thecore_api 1.1.7

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c3eeb066a19ef99dc62d57f971cd85863285dc5e
+  data.tar.gz: 65a10141e57a771479610214ae7f90f7084ca70e
+SHA512:
+  metadata.gz: 66da97430ea31f832e402d9f9ec1eb610314660c380d0075a7576909d8e01e477e28f89b4f02cba058dae30404a54eed1a34fa501b630f484f949a18072d0434
+  data.tar.gz: 9c7619c6fbd0bf84c151b99915669c42341726935971474a2c9b13da15ee6a091c321eff2a95052f44cae65bc45334526341bfbd3baa9dcc632bd9f228f59f79

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2016 Gabriele Tassoni
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,37 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'ThecoreApi'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+load 'rails/tasks/statistics.rake'
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task default: :test

data/app/controllers/api/v1/base_controller.rb

@@ -0,0 +1,192 @@
+# https://labs.kollegorna.se/blog/2015/04/build-an-api-now/
+class Api::V1::BaseController < ActionController::API
+  include CanCan::ControllerAdditions
+  #include Pundit
+  #check_authorization
+  #load_and_authorize_resource
+  # https://github.com/kollegorna/active_hash_relation
+  include ActiveHashRelation
+
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  #protect_from_forgery with: :null_session
+
+  before_action :destroy_session
+
+  before_action :authenticate_user!
+  before_action :find_model, except: [ :version, :token ]
+  before_action :find_record, only: [ :show, :update, :destroy ]
+
+  rescue_from ActiveRecord::RecordNotFound, with: :not_found!
+  rescue_from ActiveRecord::StatementInvalid, with: :unauthenticated!
+  rescue_from ActiveRecord::RecordInvalid, with: :invalid!
+  #rescue_from CanCan::AuthorizationNotPerformed, with: :unauthorized!
+  rescue_from CanCan::AccessDenied, with: :unauthorized!
+  #rescue_from Pundit::NotAuthorizedError, with: :unauthorized!
+
+  attr_accessor :current_user
+
+  def index
+    # find the records
+    @q = (@model.column_names.include?("user_id") ? @model.where(user_id: current_user.id) : @model).ransack(params[:q])
+    @records_all = @q.result(distinct: true)
+    @records = @records_all.page(params[:page]).per(params[:per])
+
+    # If there's the keyword pagination_info, then return a pagination info object
+    return render json: MultiJson.dump({
+      count: @records_all.count,
+      current_page_count: @records.count,
+      next_page: @records.next_page,
+      prev_page: @records.prev_page,
+      is_first_page: @records.first_page?,
+      is_last_page: @records.last_page?,
+      is_out_of_range: @records.out_of_range?,
+      pages_count: @records.total_pages,
+      current_page_number: @records.current_page
+    }) if !params[:pages_info].nil?
+    # If it's asked for page number, the paginate
+    return render json: MultiJson.dump(@records, @json_attrs || {}) if !params[:page].nil? # (@json_attrs || {})
+    # if you ask for count, then return a json object with just the number of objects
+    return render json: MultiJson.dump({count: @records_all.count}) if !params[:count].nil?
+    # Default
+    render json: MultiJson.dump(@records_all, @json_attrs || {}) #(@json_attrs || {})
+  end
+
+  # def count
+  #   # find the records
+  #   @q = (@model.column_names.include?("user_id") ? @model.where(user_id: current_user.id) : @model).ransack(params[:q])
+  #   @records_all = @q.result(distinct: true)
+  #   # if you ask for count, then return a json object with just the number of objects
+  #   return render json: {count: @records_all.count}.to_json
+  # end
+
+  def search
+    index
+    render :index
+  end
+
+  def show
+    render json: @record.to_json(@json_attrs || {}), status: 200
+  end
+
+  def create
+    @record =  @model.new(request_params)
+    @record.user_id = current_user.id if @model.column_names.include? "user_id"
+
+    @record.save!
+
+    render json: @record.to_json(@json_attrs || {}), status: 201
+  end
+
+  def update
+    @record.update_attributes(request_params)
+
+    render json: @record.to_json(@json_attrs || {}), status: 200
+  end
+
+  def destroy
+    unless @record.destroy
+       return api_error(status: 500)
+    end
+
+    head status: 204
+  end
+
+  protected
+
+  def destroy_session
+    request.session_options[:skip] = true
+  end
+
+  def unauthenticated!
+    response.headers['WWW-Authenticate'] = "Token realm=Application"
+    render json: { error: 'bad credentials' }, status: 401
+  end
+
+  def unauthorized!
+    render nothing: true, status: :forbidden
+    return
+  end
+
+  def invalid_credentials!
+    render json: { error: 'invalid credentials' }, status: 403
+    return
+  end
+
+  def unable!
+    render json: { error: 'you are not enabled to do so' }, status: 403
+  end
+
+  def invalid!
+    render json: { error: 'Some validation has failed' }, status: 422
+  end
+
+  def invalid_resource!(errors = [])
+    api_error(status: 422, errors: errors)
+  end
+
+  def not_found!
+    return api_error(status: 404, errors: 'Not found')
+  end
+
+  def api_error(status: 500, errors: [])
+    unless Rails.env.production?
+      puts errors.full_messages if errors.respond_to? :full_messages
+    end
+    head status: status and return if errors.empty?
+
+    # render json: jsonapi_format(errors).to_json, status: status
+    render json: errors.to_json, status: status
+  end
+
+  def paginate(resource)
+    resource = resource.page(params[:page] || 1)
+    if params[:per_page]
+      resource = resource.per_page(params[:per_page])
+    end
+
+    return resource
+  end
+
+  # expects pagination!
+  def meta_attributes(object)
+    {
+      current_page: object.current_page,
+      next_page: object.next_page,
+      prev_page: (object.previous_page rescue nil),
+      total_pages: object.total_pages,
+      total_count: (object.total_entries rescue nil)
+    }
+  end
+
+  def authenticate_user!
+    token, options = ActionController::HttpAuthentication::Token.token_and_options(request)
+
+    # puts "controller: #{controller_name}\naction: #{action_name}\ntoken: #{token}\noptions: #{options.inspect}\n\n"
+
+    user_email = options.blank?? nil : options[:email]
+    user = user_email && User.find_by(email: user_email)
+
+    if user && ActiveSupport::SecurityUtils.secure_compare(user.authentication_token, token)
+      @current_user = user
+    else
+      return unauthenticated!
+    end
+  end
+
+  private
+
+  def find_record
+    # find the records
+    @record = @model.column_names.include?("user_id") ? @model.where(id: params[:id], user_id: current_user.id).first : @model.find(params[:id])
+  end
+
+  def find_model
+    # Find the name of the model from controller
+    @model = controller_path.classify.constantize rescue controller_name.classify.constantize
+  end
+
+  def request_params
+    params.require(controller_name.to_sym).permit!().delete_if{ |k,v| v.nil? }
+  end
+end

data/app/controllers/api/v1/info_controller.rb

@@ -0,0 +1,40 @@
+class Api::V1::InfoController < Api::V1::BaseController
+  skip_before_action :authenticate_user!, only: [:version]
+
+  # api :GET, '/api/v1/info/version', "Just prints the APPVERSION."
+  # api!
+  def version
+    render json: {
+      version: APPVERSION
+    }.to_json, status: 200
+  end
+
+  # api :GET, '/api/v1/info/token', "Given auth credentials, in HTTP_BASIC form,
+  # it returns the AUTH_TOKEN, email and id of the user which performed the authentication."
+  # api!
+  def token
+    render json: {
+      token: @current_user.authentication_token,
+      email: @current_user.email,
+      roles: @current_user.roles,
+      admin: @current_user.admin,
+      third_party: @current_user.third_party,
+      id: @current_user.id
+    }.to_json, status: 200
+  end
+
+  private
+
+  # Method overridden because the first time I have to ask for the token
+  def authenticate_user!
+    username, password = ActionController::HttpAuthentication::Basic.user_name_and_password(request)
+    if username
+      user = User.find_by(username: username)
+    end
+    if user && user.valid_password?(password)
+      @current_user = user
+    else
+      return unauthenticated!
+    end
+  end
+end

data/app/controllers/api/v1/sessions_controller.rb

@@ -0,0 +1,21 @@
+class Api::V1::SessionsController < Api::V1::BaseController
+  skip_before_action :authenticate_user!
+  def create
+    user = User.find_by(email: request_params[:email])
+    if user && user.authenticate(request_params[:password])
+      self.current_user = user
+      render(
+        json: Api::V1::SessionSerializer.new(user, root: false).to_json,
+        status: 201
+      )
+    else
+      return api_error(status: 401)
+    end
+  end
+
+  private
+  
+  def request_params
+    params.require(:user).permit(:email, :password)
+  end
+end

data/app/controllers/api/v1/users_controller.rb

@@ -0,0 +1,15 @@
+class Api::V1::UsersController < Api::V1::BaseController
+  load_and_authorize_resource
+  
+  before_action :check_demoting
+
+  private
+  
+  def check_demoting
+    render json: "You cannot demote yourself", status: 403 if (params[:id].to_i == current_user.id && (params[:users].keys.include?("admin") || params[:users].keys.include?("locked")))
+  end
+  
+  def request_params
+    params.require(:users).permit(:email, :roles, :password, :password_confirmation, :username, :number_of_instances_purchased, :admin, :locked).delete_if{ |k,v| v.nil? }
+  end
+end

data/config/initializers/wrap_parameters.rb

@@ -0,0 +1,14 @@
+# Be sure to restart your server when you modify this file.
+
+# This file contains settings for ActionController::ParamsWrapper which
+# is enabled by default.
+
+# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
+ActiveSupport.on_load(:action_controller) do
+  wrap_parameters format: [:json] if respond_to?(:wrap_parameters)
+end
+
+# To enable root element in JSON for ActiveRecord objects.
+# ActiveSupport.on_load(:active_record) do
+#  self.include_root_in_json = true
+# end

data/config/routes.rb

@@ -0,0 +1,21 @@
+require 'thecore'
+require 'ransack'
+
+Rails.application.routes.draw do
+  # REST API (Stateless)
+  namespace :api do
+    namespace :v1, defaults: { format: :json } do
+
+      resources :sessions, only: [:create]
+
+      namespace :info do
+        get :version
+        get :token
+      end
+
+      resources :users, only: [:index, :create, :show, :update, :destroy] do
+        match 'search' => 'users#search', via: [:get, :post], as: :search, on: :collection
+      end
+    end
+  end
+end

data/lib/tasks/thecore_api_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :thecore_api do
+#   # Task goes here
+# end

data/lib/thecore_api.rb

@@ -0,0 +1,11 @@
+require 'thecore'
+# require 'rails-api' integrated into rails 5.0
+# require 'active_model_serializers'
+require 'active_hash_relation'
+require 'rack/cors'
+require 'therubyracer'
+require "thecore_api/engine"
+require 'ransack'
+
+module ThecoreApi
+end

data/lib/thecore_api/engine.rb

@@ -0,0 +1,18 @@
+module ThecoreApi
+  class Engine < ::Rails::Engine
+    # appending migrations to the main app's ones
+    initializer :append_migrations do |app|
+      config.middleware.insert_before 0, "Rack::Cors" do
+        allow do
+          origins '*'
+          resource '*', :headers => :any, :methods => [:get, :post, :put, :patch, :delete, :options, :head]
+        end
+      end
+      unless app.root.to_s == root.to_s
+        config.paths["db/migrate"].expanded.each do |expanded_path|
+          app.config.paths["db/migrate"] << expanded_path
+        end
+      end
+    end
+  end
+end

data/lib/thecore_api/version.rb

@@ -0,0 +1,3 @@
+module ThecoreApi
+  VERSION = "1.1.7".freeze
+end

data/test/dummy/README.rdoc

@@ -0,0 +1,28 @@
+== README
+
+This README would normally document whatever steps are necessary to get the
+application up and running.
+
+Things you may want to cover:
+
+* Ruby version
+
+* System dependencies
+
+* Configuration
+
+* Database creation
+
+* Database initialization
+
+* How to run the test suite
+
+* Services (job queues, cache servers, search engines, etc.)
+
+* Deployment instructions
+
+* ...
+
+
+Please feel free to use a different markup language if you do not plan to run
+<tt>rake doc:app</tt>.