Merge pull request akabiru#11 from akabiru/part-three

Let 'Master' include all branches.
eAliwei · Jan 10, 2018 · a02bee6 · a02bee6
2 parents 5038a6c + 6ecaec7
commit a02bee6
Show file tree

Hide file tree

Showing 32 changed files with 739 additions and 173 deletions.
diff --git a/Gemfile b/Gemfile
@@ -17,8 +17,11 @@ gem 'puma', '~> 3.0'
 # Use Redis adapter to run Action Cable in production
 # gem 'redis', '~> 3.0'
 # Use ActiveModel has_secure_password
-# gem 'bcrypt', '~> 3.1.7'
-
+gem 'bcrypt', '~> 3.1.7'
+gem 'jwt'
+gem 'active_model_serializers', '~> 0.10.0'
+gem 'will_paginate', '~> 3.1.0'
+gem 'faker'
 # Use Capistrano for deployment
 # gem 'capistrano-rails', group: :development
 

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,179 +1,192 @@
 GEM
  remote: https://rubygems.org/
  specs:
- actioncable (5.0.1)
- actionpack (= 5.0.1)
- nio4r (~> 1.2)
+ actioncable (5.0.6)
+ actionpack (= 5.0.6)
+ nio4r (>= 1.2, < 3.0)
  websocket-driver (~> 0.6.1)
- actionmailer (5.0.1)
- actionpack (= 5.0.1)
- actionview (= 5.0.1)
- activejob (= 5.0.1)
+ actionmailer (5.0.6)
+ actionpack (= 5.0.6)
+ actionview (= 5.0.6)
+ activejob (= 5.0.6)
  mail (~> 2.5, >= 2.5.4)
  rails-dom-testing (~> 2.0)
- actionpack (5.0.1)
- actionview (= 5.0.1)
- activesupport (= 5.0.1)
+ actionpack (5.0.6)
+ actionview (= 5.0.6)
+ activesupport (= 5.0.6)
  rack (~> 2.0)
  rack-test (~> 0.6.3)
  rails-dom-testing (~> 2.0)
  rails-html-sanitizer (~> 1.0, >= 1.0.2)
- actionview (5.0.1)
- activesupport (= 5.0.1)
+ actionview (5.0.6)
+ activesupport (= 5.0.6)
  builder (~> 3.1)
  erubis (~> 2.7.0)
  rails-dom-testing (~> 2.0)
- rails-html-sanitizer (~> 1.0, >= 1.0.2)
- activejob (5.0.1)
- activesupport (= 5.0.1)
+ rails-html-sanitizer (~> 1.0, >= 1.0.3)
+ active_model_serializers (0.10.7)
+ actionpack (>= 4.1, < 6)
+ activemodel (>= 4.1, < 6)
+ case_transform (>= 0.2)
+ jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
+ activejob (5.0.6)
+ activesupport (= 5.0.6)
  globalid (>= 0.3.6)
- activemodel (5.0.1)
- activesupport (= 5.0.1)
- activerecord (5.0.1)
- activemodel (= 5.0.1)
- activesupport (= 5.0.1)
+ activemodel (5.0.6)
+ activesupport (= 5.0.6)
+ activerecord (5.0.6)
+ activemodel (= 5.0.6)
+ activesupport (= 5.0.6)
  arel (~> 7.0)
- activesupport (5.0.1)
+ activesupport (5.0.6)
  concurrent-ruby (~> 1.0, >= 1.0.2)
  i18n (~> 0.7)
  minitest (~> 5.1)
  tzinfo (~> 1.1)
  arel (7.1.4)
- builder (3.2.2)
- coderay (1.1.1)
- concurrent-ruby (1.0.4)
+ bcrypt (3.1.11)
+ builder (3.2.3)
+ case_transform (0.2)
+ activesupport
+ coderay (1.1.2)
+ concurrent-ruby (1.0.5)
  coveralls (0.8.21)
  json (>= 1.8, < 3)
  simplecov (~> 0.14.1)
  term-ansicolor (~> 1.3)
  thor (~> 0.19.4)
  tins (~> 1.6)
- database_cleaner (1.5.3)
- diff-lcs (1.2.5)
+ crass (1.0.3)
+ database_cleaner (1.6.2)
+ diff-lcs (1.3)
  docile (1.1.5)
  erubis (2.7.0)
- factory_girl (4.7.0)
+ factory_girl (4.9.0)
  activesupport (>= 3.0.0)
- factory_girl_rails (4.7.0)
- factory_girl (~> 4.7.0)
+ factory_girl_rails (4.9.0)
+ factory_girl (~> 4.9.0)
  railties (>= 3.0.0)
- faker (1.6.6)
- i18n (~> 0.5)
- ffi (1.9.14)
- globalid (0.3.7)
- activesupport (>= 4.1.0)
- i18n (0.7.0)
+ faker (1.8.7)
+ i18n (>= 0.7)
+ ffi (1.9.18)
+ globalid (0.4.1)
+ activesupport (>= 4.2.0)
+ i18n (0.9.1)
+ concurrent-ruby (~> 1.0)
  json (2.1.0)
+ jsonapi-renderer (0.2.0)
+ jwt (2.1.0)
  listen (3.0.8)
  rb-fsevent (~> 0.9, >= 0.9.4)
  rb-inotify (~> 0.9, >= 0.9.7)
- loofah (2.0.3)
+ loofah (2.1.1)
+ crass (~> 1.0.2)
  nokogiri (>= 1.5.9)
- mail (2.6.4)
- mime-types (>= 1.16, < 4)
- method_source (0.8.2)
- mime-types (3.1)
- mime-types-data (~> 3.2015)
- mime-types-data (3.2016.0521)
- mini_portile2 (2.1.0)
- minitest (5.10.1)
- nio4r (1.2.1)
- nokogiri (1.6.8.1)
- mini_portile2 (~> 2.1.0)
- pry (0.10.4)
+ mail (2.7.0)
+ mini_mime (>= 0.1.1)
+ method_source (0.9.0)
+ mini_mime (1.0.0)
+ mini_portile2 (2.3.0)
+ minitest (5.11.1)
+ nio4r (2.2.0)
+ nokogiri (1.8.1)
+ mini_portile2 (~> 2.3.0)
+ pry (0.11.3)
  coderay (~> 1.1.0)
- method_source (~> 0.8.1)
- slop (~> 3.4)
- pry-rails (0.3.4)
- pry (>= 0.9.10)
- puma (3.6.2)
- rack (2.0.1)
+ method_source (~> 0.9.0)
+ pry-rails (0.3.6)
+ pry (>= 0.10.4)
+ puma (3.11.0)
+ rack (2.0.3)
  rack-test (0.6.3)
  rack (>= 1.0)
- rails (5.0.1)
- actioncable (= 5.0.1)
- actionmailer (= 5.0.1)
- actionpack (= 5.0.1)
- actionview (= 5.0.1)
- activejob (= 5.0.1)
- activemodel (= 5.0.1)
- activerecord (= 5.0.1)
- activesupport (= 5.0.1)
- bundler (>= 1.3.0, < 2.0)
- railties (= 5.0.1)
+ rails (5.0.6)
+ actioncable (= 5.0.6)
+ actionmailer (= 5.0.6)
+ actionpack (= 5.0.6)
+ actionview (= 5.0.6)
+ activejob (= 5.0.6)
+ activemodel (= 5.0.6)
+ activerecord (= 5.0.6)
+ activesupport (= 5.0.6)
+ bundler (>= 1.3.0)
+ railties (= 5.0.6)
  sprockets-rails (>= 2.0.0)
- rails-dom-testing (2.0.1)
- activesupport (>= 4.2.0, < 6.0)
- nokogiri (~> 1.6.0)
+ rails-dom-testing (2.0.3)
+ activesupport (>= 4.2.0)
+ nokogiri (>= 1.6)
  rails-html-sanitizer (1.0.3)
  loofah (~> 2.0)
- railties (5.0.1)
- actionpack (= 5.0.1)
- activesupport (= 5.0.1)
+ railties (5.0.6)
+ actionpack (= 5.0.6)
+ activesupport (= 5.0.6)
  method_source
  rake (>= 0.8.7)
  thor (>= 0.18.1, < 2.0)
- rake (12.0.0)
- rb-fsevent (0.9.8)
- rb-inotify (0.9.7)
- ffi (>= 0.5.0)
- rspec-core (3.5.4)
- rspec-support (~> 3.5.0)
- rspec-expectations (3.5.0)
+ rake (12.3.0)
+ rb-fsevent (0.10.2)
+ rb-inotify (0.9.10)
+ ffi (>= 0.5.0, < 2)
+ rspec-core (3.7.1)
+ rspec-support (~> 3.7.0)
+ rspec-expectations (3.7.0)
  diff-lcs (>= 1.2.0, < 2.0)
- rspec-support (~> 3.5.0)
- rspec-mocks (3.5.0)
+ rspec-support (~> 3.7.0)
+ rspec-mocks (3.7.0)
  diff-lcs (>= 1.2.0, < 2.0)
- rspec-support (~> 3.5.0)
- rspec-rails (3.5.2)
+ rspec-support (~> 3.7.0)
+ rspec-rails (3.7.2)
  actionpack (>= 3.0)
  activesupport (>= 3.0)
  railties (>= 3.0)
- rspec-core (~> 3.5.0)
- rspec-expectations (~> 3.5.0)
- rspec-mocks (~> 3.5.0)
- rspec-support (~> 3.5.0)
- rspec-support (3.5.0)
- shoulda-matchers (3.1.1)
+ rspec-core (~> 3.7.0)
+ rspec-expectations (~> 3.7.0)
+ rspec-mocks (~> 3.7.0)
+ rspec-support (~> 3.7.0)
+ rspec-support (3.7.0)
+ shoulda-matchers (3.1.2)
  activesupport (>= 4.0.0)
  simplecov (0.14.1)
  docile (~> 1.1.0)
  json (>= 1.8, < 3)
  simplecov-html (~> 0.10.0)
  simplecov-html (0.10.2)
- slop (3.6.0)
- spring (2.0.0)
+ spring (2.0.2)
  activesupport (>= 4.2)
  spring-watcher-listen (2.0.1)
  listen (>= 2.7, < 4.0)
  spring (>= 1.2, < 3.0)
  sprockets (3.7.1)
  concurrent-ruby (~> 1.0)
  rack (> 1, < 3)
- sprockets-rails (3.2.0)
+ sprockets-rails (3.2.1)
  actionpack (>= 4.0)
  activesupport (>= 4.0)
  sprockets (>= 3.0.0)
- sqlite3 (1.3.12)
+ sqlite3 (1.3.13)
  term-ansicolor (1.6.0)
  tins (~> 1.0)
  thor (0.19.4)
- thread_safe (0.3.5)
- tins (1.16.0)
- tzinfo (1.2.2)
+ thread_safe (0.3.6)
+ tins (1.16.3)
+ tzinfo (1.2.4)
  thread_safe (~> 0.1)
- websocket-driver (0.6.4)
+ websocket-driver (0.6.5)
  websocket-extensions (>= 0.1.0)
- websocket-extensions (0.1.2)
+ websocket-extensions (0.1.3)
+ will_paginate (3.1.6)
 
 PLATFORMS
  ruby
 
 DEPENDENCIES
+ active_model_serializers (~> 0.10.0)
+ bcrypt (~> 3.1.7)
  coveralls
  database_cleaner
  factory_girl_rails (~> 4.0)
  faker
+ jwt
  listen (~> 3.0.5)
  pry-rails
  puma (~> 3.0)
@@ -184,6 +197,7 @@ DEPENDENCIES
  spring-watcher-listen (~> 2.0.0)
  sqlite3
  tzinfo-data
+ will_paginate (~> 3.1.0)
 
 BUNDLED WITH
- 1.15.4
+ 1.16.0
diff --git a/app/auth/authenticate_user.rb b/app/auth/authenticate_user.rb
@@ -0,0 +1,23 @@
+class AuthenticateUser
+ def initialize(email, password)
+ @email = email
+ @password = password
+ end
+
+ # Service entry point
+ def call
+ JsonWebToken.encode(user_id: user.id) if user
+ end
+
+ private
+
+ attr_reader :email, :password
+
+ # verify user credentials
+ def user
+ user = User.find_by(email: email)
+ return user if user && user.authenticate(password)
+ # raise Authentication error if credentials are invalid
+ raise(ExceptionHandler::AuthenticationError, Message.invalid_credentials)
+ end
+end
diff --git a/app/auth/authorize_api_request.rb b/app/auth/authorize_api_request.rb
@@ -0,0 +1,42 @@
+class AuthorizeApiRequest
+ def initialize(headers = {})
+ @headers = headers
+ end
+
+ # Service entry point - return valid user object
+ def call
+ {
+ user: user
+ }
+ end
+
+ private
+
+ attr_reader :headers
+
+ def user
+ # check if user is in the database
+ # memoize user object
+ @user ||= User.find(decoded_auth_token[:user_id]) if decoded_auth_token
+ # handle user not found
+ rescue ActiveRecord::RecordNotFound => e
+ # raise custom error
+ raise(
+ ExceptionHandler::InvalidToken,
+ ("#{Message.invalid_token} #{e.message}")
+ )
+ end
+
+ # decode authentication token
+ def decoded_auth_token
+ @decoded_auth_token ||= JsonWebToken.decode(http_auth_header)
+ end
+
+ # check for token in `Authorization` header
+ def http_auth_header
+ if headers['Authorization'].present?
+ return headers['Authorization'].split(' ').last
+ end
+ raise(ExceptionHandler::MissingToken, Message.missing_token)
+ end
+end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -1,4 +1,15 @@
 class ApplicationController < ActionController::API
  include Response
  include ExceptionHandler
+
+ # called before every action on controllers
+ before_action :authorize_request
+ attr_reader :current_user
+
+ private
+
+ # Check for valid request token and return user
+ def authorize_request
+ @current_user = (AuthorizeApiRequest.new(request.headers).call)[:user]
+ end
 end