RubyGems - thecore_api - Versions diffs - 1.4.2 → 1.4.3 - Mend

thecore_api 1.4.2 → 1.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/app/controllers/api/v1/base_controller.rb +53 -46
data/app/controllers/api/v1/info_controller.rb +21 -20
data/config/locales/thecore_api.en.yml +6 -0
data/config/locales/thecore_api.it.yml +6 -0
data/config/routes.rb +1 -1
data/lib/thecore_api/version.rb +1 -1
metadata +4 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 649421e70773b321338691a8393dbf79c85036a0e09e4abd4a3a48e9219cab74
-  data.tar.gz: fd5797b1bf28846babac2bf595189e8b6d74fb062bd273227332d2d428c018c1
+  metadata.gz: 1af0a793ef25d9d3d8678683c1b9b016d85d41b8a206ea2a73ea7c2b8182901e
+  data.tar.gz: ba9b80c4635788726dcc8e4c0f25109f1c401fdda25cf59b99667846ffef97cb
 SHA512:
-  metadata.gz: 3bb6636c2b157ca34115fcdf0830a4d8f9e4dd910f7c394f9095062a0c73ef8e17ce3b2d6766e9d89589bf6e9e5a88c8e08186eb13a713246ff1e0a0480306bf
-  data.tar.gz: a457df07061e2c74d1c5ccd17c5f497ad8782fc7f95a28fa38725dc48bf556d2deff2ca85248a1e3745dc548002c547ac7f9cd45b92ebd367b11a4bd85fd3da6
+  metadata.gz: 8b96365c02d73622755d5a9ddd7ad8414eaca91188c06715cd79d7bc80d752c63578127751676c31f5b18448fb1cb48248eae3bb84455dacc2bac503855935e2
+  data.tar.gz: d83ebaa1e04526cb60bccade5f21c28b1078ae44acd18200d9f06ce5ac99a2c8842df8eb43da5b07b933fe95097d2ca55b53b6f7333ff5a2f41b4d27d991bd22

data/app/controllers/api/v1/base_controller.rb CHANGED Viewed

@@ -25,12 +25,12 @@ class Api::V1::BaseController < ActionController::API
   before_action :find_model, except: [ :version, :token, :available_roles, :check, :translations, :schema ]
   before_action :find_record, only: [ :show, :update, :destroy ]
-  rescue_from ActiveRecord::RecordNotFound, with: :not_found!
   rescue_from ActiveRecord::StatementInvalid, with: :unauthenticated!
   rescue_from ActiveRecord::RecordInvalid, with: :invalid!
-  #rescue_from CanCan::AuthorizationNotPerformed, with: :unauthorized!
   rescue_from CanCan::AccessDenied, with: :unauthorized!
-  #rescue_from Pundit::NotAuthorizedError, with: :unauthorized!
+  rescue_from ActiveRecord::RecordNotFound, with: :not_found!
+  rescue_from NameError, with: :not_found!
+  rescue_from NoMethodError, with: :not_found!
   attr_accessor :current_user
@@ -40,7 +40,13 @@ class Api::V1::BaseController < ActionController::API
   # end
   def check
+    # This method is only valid for ActiveRecords
+    # For any other model-less controller, the actions must be
+    # defined in the route, and must exist in the controller definition.
+    # So, if it's not an activerecord, the find model makes no sense at all
+    # Thus must return 404
     path = params[:path].split("/")
+    return not_found! if (!path.first.classify.constantize.new.is_a? ActiveRecord::Base rescue false)
     find_model path.first
     if request.get?
       if path.second.blank?
@@ -51,10 +57,10 @@ class Api::V1::BaseController < ActionController::API
         @query = params[:q]
         index
       elsif path.second.to_i.zero?
-        # String, so it's a custom action I must find in the @model (as an singleton method)
-        # Like: :controller/:custom_action
-        result = MultiJson.dump(@model.send(path.second, params))
-        return render json: result, status: result.blank? ? 404 : 200
+        # String, so it's a custom action I must find in the @model (as a singleton method)
+        # GET :controller/:custom_action
+        return not_found! unless @model.respond_to?(path.second)
+        return render json: MultiJson.dump(@model.send(path.second, params)), status: 200
       elsif !path.second.to_i.zero? && path.third.blank?
         # Integer, so it's an ID, I must show it
         # Rails.logger.debug "IL SECONDO è ID? #{path.second.inspect}"
@@ -63,17 +69,18 @@ class Api::V1::BaseController < ActionController::API
         find_record
         show
       elsif !path.second.to_i.zero? && !path.third.blank?
-        # Like :controller/:id/:custom_action
-        result = MultiJson.dump(@model.send(path.third, path.second.to_i, params))
-        return render json: result, status: result.blank? ? 404 : 200
+        # GET :controller/:id/:custom_action
+        return not_found! unless @model.respond_to?(path.third)
+        return render json: MultiJson.dump(@model.send(path.third, path.second.to_i, params)), status: 200
       end
     elsif request.post?
       if path.second.blank?
         @params = params
         create
       elsif path.second.to_i.zero?
-        result = MultiJson.dump(@model.send(path.second, params))
-        return render json: result, status: result.blank? ? 404 : 200
+        # POST :controller/:custom_action
+        return not_found! unless @model.respond_to?(path.second)
+        return render json: MultiJson.dump(@model.send(path.second, params)), status: 200
       end
     elsif request.put?
       if !path.second.to_i.zero? && path.third.blank?
@@ -84,8 +91,9 @@ class Api::V1::BaseController < ActionController::API
         find_record
         update
       elsif !path.second.to_i.zero? && !path.third.blank?
-        result = MultiJson.dump(@model.send(path.third, path.second.to_i, params))
-        return render json: result, status: result.blank? ? 404 : 200
+        # PUT :controller/:id/:custom_action
+        return not_found! unless @model.respond_to?(path.third)
+        return render json: MultiJson.dump(@model.send(path.third, path.second.to_i, params)), status: 200
       end
     elsif request.delete?
       # Rails.logger.debug "IL SECONDO è ID in delete? #{path.second.inspect}"
@@ -178,44 +186,48 @@ class Api::V1::BaseController < ActionController::API
   def unauthenticated!
     response.headers['WWW-Authenticate'] = "Token realm=Application"
-    render json: { error: 'bad credentials' }, status: 401
+    # render json: { error: 'bad credentials' }, status: 401
+    api_error status: 401, errors: [I18n.t("api.errors.bad_credentials", default: "Bad Credentials")]
   end
   def unauthorized!
-    render nothing: true, status: :forbidden
-    return
-  end
-  def invalid_credentials!
-    render json: { error: 'invalid credentials' }, status: 403
+    # render nothing: true, status: :forbidden
+    api_error status: 403, errors: [I18n.t("api.errors.unauthorized", default: "Unauthorized")]
     return
   end
-  def unable!
-    render json: { error: 'you are not enabled to do so' }, status: 403
+  def not_found!
+    return api_error(status: 404, errors: [I18n.t("api.errors.not_found", default: "Not Found")])
   end
   def invalid! exception
     # Rails.logger.debug exception.errors.inspect
-    render json: { error: exception }, status: 422
-  end
-  def invalid_resource!(errors = [])
-    api_error(status: 422, errors: errors)
-  end
-  def not_found!
-    return api_error(status: 404, errors: 'Not found')
+    # render json: { error: exception }, status: 422
+    api_error status: 422, errors: exception
   end
   def api_error(status: 500, errors: [])
-    unless Rails.env.production?
-      puts errors.full_messages if errors.respond_to? :full_messages
+    # puts errors.full_messages if !Rails.env.production? && errors.respond_to?(:full_messages)
+    head status: status && return if errors.empty?
+    # For retrocompatibility, I try to send back only strings, as errors
+    errors_response = if errors.respond_to?(:full_messages)
+      # Validation Errors
+      errors.full_messages.join(", ")
+    elsif errors.respond_to?(:error)
+      # Generic uncatched error
+      errors.error
+    elsif errors.respond_to?(:exception)
+      # Generic uncatchd error, if the :error property does not exist, exception will
+      errors.exception
+    elsif errors.is_a? Array
+      # An array of values, I like to have them merged
+      errors.join(", ")
+    else
+      # Uncatched Error, comething I don't know, I must return the errors as it is
+      errors
     end
-    head status: status and return if errors.empty?
-    # render json: jsonapi_format(errors).to_json, status: status
-    render json: errors.to_json, status: status
+    render json: {error: errors_response}, status: status
   end
   def paginate(resource)
@@ -241,16 +253,11 @@ class Api::V1::BaseController < ActionController::API
   def authenticate_user!
     token, options = ActionController::HttpAuthentication::Token.token_and_options(request)
-    # puts "controller: #{controller_name}\naction: #{action_name}\ntoken: #{token}\noptions: #{options.inspect}\n\n"
-    user_email = options.blank?? nil : options[:email]
+    user_email = options.blank? ? nil : options[:email]
     user = user_email && User.find_by(email: user_email)
-    if user && ActiveSupport::SecurityUtils.secure_compare(user.authentication_token, token)
-      @current_user = user
-    else
-      return unauthenticated!
-    end
+    return unauthenticated! if user.blank? || !ActiveSupport::SecurityUtils.secure_compare(user.authentication_token, token)
+    @current_user = user
   end
   # private

data/app/controllers/api/v1/info_controller.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 class Api::V1::InfoController < Api::V1::BaseController
   # Info uses a different auth method: username and password
-  skip_before_action :authenticate_user!, only: [:version, :translations, :schema], raise: false
+  skip_before_action :authenticate_user!, only: [:version], raise: false
   # api :GET, '/api/v1/info/version', "Just prints the APPVERSION."
   # api!
@@ -10,17 +10,17 @@ class Api::V1::InfoController < Api::V1::BaseController
     }.to_json, status: 200
   end
-  # api :GET, '/api/v1/info/token', "Given auth credentials, in HTTP_BASIC form,
+  # api :GET, '/api/v1/info/token'
   # it returns the AUTH_TOKEN, email and id of the user which performed the authentication."
   # api!
-  def token
-    render json: {
-      token: @current_user.authentication_token,
-      email: @current_user.email
-    }.to_json, status: 200
-  end
+  # def token
+  #   render json: {
+  #     token: @current_user.authentication_token,
+  #     email: @current_user.email
+  #   }.to_json, status: 200
+  # end
-  # api :GET, '/api/v1/info/available_roles', "Given auth credentials, in HTTP_BASIC form,
+  # api :GET, '/api/v1/info/available_roles'
   # it returns the roles list
   def available_roles
     render json: ROLES.to_json, status: 200
@@ -31,6 +31,7 @@ class Api::V1::InfoController < Api::V1::BaseController
     render json: I18n.t(".", locale: (params[:locale].presence || :it)).to_json, status: 200
   end
+  # GET '/api/v1/info/schema'
   def schema
     pivot = {}
     if Rails.env.development?
@@ -50,15 +51,15 @@ class Api::V1::InfoController < Api::V1::BaseController
   # private
   # Method overridden because the first time I have to ask for the token
-  def authenticate_user!
-    username, password = ActionController::HttpAuthentication::Basic.user_name_and_password(request)
-    if username
-      user = User.find_by(username: username)
-    end
-    if user && user.valid_password?(password)
-      @current_user = user
-    else
-      return unauthenticated!
-    end
-  end
+  # def authenticate_user!
+  #   username, password = ActionController::HttpAuthentication::Basic.user_name_and_password(request)
+  #   if username
+  #     user = User.find_by(username: username)
+  #   end
+  #   if user && user.valid_password?(password)
+  #     @current_user = user
+  #   else
+  #     return unauthenticated!
+  #   end
+  # end
 end

data/config/locales/thecore_api.en.yml ADDED Viewed

@@ -0,0 +1,6 @@
+en:
+  api:
+    errors:
+      bad_credentials: Bad Credentials
+      unauthorized: Unauthorized Action
+      not_found: Resource not found

data/config/locales/thecore_api.it.yml ADDED Viewed

@@ -0,0 +1,6 @@
+it:
+  api:
+    errors:
+      bad_credentials: Credenziali errate
+      unauthorized: Operazione non autorizzata
+      not_found: Risorsa non trovata

data/config/routes.rb CHANGED Viewed

@@ -10,7 +10,7 @@ Rails.application.routes.draw do
       namespace :info do
         get :version
-        get :token
+        # get :token
         get :available_roles
         get :translations
         get :schema

data/lib/thecore_api/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ThecoreApi
-  VERSION = "1.4.2".freeze
+  VERSION = "1.4.3".freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: thecore_api
 version: !ruby/object:Gem::Version
-  version: 1.4.2
+  version: 1.4.3
 platform: ruby
 authors:
 - Gabriele Tassoni
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-09-30 00:00:00.000000000 Z
+date: 2019-10-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thecore
@@ -96,6 +96,8 @@ files:
 - config/initializers/after_initialize_for_thecore_api.rb
 - config/initializers/cors_api_thecore.rb
 - config/initializers/wrap_parameters.rb
+- config/locales/thecore_api.en.yml
+- config/locales/thecore_api.it.yml
 - config/routes.rb
 - db/migrate/20181120234856_add_allowed_origins_to_settings.rb
 - lib/tasks/thecore_api_tasks.rake