n_base_rails 0.1.1

data/lib/config/locales/errors.en.yml

@@ -0,0 +1,57 @@
+en:
+  errors:
+    code:
+      default: 1000
+      confirmation: 1001 # ActiveRecord Validation 1001 - 1049
+      accepted: 1002
+      blank: 1003
+      present: 1004
+      too_short: 1005
+      too_long: 1006
+      wrong_length: 1007
+      taken: 1008
+      invalid: 1009
+      inclusion: 1010
+      exclusion: 1011
+      required: 1012
+      not_a_number: 1013
+      greater_than: 1014
+      greater_than_or_equal_to: 1015
+      equal_to: 1016
+      less_than: 1017
+      less_than_or_equal_to: 1018
+      other_than: 1019
+      not_an_integer: 1020
+      odd: 1021
+      even: 1022
+    active_record: # Other ActiveRecord errors 1050 - 1199
+      not_unique:
+        code: 1050
+        message: Resource is existing.
+      not_found:
+        code: 1051
+        message: Resourse is not found.
+    params: # Request, Params, Controller, Action errors 1200 - 1299
+      invalid:
+        code: 1200
+        message: Invalid parameters.
+    route:
+      not_found:
+        code: 1299
+        message: Page not found.
+    action:
+      unauthorized:
+        code: 1201
+        message: Please log in.
+      not_allowed:
+        code: 1202
+        message: You are not allow to do this action
+      invalid_email: 
+        code: 1203
+        message: Invalid email or password
+      invalid_token:
+        code: 1204
+        message: Invalid Token
+      token_expired:
+        code: 1205
+        message: Token Expired

data/lib/config/routes.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+Rails.application.routes.draw do
+  namespace :api, format: :json do
+    namespace :v1 do
+      devise_for :users, skip: :all
+      post 'sign_in', to: 'sessions#create'
+      post 'refresh', to: 'sessions#refresh'
+      delete 'logout', to: 'sessions#destroy'
+      
+      resources :users, only: :show
+    end
+
+    namespace :admin, format: :json do
+      devise_for :admins, skip: :all
+      post 'sign_in', to: 'sessions#create'
+      post 'refresh', to: 'sessions#refresh'
+      delete 'logout', to: 'sessions#destroy'
+
+      resources :users, only: :index
+    end
+  end
+
+  get '/app-docs', to: redirect('/swagger/v1/app.html')
+  get '/admin-docs', to: redirect('/swagger/admin/admin.html')
+end

data/lib/config/settings.yml

@@ -0,0 +1,22 @@
+pagy:
+  instances:
+    vars: vars
+  items_default: 30
+  page_default: 1    
+
+authorization:
+  access_token_type: Bearer
+
+user:
+  authenticate:
+    access_token:
+      exp: 4 #hours
+    refresh_token:
+      exp: 30 #days
+
+admin:
+  authenticate:
+    access_token:
+      exp: 4 #hours
+    refresh_token:
+      exp: 30 #days

data/lib/controllers/api/admin/base_controller.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+class Api::Admin::BaseController < ApplicationController
+  attr_reader :current_admin
+end

data/lib/controllers/api/admin/sessions_controller.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+class Api::Admin::SessionsController < Api::Admin::BaseController
+  skip_before_action :authorize_request!, only: %i[create refresh]
+  before_action :authorize_refresh_token_request!, only: :refresh
+
+  def create
+    raise Api::Error::Runtime, :invalid_email unless admin&.valid_password?(params[:admin][:password])
+
+    device = admin.devices.build admin_params.except(:email, :password)
+    refresh_token = Api::Admin::GenerateRefreshTokenService.new(device).execute
+    args = {resource: admin, refresh_token: refresh_token, device_id: device.id}
+
+    render_jsonapi Api::Admin::GenerateAccessTokenService.new(args).execute
+  end
+
+  def destroy
+    current_admin.devices.delete_all
+
+    render_jsonapi({})
+  end
+
+  def refresh
+    refresh_token = Api::Admin::GenerateRefreshTokenService.new(current_device).execute
+    args = {resource: current_device.resourceable, refresh_token: refresh_token, device_id: current_device.id}
+
+    render_jsonapi Api::Admin::GenerateAccessTokenService.new(args).execute
+  end
+
+  private
+
+  def admin
+    @admin ||= Admin.find_by email: params[:admin][:email]
+  end
+
+  def admin_params
+    params.require(:admin).permit(:email, :password, :platform)
+  end
+end

data/lib/controllers/api/admin/users_controller.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class Api::Admin::UsersController < Api::Admin::BaseController
+  def index
+    meta, users = paginate(User.all)
+
+    render_jsonapi users, type: :user_list, meta: meta
+  end
+end

data/lib/controllers/api/v1/base_controller.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+class Api::V1::BaseController < ApplicationController
+  attr_reader :current_user
+end

data/lib/controllers/api/v1/sessions_controller.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+class Api::V1::SessionsController < Api::V1::BaseController
+  skip_before_action :authorize_request!, only: %i[create refresh]
+  before_action :authorize_refresh_token_request!, only: :refresh
+
+  def create
+    raise Api::Error::Runtime, :invalid_email unless user&.valid_password?(params[:user][:password])
+
+    device = user.devices.build user_params.except(:email, :password)
+    refresh_token = Api::V1::GenerateRefreshTokenService.new(device).execute
+    args = {resource: user, refresh_token: refresh_token, device_id: device.id}
+
+    render_jsonapi Api::V1::GenerateAccessTokenService.new(args).execute
+  end
+
+  def destroy
+    current_user.devices.delete_all
+
+    render_jsonapi({})
+  end
+
+  def refresh
+    refresh_token = Api::V1::GenerateRefreshTokenService.new(current_device).execute
+    args = {resource: current_device.resourceable, refresh_token: refresh_token, device_id: current_device.id}
+
+    render_jsonapi Api::V1::GenerateAccessTokenService.new(args).execute
+  end
+
+  private
+
+  def user
+    @user ||= User.find_by email: params[:user][:email]
+  end
+
+  def user_params
+    params.require(:user).permit(:email, :password, :platform)
+  end
+end

data/lib/controllers/api/v1/users_controller.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class Api::V1::UsersController < Api::V1::BaseController
+  def show
+    render_jsonapi current_user, type: :user_details
+  end
+end

data/lib/controllers/application_controller.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+class ApplicationController < ActionController::API
+  include BaseConcern
+
+  before_action :authorize_request!
+
+  private
+
+  attr_reader :current_device
+
+  def authorize_request!
+    resource_type = request.path.split("/")[2] == "admin" ? "admin" : "user"
+    authorization_header = request.headers["Authorization"]
+    instance_variable_set "@current_#{resource_type}",
+                          Api::AuthorizeRequestService.new(
+                            authorization_header: authorization_header,
+                            resource_type: resource_type
+                          ).perform
+  end
+
+  def authorize_refresh_token_request!
+    @current_device = Device.find_by(refresh_token: refresh_token)
+    raise JWT::DecodeError, :refresh_token_invalid unless current_device
+  end
+
+  def refresh_token
+    JsonWebToken.decode(params[:refresh_token])[:refresh_token]
+  end
+end

data/lib/controllers/concerns/base_concern.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module BaseConcern
+  extend ActiveSupport::Concern
+
+  include JsonRenderer
+  include RescueException
+  include Pagination
+end

data/lib/controllers/concerns/json_renderer.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+module JsonRenderer
+  extend ActiveSupport::Concern
+
+  class DataSanitizer
+    def initialize(object, options, api_version)
+      @object = object
+      @options = options
+      @root = options[:root]
+      @api_version = api_version
+    end
+
+    def sanitize
+      case object
+      when ActiveRecord::Relation, Array
+        @root ||= klass_name.tableize
+        {root => sanitized_array_data}
+      when Hash
+        root ? {root => sanitized_data} : sanitized_data
+      else
+        @root ||= klass_name.underscore
+        {root => sanitized_data}
+      end
+    end
+
+    private
+
+    attr_reader :object, :options, :api_version, :root
+
+    def sanitized_data
+      @sanitized_data ||= serializer.new object, opts
+    end
+
+    def sanitized_array_data
+      @sanitized_array_data = ActiveModel::Serializer::CollectionSerializer.new(object, opts)
+    end
+
+    def klass_name
+      @klass_name ||= (object.respond_to?(:klass) ? object.klass : object.class).name
+    end
+
+    def serializer
+      @serializer ||=
+        unless klass_name == Array.name
+          options[:serializer] || "Api::#{api_version}::#{klass_name}Serializer".constantize
+        end
+    end
+
+    def opts
+      @opts ||= options.except(:success, :status, :meta, :root).merge namespace: "Api::#{api_version}"
+    end
+  end
+
+  protected
+
+  included do
+    def render_jsonapi(object, options = {})
+      success = options.fetch :success, true
+      meta = options.fetch :meta, {}
+      status = options.fetch :status, :ok
+      data_serializer = DataSanitizer.new(object, options, api_version).sanitize
+
+      response_data = {
+        success: success,
+        data: data_serializer,
+        meta: meta
+      }
+      render json: response_data, status: status
+    end
+  end
+
+  def api_version
+    @api_version ||= request.path.split("/")[2].upcase.capitalize
+  end
+end

data/lib/controllers/concerns/pagination.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Pagination
+  extend ActiveSupport::Concern
+  include Pagy::Backend
+
+  protected
+
+  included do
+    def paginate(relation)
+      options = {page: page, items: items, outset: params[:outset]}
+      options[:count] = params[:count] if params[:count].to_i.positive?
+
+      pagy_info, records = pagy relation, options
+      [pagy_repsonse(pagy_info), records]
+    end
+  end
+
+  private
+
+  def pagy_repsonse(pagy)
+    pagy.instance_values.except Settings.pagy.instances.vars
+  end
+
+  def page
+    @page ||= params[:page].to_i < 1 ? Settings.pagy.page_default : params[:page]
+  end
+
+  def items
+    @items ||= params[:items].to_i < 1 ? Settings.pagy.items_default : params[:items]
+  end
+end

data/lib/controllers/concerns/rescue_exception.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+module RescueException
+  extend ActiveSupport::Concern
+
+  included do
+    rescue_from ActionController::ParameterMissing do |_error|
+      render_invalid_params_response
+    end
+    rescue_from(JWT::DecodeError, with: :render_jwt_invalid)
+    rescue_from(JWT::ExpiredSignature, with: :render_jwt_expired)
+    rescue_from(
+      ActiveRecord::RecordInvalid,
+      ActiveRecord::RecordNotDestroyed,
+      with: :render_unprocessable_entity_response
+    )
+    rescue_from ActiveRecord::RecordNotUnique, with: :render_existing_resource_response
+    rescue_from ActiveRecord::RecordNotFound, with: :render_resource_not_found_response
+    rescue_from(
+      Api::Error::Runtime,
+      with: :render_execute_failed_response
+    )
+    rescue_from ActionController::RoutingError, with: :render_routing_error_response
+    rescue_from Api::Error::ActionNotAllowed, with: :render_action_not_allowed_response
+
+    protected
+
+    def render_invalid_params_response(status: :bad_request)
+      error = Api::BaseError.new I18n.t("errors.params.invalid")
+      render json: error.to_hash, status: status
+    end
+
+    def render_unprocessable_entity_response(exception, status: :bad_request)
+      render json: ActiveRecordValidation::Error.new(exception.record).to_hash, status: status
+    end
+
+    def render_existing_resource_response(_exception, status: :bad_request)
+      error = Api::BaseError.new I18n.t("errors.active_record.not_unique")
+      render json: error.to_hash, status: status
+    end
+
+    def render_execute_failed_response(exception, status: :bad_request)
+      render json: exception.to_hash, status: status
+    end
+
+    def render_resource_not_found_response(exception, status: :not_found)
+      render json: Api::Error::RecordNotFound.new(exception).to_hash, status: status
+    end
+
+    def render_routing_error_response(_exception, status: :not_found)
+      error = Api::BaseError.new I18n.t("errors.route.not_found")
+      render json: error.to_hash, status: status
+    end
+
+    def doorkeeper_unauthorized_render_options(error: nil) # rubocop:disable Lint/UnusedMethodArgument
+      {json: Api::BaseError.new(I18n.t("errors.action.unauthorized")).to_hash}
+    end
+
+    def render_action_not_allowed_response(exception, status: :forbidden)
+      render json: Api::Error::ActionNotAllowed.new(exception).to_hash, status: status
+    end
+
+    def render_jwt_invalid(_exception, status: :unauthorized)
+      error = Api::BaseError.new I18n.t("errors.action.invalid_token")
+      render json: error.to_hash, status: status
+    end
+
+    def render_jwt_expired(_exception, status: :unauthorized)
+      error = Api::BaseError.new I18n.t("errors.action.token_expired")
+      render json: error.to_hash, status: status
+    end
+  end
+end

data/lib/db/migrate/20220721091426_devise_create_users.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+class DeviseCreateUsers < ActiveRecord::Migration[7.0]
+  def change
+    create_table :users do |t|
+      ## Database authenticatable
+      t.string :email,              null: false, default: ''
+      t.string :encrypted_password, null: false, default: ''
+      t.datetime :deleted_at
+
+      ## Recoverable
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+
+      ## Rememberable
+      # t.datetime :remember_created_at
+
+      ## Trackable
+      # t.integer  :sign_in_count, default: 0, null: false
+      # t.datetime :current_sign_in_at
+      # t.datetime :last_sign_in_at
+      # t.string   :current_sign_in_ip
+      # t.string   :last_sign_in_ip
+
+      ## Confirmable
+      # t.string   :confirmation_token
+      # t.datetime :confirmed_at
+      # t.datetime :confirmation_sent_at
+      # t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Lockable
+      # t.integer  :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
+      # t.string   :unlock_token # Only if unlock strategy is :email or :both
+      # t.datetime :locked_at
+
+      t.timestamps null: false
+    end
+
+    add_index :users, :email,                unique: true
+    add_index :users, :reset_password_token, unique: true
+    add_index :users, :deleted_at,           unique: true
+
+    # add_index :users, :confirmation_token,   unique: true
+    # add_index :users, :unlock_token,         unique: true
+  end
+end

data/lib/db/migrate/20230113072522_create_devices.rb

@@ -0,0 +1,13 @@
+class CreateDevices < ActiveRecord::Migration[7.0]
+  def change
+    create_table :devices do |t|
+      t.string :refresh_token
+      t.integer :platform, default: 0
+      t.references :resourceable, polymorphic: true
+
+      t.timestamps
+    end
+
+    add_index :devices, :refresh_token, unique: true
+  end
+end

data/lib/db/migrate/20230227135020_create_posts.rb

@@ -0,0 +1,15 @@
+class CreatePosts < ActiveRecord::Migration[7.0]
+  def change
+    create_table :posts do |t|
+      t.string :title 
+      t.text :content 
+      t.bigint :author_id, null: false
+      t.datetime :deleted_at
+
+      t.timestamps
+    end
+
+    add_index :posts, :author_id, unique: true
+    add_index :posts, :deleted_at, unique: true
+  end
+end

data/lib/db/migrate/20230303165318_devise_create_admins.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+class DeviseCreateAdmins < ActiveRecord::Migration[7.0]
+  def change
+    create_table :admins do |t|
+      ## Database authenticatable
+      t.string :email,              null: false, default: ""
+      t.string :encrypted_password, null: false, default: ""
+
+      ## Recoverable
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+      t.datetime :deleted_at
+      ## Rememberable
+      #t.datetime :remember_created_at
+
+      ## Trackable
+      # t.integer  :sign_in_count, default: 0, null: false
+      # t.datetime :current_sign_in_at
+      # t.datetime :last_sign_in_at
+      # t.string   :current_sign_in_ip
+      # t.string   :last_sign_in_ip
+
+      ## Confirmable
+      # t.string   :confirmation_token
+      # t.datetime :confirmed_at
+      # t.datetime :confirmation_sent_at
+      # t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Lockable
+      # t.integer  :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
+      # t.string   :unlock_token # Only if unlock strategy is :email or :both
+      # t.datetime :locked_at
+
+
+      t.timestamps null: false
+    end
+
+    add_index :admins, :email,                unique: true
+    add_index :admins, :reset_password_token, unique: true
+    add_index :admins, :deleted_at, unique: true
+
+    # add_index :admins, :confirmation_token,   unique: true
+    # add_index :admins, :unlock_token,         unique: true
+  end
+end

data/lib/db/schema.rb

@@ -0,0 +1,62 @@
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# This file is the source Rails uses to define your schema when running `bin/rails
+# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
+# be faster and is potentially less error prone than running all of your
+# migrations from scratch. Old migrations may fail to apply correctly if those
+# migrations use external dependencies or application code.
+#
+# It's strongly recommended that you check this file into your version control system.
+
+ActiveRecord::Schema[7.0].define(version: 2023_03_03_165318) do
+  create_table "admins", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
+    t.string "email", default: "", null: false
+    t.string "encrypted_password", default: "", null: false
+    t.string "reset_password_token"
+    t.datetime "reset_password_sent_at"
+    t.datetime "deleted_at"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["deleted_at"], name: "index_admins_on_deleted_at", unique: true
+    t.index ["email"], name: "index_admins_on_email", unique: true
+    t.index ["reset_password_token"], name: "index_admins_on_reset_password_token", unique: true
+  end
+
+  create_table "devices", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
+    t.string "refresh_token"
+    t.integer "platform", default: 0
+    t.string "resourceable_type"
+    t.bigint "resourceable_id"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["refresh_token"], name: "index_devices_on_refresh_token", unique: true
+    t.index ["resourceable_type", "resourceable_id"], name: "index_devices_on_resourceable"
+  end
+
+  create_table "posts", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
+    t.string "title"
+    t.text "content"
+    t.bigint "author_id", null: false
+    t.datetime "deleted_at"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["author_id"], name: "index_posts_on_author_id", unique: true
+    t.index ["deleted_at"], name: "index_posts_on_deleted_at", unique: true
+  end
+
+  create_table "users", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
+    t.string "email", default: "", null: false
+    t.string "encrypted_password", default: "", null: false
+    t.datetime "deleted_at"
+    t.string "reset_password_token"
+    t.datetime "reset_password_sent_at"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["deleted_at"], name: "index_users_on_deleted_at", unique: true
+    t.index ["email"], name: "index_users_on_email", unique: true
+    t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
+  end
+
+end

data/lib/db/seeds.rb

@@ -0,0 +1,7 @@
+# Create user
+5.times do |index|
+  User.create email: "user1#{index}@gmail.vn", password: "Aa@123456"
+end
+
+# Create Admin
+Admin.create email: "admin@gmail.vn", password: "Aa@123456"