end
+
+  def attributes(*args)
+    field_custom = "Api::Admin::#{object.class}Serializer".constantize::FIELD_CUSTOM
+
+    super.slice(*field_custom[@type] || super.keys)
+  end
+end

data/lib/serializers/api/admin/hash_serializer.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+class Api::Admin::HashSerializer
+  attr_reader :object, :root
+
+  def initialize(object, args = {})
+    @object = object
+    @root = args[:root]
+  end
+
+  def to_hash
+    root ? {root_key => object.to_h} : object.to_h
+  end
+
+  private
+
+  def root_key
+    return :data if root == true
+
+    root.to_sym if root.is_a?(String) || root.is_a?(Symbol)
+  end
+end

data/lib/serializers/api/admin/user_serializer.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class Api::Admin::UserSerializer < Api::Admin::BaseSerializer
+  attributes :id, :email, :created_at
+
+  FIELD_CUSTOM = {
+    user_list: %i[id email]
+  }.freeze
+end

data/lib/serializers/api/v1/base_serializer.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+class Api::V1::BaseSerializer < ActiveModel::Serializer
+  def initialize(object, options = {})
+    @type = options[:type]
+    super(object, options)
+  end
+
+  def attributes(*args)
+    field_custom = "Api::V1::#{object.class}Serializer".constantize::FIELD_CUSTOM
+
+    super.slice(*field_custom[@type] || super.keys)
+  end
+end

data/lib/serializers/api/v1/hash_serializer.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+class Api::V1::HashSerializer
+  attr_reader :object, :root
+
+  def initialize(object, args = {})
+    @object = object
+    @root = args[:root]
+  end
+
+  def to_hash
+    root ? {root_key => object.to_h} : object.to_h
+  end
+
+  private
+
+  def root_key
+    return :data if root == true
+
+    root.to_sym if root.is_a?(String) || root.is_a?(Symbol)
+  end
+end

data/lib/serializers/api/v1/user_serializer.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class Api::V1::UserSerializer < Api::V1::BaseSerializer
+  attributes :id, :email, :created_at
+
+  FIELD_CUSTOM = {
+    user_details: %i[id email]
+  }.freeze
+end

data/lib/serializers/record_not_found_serializer.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+class RecordNotFoundSerializer
+  def initialize(error)
+    @error = error
+    @resource = error.model.underscore
+  end
+
+  def serialize
+    {
+      success: false,
+      errors: [
+        {
+          resource: resource,
+          field: nil
+        }.merge(details)
+      ]
+    }
+  end
+
+  private
+
+  attr_reader :error, :resource
+
+  def details
+    I18n.t :not_found, scope: %i[errors active_record]
+  end
+end

data/lib/serializers/validation_error_serializer.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+class ValidationErrorSerializer
+  def initialize(record, field, details, message)
+    @record = record
+    @field = field
+    @details = details
+    @message = message
+  end
+
+  def serialize
+    {
+      resource: resource,
+      field: field,
+      code: code,
+      message: message
+    }
+  end
+
+  private
+
+  attr_reader :record, :message
+
+  def resource
+    I18n.t underscored_resource_name,
+           scope: %i[errors resources],
+           default: underscored_resource_name
+  end
+
+  def field
+    I18n.t @field,
+           scope: [:errors, :fields, underscored_resource_name],
+           default: @field.to_s
+  end
+
+  def code
+    I18n.t @details[:error],
+           scope: %i[errors code],
+           default: @details[:error].to_s
+  end
+
+  def underscored_resource_name
+    record.class.to_s.gsub("::", "").underscore
+  end
+end

data/lib/services/api/admin/generate_access_token_service.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+class Api::Admin::GenerateAccessTokenService
+  def initialize(args)
+    @resource = args[:resource]
+    @refresh_token = args[:refresh_token]
+    @device_id = args[:device_id]
+  end
+
+  def execute
+    {
+      access_token: JsonWebToken.encode(payload),
+      refresh_token: refresh_token,
+      "#{resource.class.name.downcase}": {
+        id: resource.id,
+        email: resource.email
+      }
+    }
+  end
+
+  private
+
+  attr_reader :resource, :refresh_token, :device_id
+
+  def payload
+    {
+      id: resource.id,
+      email: resource.email,
+      resource_type: resource.class.name,
+      device_id: device_id,
+      exp: (Time.current + Settings.admin.authenticate.access_token.exp.hours).to_i
+    }
+  end
+end

data/lib/services/api/admin/generate_refresh_token_service.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+class Api::Admin::GenerateRefreshTokenService
+  def initialize(device)
+    @device = device
+  end
+
+  def execute
+    device.refresh_token = Device.digest_token
+    device.save!
+    JsonWebToken.encode(payload)
+  end
+
+  private
+
+  attr_reader :device
+
+  def payload
+    {
+      refresh_token: device.refresh_token,
+      exp: (Time.current + Settings.admin.authenticate.refresh_token.exp.days).to_i
+    }
+  end
+end

data/lib/services/api/authorize_request_service.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+class Api::AuthorizeRequestService
+  def initialize(args)
+    @authorization_header = args[:authorization_header]
+    @resource_class = args[:resource_type].to_s.classify
+  end
+
+  def perform
+    authorize_request!
+    verify_author_resource
+    author_resource
+  end
+
+  private
+
+  attr_reader :authorization_header, :resource_class, :decoded_access_token, :author_resource
+
+  def authorize_request!
+    access_token = authorization_header.split.last
+    @decoded_access_token = JsonWebToken.decode(access_token)
+    raise JWT::DecodeError unless decoded_access_token[:resource_type] == resource_class
+  end
+
+  def verify_author_resource
+    @author_resource = Class.const_get(resource_class).find_by id: decoded_access_token[:id]
+    raise JWT::DecodeError unless author_resource
+
+    raise JWT::DecodeError unless valid_device?
+  end
+
+  def valid_device?
+    author_resource.devices.find_by(id: decoded_access_token[:device_id])
+  end
+end

data/lib/services/api/v1/generate_access_token_service.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+class Api::V1::GenerateAccessTokenService
+  def initialize(args)
+    @resource = args[:resource]
+    @refresh_token = args[:refresh_token]
+    @device_id = args[:device_id]
+  end
+
+  def execute
+    {
+      access_token: JsonWebToken.encode(payload),
+      refresh_token: refresh_token,
+      "#{resource.class.name.downcase}": {
+        id: resource.id,
+        email: resource.email
+      }
+    }
+  end
+
+  private
+
+  attr_reader :resource, :refresh_token, :device_id
+
+  def payload
+    {
+      id: resource.id,
+      email: resource.email,
+      resource_type: resource.class.name,
+      device_id: device_id,
+      exp: (Time.current + Settings.user.authenticate.access_token.exp.hours).to_i
+    }
+  end
+end

data/lib/services/api/v1/generate_refresh_token_service.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+class Api::V1::GenerateRefreshTokenService
+  def initialize(device)
+    @device = device
+  end
+
+  def execute
+    device.refresh_token = Device.digest_token
+    device.save!
+    JsonWebToken.encode(payload)
+  end
+
+  private
+
+  attr_reader :device
+
+  def payload
+    {
+      refresh_token: device.refresh_token,
+      exp: (Time.current + Settings.user.authenticate.refresh_token.exp.days).to_i
+    }
+  end
+end

data/lib/spec/controllers/api/admin/sessions_controller_spec.rb

@@ -0,0 +1,125 @@
+# frozen_string_literal: true
+
+require "rails_helper"
+
+RSpec.describe Api::Admin::SessionsController, type: :request do
+  describe "POST #create" do
+    let!(:admin) {create :admin, email: "emailtest@gmail.com", password: "Aa@123456"}
+    let(:params) do
+      {
+        admin: {
+          email: "emailtest@gmail.com",
+          password: "Aa@123456"
+        }
+      }
+    end
+
+    before do
+      post api_admin_sign_in_path, params: params
+    end
+
+    context "when login success" do
+      it "should return status 200" do
+        expect(response.status).to eq 200
+        expect(json_response["success"]).to eq true
+        expect(json_response["data"]["access_token"].present?).to eq true
+        expect(json_response["data"]["refresh_token"].present?).to eq true
+        expect(json_response["data"]["admin"]["id"]).to eq admin.id
+        expect(json_response["data"]["admin"]["email"]).to eq "emailtest@gmail.com"
+        expect(admin.reload.devices.present?).to eq true
+      end
+    end
+
+    context "when invalid email or password" do
+      let(:params) do
+        {
+          admin: {
+            email: "emailtest@gmail.com",
+            password: "Aa@123456bb"
+          }
+        }
+      end
+
+      it "should return status 400" do
+        expect(response.status).to eq 400
+        expect(json_response["success"]).to eq false
+        expect(json_response["errors"][0]["code"]).to eq 1203
+        expect(json_response["errors"][0]["message"]).to eq "Invalid email or password"
+      end
+    end
+  end
+
+  describe "POST #refresh" do
+    let(:admin) {create :admin}
+    let!(:device) {create :device, resourceable: admin}
+
+    let(:params) do
+      {
+        refresh_token: Api::V1::GenerateRefreshTokenService.new(device).execute
+      }
+    end
+
+    before do
+      post api_admin_refresh_path, params: params
+    end
+
+    context "when refresh token success" do
+      it "should return status 200" do
+        expect(response.status).to eq 200
+        expect(json_response["success"]).to eq true
+        expect(json_response["data"]["access_token"].present?).to eq true
+        expect(json_response["data"]["refresh_token"].present?).to eq true
+        expect(json_response["data"]["admin"]["id"]).to eq admin.id
+        expect(json_response["data"]["admin"]["email"]).to eq admin.email
+      end
+    end
+
+    context "when refresh token not correct" do
+      let(:params) do
+        {
+          refresh_token: JsonWebToken.encode({refresh_token: "not_correct"})
+        }
+      end
+
+      it "should return status 401" do
+        expect(response.status).to eq 401
+        expect(json_response["success"]).to eq false
+        expect(json_response["errors"][0]["code"]).to eq 1204
+        expect(json_response["errors"][0]["message"]).to eq "Invalid Token"
+      end
+    end
+
+    context "when refresh token expired" do
+      let(:params) do
+        {
+          refresh_token: JsonWebToken.encode({exp: (Time.current - 1.hour).to_i})
+        }
+      end
+
+      it "should return status 401" do
+        expect(response.status).to eq 401
+        expect(json_response["success"]).to eq false
+        expect(json_response["errors"][0]["code"]).to eq 1205
+        expect(json_response["errors"][0]["message"]).to eq "Token Expired"
+      end
+    end
+  end
+
+  describe "POST #destroy" do
+    include_context "admin_logged_in"
+
+    before do
+      delete api_admin_logout_path, headers: headers
+    end
+
+    context "when logged out success" do
+      it "should return status 200" do
+        expect(response.status).to eq 200
+        expect(json_response["success"]).to eq true
+        expect(admin.devices.blank?).to eq true
+      end
+    end
+
+    include_examples :admin_authentication
+  end
+end

data/lib/spec/controllers/api/admin/users_controller_spec.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require "rails_helper"
+
+RSpec.describe Api::Admin::UsersController, type: :request do
+  describe "GET #index" do
+    include_context "admin_logged_in"
+    let!(:user_1) {create :user}
+    let!(:user_2) {create :user}
+    let!(:user_3) {create :user}
+
+    let(:params) do
+      {
+        page: 1,
+        items: 2
+      }
+    end
+
+    before do
+      get api_admin_users_path, headers: headers, params: params
+    end
+
+    context "when logged out success" do
+      it "should return status 200" do
+        expect(response.status).to eq 200
+        expect(json_response["success"]).to eq true
+        expect(json_response["data"]["users"].size).to eq 2
+        expect(json_response["data"]["users"][0]["id"]).to eq user_1.id
+        expect(json_response["data"]["users"][1]["id"]).to eq user_2.id
+      end
+    end
+
+    include_examples :admin_authentication
+  end
+end

data/lib/spec/controllers/api/v1/sessions_controller_spec.rb

@@ -0,0 +1,125 @@
+# frozen_string_literal: true
+
+require "rails_helper"
+
+RSpec.describe Api::V1::SessionsController, type: :request do
+  describe "POST #create" do
+    let!(:user) {create :user, email: "emailtest@gmail.com", password: "Aa@123456"}
+    let(:params) do
+      {
+        user: {
+          email: "emailtest@gmail.com",
+          password: "Aa@123456"
+        }
+      }
+    end
+
+    before do
+      post api_v1_sign_in_path, params: params
+    end
+
+    context "when login success" do
+      it "should return status 200" do
+        expect(response.status).to eq 200
+        expect(json_response["success"]).to eq true
+        expect(json_response["data"]["access_token"].present?).to eq true
+        expect(json_response["data"]["refresh_token"].present?).to eq true
+        expect(json_response["data"]["user"]["id"]).to eq user.id
+        expect(json_response["data"]["user"]["email"]).to eq "emailtest@gmail.com"
+        expect(user.reload.devices.present?).to eq true
+      end
+    end
+
+    context "when invalid email or password" do
+      let(:params) do
+        {
+          user: {
+            email: "emailtest@gmail.com",
+            password: "Aa@123456bb"
+          }
+        }
+      end
+
+      it "should return status 400" do
+        expect(response.status).to eq 400
+        expect(json_response["success"]).to eq false
+        expect(json_response["errors"][0]["code"]).to eq 1203
+        expect(json_response["errors"][0]["message"]).to eq "Invalid email or password"
+      end
+    end
+  end
+
+  describe "POST #refresh" do
+    let(:user) {create :user}
+    let!(:device) {create :device, resourceable: user}
+
+    let(:params) do
+      {
+        refresh_token: Api::V1::GenerateRefreshTokenService.new(device).execute
+      }
+    end
+
+    before do
+      post api_v1_refresh_path, params: params
+    end
+
+    context "when refresh token success" do
+      it "should return status 200" do
+        expect(response.status).to eq 200
+        expect(json_response["success"]).to eq true
+        expect(json_response["data"]["access_token"].present?).to eq true
+        expect(json_response["data"]["refresh_token"].present?).to eq true
+        expect(json_response["data"]["user"]["id"]).to eq user.id
+        expect(json_response["data"]["user"]["email"]).to eq user.email
+      end
+    end
+
+    context "when refresh token not correct" do
+      let(:params) do
+        {
+          refresh_token: JsonWebToken.encode({refresh_token: "not_correct"})
+        }
+      end
+
+      it "should return status 401" do
+        expect(response.status).to eq 401
+        expect(json_response["success"]).to eq false
+        expect(json_response["errors"][0]["code"]).to eq 1204
+        expect(json_response["errors"][0]["message"]).to eq "Invalid Token"
+      end
+    end
+
+    context "when refresh token expired" do
+      let(:params) do
+        {
+          refresh_token: JsonWebToken.encode({exp: (Time.current - 1.hour).to_i})
+        }
+      end
+
+      it "should return status 401" do
+        expect(response.status).to eq 401
+        expect(json_response["success"]).to eq false
+        expect(json_response["errors"][0]["code"]).to eq 1205
+        expect(json_response["errors"][0]["message"]).to eq "Token Expired"
+      end
+    end
+  end
+
+  describe "POST #destroy" do
+    include_context "user_logged_in"
+
+    before do
+      delete api_v1_logout_path, headers: headers
+    end
+
+    context "when logged out success" do
+      it "should return status 200" do
+        expect(response.status).to eq 200
+        expect(json_response["success"]).to eq true
+        expect(user.devices.blank?).to eq true
+      end
+    end
+
+    include_examples :user_authentication
+  end
+end