whiplash-app 0.9.4 → 0.9.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +66 -98
- data/lib/whiplash/app/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e0e2ae334bdd40de1ae96543cd86eb7506e3de9a7d65d04b003fa67d2eb83da1
|
4
|
+
data.tar.gz: a2ae0fe3f75c4ed25e7703c85f71495609f10434c9bf3d687483d1ad440a5513
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1fd9e63cc8d1359a38adc462eb4818928d4ea84bc1e57db46e1fa9725ef547c59172763727f8fc7957c8de22d0a3720a437040789966116ce5a1c0a833ad210f
|
7
|
+
data.tar.gz: 0f35b12647a50d4a4c8fbb1a0f24fb6d40946c19dbbeb4d0238eb19d5c075fd3958e2cea68a72072d8db5770c83d18a5c1bc831a3bee2497e9cc7a4bfde52913
|
data/README.md
CHANGED
@@ -4,6 +4,8 @@ The whiplash-app gem allows your Whiplash application to access the Whiplash
|
|
4
4
|
API and perform authentication, signatures and signature verification, and basic
|
5
5
|
CRUD functions against the api.
|
6
6
|
|
7
|
+
For apps that provide a UI, it also provides built in authentication and several helper methods.
|
8
|
+
|
7
9
|
## Installation
|
8
10
|
|
9
11
|
Add this line to your application's Gemfile:
|
@@ -22,109 +24,68 @@ Or install it yourself as:
|
|
22
24
|
|
23
25
|
## Usage
|
24
26
|
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
1. `Whiplash::App` must now be instantiated.
|
29
|
-
2. Tokens are **not** automatically refreshed
|
27
|
+
There are two basic uses for this gem:
|
28
|
+
1. Authenticating users for apps _with a UI_ (i.e. Notifications, Troubleshoot, etc)
|
29
|
+
2. Providing offline access to applications that perform tasks (i.e Tasks, Old Integrations, etc)
|
30
30
|
|
31
|
-
|
32
|
-
```ruby
|
33
|
-
api = Whiplash::App
|
34
|
-
```
|
31
|
+
It's not uncommon for an application to do _both_ of the above (i.e. Notifications, Payments, etc)
|
35
32
|
|
36
|
-
|
37
|
-
```ruby
|
38
|
-
api = Whiplash::App.new
|
39
|
-
api.refresh_token! # Since you don't have one yet
|
40
|
-
api.token # Confirm you've got a token
|
41
|
-
. . .
|
42
|
-
api.refresh_token! if api.token_expired?
|
43
|
-
```
|
44
|
-
|
45
|
-
### Authentication
|
33
|
+
### Authentication for offline access (Oauth Client Credentials flow)
|
46
34
|
In order to authenticate, make sure the following `ENV` vars are set:
|
47
35
|
|
48
36
|
```ruby
|
49
|
-
ENV[
|
50
|
-
ENV[
|
51
|
-
ENV[
|
37
|
+
ENV['WHIPLASH_API_URL']
|
38
|
+
ENV['WHIPLASH_CLIENT_ID']
|
39
|
+
ENV['WHIPLASH_CLIENT_SCOPE']
|
40
|
+
ENV['WHIPLASH_CLIENT_SECRET']
|
52
41
|
```
|
53
42
|
|
54
|
-
Once those are set,
|
55
|
-
|
56
|
-
### Oauth Client Credentials
|
57
|
-
You can authenticate using Oauth Client Credentials (i.e. auth an entire app).
|
58
|
-
You probably want this for apps that work offline, _on behalf_ of users or customers, or that don't work at the user/customer-level at all.
|
43
|
+
Once those are set, you can generate and use an access token like so:
|
59
44
|
|
60
45
|
```ruby
|
61
|
-
|
62
|
-
api
|
63
|
-
api.
|
46
|
+
token = Whiplash::App.client_credentials_token
|
47
|
+
api = Whiplash::App.new(token)
|
48
|
+
customers = api.get!('customers')
|
64
49
|
```
|
65
50
|
|
66
|
-
###
|
67
|
-
|
51
|
+
### Authentication for online access
|
52
|
+
In order to use the API, you only need to set the following:
|
68
53
|
|
69
54
|
```ruby
|
70
|
-
|
71
|
-
api = Whiplash::App.new(oauth_credentials_hash)
|
72
|
-
api.token # Confirm you've got a token
|
55
|
+
ENV['WHIPLASH_API_URL']
|
73
56
|
```
|
74
57
|
|
75
|
-
|
76
|
-
In order to set your api url, you can use the following environment URL:
|
77
|
-
```
|
78
|
-
ENV["WHIPLASH_API_URL"]
|
79
|
-
```
|
80
|
-
If it isn't set, then the API URL defaults to either `https://sandbox.getwhiplash.com` (test or dev environment) or `https://www.getwhiplash.com` (prod environment).
|
58
|
+
As long as all of your apps are on the same subdomain, they will share auth cookies:
|
81
59
|
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
In order to make the use of the gem seem more "AR-ish", we've added AR oriented methods that can be used for basic object creation/deletion/updating/viewing. The basic gist of these AR style CRUD methods is that they will all follow the same pattern. If you are performing a collection action, such as `create` or `find`, the pattern is this:
|
89
|
-
|
90
|
-
```ruby
|
91
|
-
api.create(resource, params, headers)
|
60
|
+
```json
|
61
|
+
{
|
62
|
+
"oauth_token": XXXXXXX,
|
63
|
+
"user": {"id":151,"email":"mark@getwhiplash.com","role":"admin","locale":"en","first_name":"Mark","last_name":"Dickson","partner_id":null,"warehouse_id": 1,"customer_ids":[1, 2, 3]}
|
64
|
+
}
|
92
65
|
```
|
93
66
|
|
94
|
-
|
67
|
+
You get a variety of helper methods for free:
|
95
68
|
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
69
|
+
`init_whiplash_api` - This instantiates `@whiplash_api` which can be used to make requests, out of the box
|
70
|
+
`current_user` - This is a **hash** with the above fields; you typically shouldn't need much more user info than this
|
71
|
+
`require_user` - Typically you'd use this in a `before_action`. You almost always want this in `ApplicationController`.
|
72
|
+
`set_locale!` - Sets the locale based on the value in the user hash
|
73
|
+
`set_current_user_cookie!` - Updates the current user cookie with fresh data from the api. You typically won't need this, unless your app updates fields like `warehouse_id` or `locale`.
|
74
|
+
`core_url` - Shorthand for `ENV['WHIPLASH_API_URL']`
|
75
|
+
`core_url_for` - Link back to Core like `core_url_for('login')`
|
102
76
|
|
103
|
-
```ruby
|
104
|
-
api.update(resource, id, params_to_update, headers)
|
105
|
-
```
|
106
77
|
|
107
|
-
|
78
|
+
### Sending Customer ID and Shop ID headers
|
79
|
+
You can send the headers in `headers` array, like `{customer_id: 123, shop_id: 111}`.
|
80
|
+
Alternatively, you can set them on instantiation like `Whiplash::App.new(token, {customer_id: 123, shop_id: 111})`
|
108
81
|
|
109
|
-
```ruby
|
110
|
-
api.find_all('orders', {}, { customer_id: 187 })
|
111
|
-
api.find('orders', 1)
|
112
|
-
api.create('orders', { key: "value", key2: "value" }, { customer_id: 187 } )
|
113
|
-
api.update('orders', 1, { key: "value"}, { customer_id: 187 } )
|
114
|
-
api.destroy('orders', 1, { customer_id: 187 } )
|
115
|
-
api.count('customers')
|
116
|
-
```
|
117
82
|
|
118
83
|
### CRUD Wrapper methods
|
119
|
-
In reality, all of these methods are simply wrapper methods around simple `GET/POST/PUT/DELETE` wrappers on Faraday, so if you want to get more granular,you can also make calls that simply reference the lower level REST verb:
|
120
84
|
|
121
85
|
```ruby
|
122
86
|
api.get('orders')
|
123
87
|
```
|
124
|
-
Which will return all orders and roughly correspond to an index call. If you need to use `Whiplash::App` for nonRESTful calls, simply drop the full endpoint in as your first argument:
|
125
88
|
|
126
|
-
```ruby
|
127
|
-
api.get('orders/non_restful_action', {}, {})
|
128
89
|
```
|
129
90
|
`POST`, `PUT`, and `DELETE` calls can be performed in much the same way:
|
130
91
|
```ruby
|
@@ -133,6 +94,37 @@ api.put(endpoint, params, headers) # PUT request to the specified endpoint passi
|
|
133
94
|
api.delete(endpoint, params, headers) # DELETE request to the specified endpoint. Params would probably just be an id.
|
134
95
|
```
|
135
96
|
|
97
|
+
### Bang methods
|
98
|
+
|
99
|
+
In typical Rails/Ruby fashion, `!` methods `raise`. Typically, you'll want to set some global `rescue`s and use the `!` version of crud requests:
|
100
|
+
|
101
|
+
```ruby
|
102
|
+
rescue_from WhiplashApiError, with: :handle_whiplash_api_error
|
103
|
+
|
104
|
+
def handle_whiplash_api_error(exception)
|
105
|
+
# Any special exceptions we want to handle directly
|
106
|
+
case exception.class.to_s
|
107
|
+
when 'WhiplashApiError::Unauthorized'
|
108
|
+
return redirect_to core_url_for('logout')
|
109
|
+
end
|
110
|
+
|
111
|
+
@status_code = WhiplashApiError.codes&.invert&.dig(exception&.class)
|
112
|
+
@error = exception.message
|
113
|
+
respond_to do |format|
|
114
|
+
format.html {
|
115
|
+
flash[:error] = @error
|
116
|
+
redirect_back(fallback_location: root_path)
|
117
|
+
}
|
118
|
+
format.json {
|
119
|
+
render json: exception, status: @status_code
|
120
|
+
}
|
121
|
+
format.js {
|
122
|
+
render template: 'resources/exception'
|
123
|
+
}
|
124
|
+
end
|
125
|
+
end
|
126
|
+
```
|
127
|
+
|
136
128
|
### Signing and Verifying.
|
137
129
|
`whiplash-app` supports signing and verifying signatures like so:
|
138
130
|
```ruby
|
@@ -143,30 +135,6 @@ and verifications are done like so:
|
|
143
135
|
Whiplash::App.verified?(request)
|
144
136
|
```
|
145
137
|
|
146
|
-
### Caching
|
147
|
-
`whiplash-app` is Cache agnostic, relying on the `moneta` gem to provide a local store, if needed.
|
148
|
-
However, if you intend to specify `REDIS` as your key-value store of choice, it's dead simple. Simply declare the following variables:
|
149
|
-
```
|
150
|
-
ENV["REDIS_HOST"]
|
151
|
-
ENV["REDIS_PORT"]
|
152
|
-
ENV["REDIS_PASSWORD"]
|
153
|
-
ENV["REDIS_NAMESPACE"]
|
154
|
-
```
|
155
|
-
If those are provided, `moneta` will use your redis connection and will namespace your cache storage under the redis namespace. By default, if you do not declare a `REDIS_NAMESPACE` value, the app will default to the `WHIPLASH_CLIENT_ID`.
|
156
|
-
|
157
|
-
**For user-facing apps, best practice is to store the `oauth_credentials_hash` in a session variable.**
|
158
|
-
|
159
|
-
### Gotchas
|
160
|
-
Due to the way Faraday handles params, this would not, as expected, route to `orders#show` in the Whiplash App, but would instead route to `orders#index`, so it wouldn't return the expected singular order with an ID of 1, but all orders for that customer.
|
161
|
-
```ruby
|
162
|
-
api.get('orders', {id: 1}, {customer_id: 187})
|
163
|
-
```
|
164
|
-
Instead, you'd want to do:
|
165
|
-
```ruby
|
166
|
-
api.get('orders/1', {}, {customer_id: 187})
|
167
|
-
```
|
168
|
-
|
169
|
-
|
170
138
|
## Development
|
171
139
|
|
172
140
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
data/lib/whiplash/app/version.rb
CHANGED