Merge pull request #157 from Ches-ctrl/2024-05-07-add-post-api

2024 05 07 add post api
Ches-ctrl · May 23, 2024 · 037a71c · 037a71c
2 parents 53fa635 + 8929f21
commit 037a71c
Show file tree

Hide file tree

Showing 8 changed files with 149 additions and 2 deletions.
diff --git a/.github/workflows/rubyonrails.yml b/.github/workflows/rubyonrails.yml
@@ -28,6 +28,8 @@ jobs:
           POSTGRES_PASSWORD: password
     env:
       SCRAPEUP_API_KEY: ${{ secrets.SCRAPEUP_API_KEY }}
+      CHROME_EXTENSION_API_KEY: ${{ secrets.CHROME_EXTENSION_API_KEY }}
+      CHROME_EXTENSION_ORIGIN: ${{ secrets.CHROME_EXTENSION_ORIGIN }}
       RAILS_ENV: test
       DATABASE_URL: "postgres://rails:password@localhost:5432/rails_test"
     steps:

diff --git a/Gemfile b/Gemfile
@@ -54,6 +54,9 @@ gem "font-awesome-sass", "~> 6.5.1"
 gem "simple_form"
 gem 'psych', "~> 4.0" # Extra gem as per Le Wagon setup for Linux laptops
 
+# Middleware
+gem 'rack-cors'
+
 # Testing
 gem "capybara"
 gem "selenium-webdriver", "~> 4.18.1"

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -278,6 +278,8 @@ GEM
     raabro (1.4.0)
     racc (1.7.3)
     rack (2.2.9)
+    rack-cors (2.0.2)
+      rack (>= 2.0.0)
     rack-session (1.0.2)
       rack (< 3)
     rack-test (2.1.0)
@@ -509,6 +511,7 @@ DEPENDENCIES
   pg_search
   psych (~> 4.0)
   puma (>= 6.4.2)
+  rack-cors
   rails (~> 7.1.2)
   rails-html-sanitizer
   rspec-rails (~> 6.1.0)

diff --git a/app/controllers/api/v0/jobs_controller.rb b/app/controllers/api/v0/jobs_controller.rb
@@ -0,0 +1,52 @@
+module Api
+  module V0
+    class JobsController < ApplicationController
+      skip_before_action :verify_authenticity_token, only: :add_job
+      before_action :authenticate_user!
+      before_action :authenticate_with_api_key
+      before_action :verify_request_origin
+
+      def add_job
+        posting_url = params[:posting_url]
+
+        if posting_url.present?
+          process_job_posting(posting_url)
+        else
+          render json: { message: 'Post API connected but no posting_url' }, status: :bad_request
+        end
+      end
+
+      private
+
+      def authenticate_with_api_key
+        api_key = request.headers['X-Api-Key']
+        render json: { error: 'Unauthorized API key' }, status: :unauthorized unless valid_api_key?(api_key)
+      end
+
+      def valid_api_key?(api_key)
+        api_key == ENV.fetch('CHROME_EXTENSION_API_KEY')
+      end
+
+      def verify_request_origin
+        origin = request.headers['Origin']
+        render json: { error: 'Unauthorized origin' }, status: :unauthorized unless valid_origin?(origin)
+      end
+
+      def valid_origin?(origin)
+        origin == ENV.fetch('CHROME_EXTENSION_ORIGIN')
+      end
+
+      def process_job_posting(posting_url)
+        render json: { message: 'Received but not a GH job' }, status: :ok and return unless posting_url.include?('greenhouse')
+
+        Rails.logger.info("Processing job posting: #{posting_url}")
+
+        if CreateJobFromUrl.perform_later(posting_url)
+          render json: { message: 'Job creation queued successfully' }, status: :ok
+        else
+          render json: { error: 'Failed to queue job creation' }, status: :unprocessable_entity
+        end
+      end
+    end
+  end
+end
diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb
@@ -0,0 +1,6 @@
+Rails.application.config.middleware.insert_before 0, Rack::Cors do
+  allow do
+    origins 'chrome-extension://ioffpdelmlddmepimkcadfmmhfhocgkm'
+    resource '/api/v0/add_job', headers: :any, methods: [:post]
+  end
+end
diff --git a/config/routes.rb b/config/routes.rb
@@ -16,6 +16,13 @@
 
   get "up" => "rails/health#show", as: :rails_health_check
 
+  # API
+  namespace :api do
+    namespace :v0 do
+      post 'add_job', to: 'jobs#add_job'
+    end
+  end
+
   # Pages
   root to: "pages#home"
   get 'landing', to: 'pages#landing', as: 'landing'
@@ -52,5 +59,4 @@
 
   resources :saved_jobs, only: [:index, :show, :destroy]
   resources :educations, only: [:new, :create]
-
 end
diff --git a/spec/controllers/api/v0/jobs_spec.rb b/spec/controllers/api/v0/jobs_spec.rb
@@ -0,0 +1,75 @@
+require 'rails_helper'
+
+RSpec.describe Api::V0::JobsController, type: :controller, api: true do
+  describe 'POST #add_job' do
+    let(:user) { FactoryBot.create(:user) }
+
+    context 'with valid API key, origin, and user session' do
+      before do
+        sign_in user
+        request.headers['X-Api-Key'] = ENV.fetch('CHROME_EXTENSION_API_KEY')
+        request.headers['Origin'] = ENV.fetch('CHROME_EXTENSION_ORIGIN')
+        post :add_job, params: { posting_url: 'https://example.com/job' }
+      end
+
+      it 'returns a successful response' do
+        expect(response).to have_http_status(:ok)
+      end
+
+      it 'returns a JSON response with a success message' do
+        json_response = JSON.parse(response.body)
+        expect(json_response['message']).to eq('Received but not a GH job')
+      end
+    end
+
+    context 'without user session' do
+      before do
+        request.headers['X-Api-Key'] = ENV.fetch('CHROME_EXTENSION_API_KEY')
+        request.headers['Origin'] = ENV.fetch('CHROME_EXTENSION_ORIGIN')
+        post :add_job, params: { posting_url: 'https://example.com/job' }
+      end
+
+      it 'returns found' do
+        expect(response).to have_http_status(:found)
+      end
+    end
+
+    context 'with invalid API key' do
+      before do
+        sign_in user
+        request.headers['X-Api-Key'] = 'invalid_api_key'
+        request.headers['Origin'] = ENV.fetch('CHROME_EXTENSION_ORIGIN')
+      end
+
+      it 'returns an unauthorized response' do
+        post :add_job
+        expect(response).to have_http_status(:unauthorized)
+      end
+
+      it 'returns a JSON response with an error message' do
+        post :add_job
+        json_response = JSON.parse(response.body)
+        expect(json_response['error']).to eq('Unauthorized API key')
+      end
+    end
+
+    context 'with invalid origin' do
+      before do
+        sign_in user
+        request.headers['X-Api-Key'] = ENV.fetch('CHROME_EXTENSION_API_KEY')
+        request.headers['Origin'] = 'invalid_origin'
+      end
+
+      it 'returns an unauthorized response' do
+        post :add_job
+        expect(response).to have_http_status(:unauthorized)
+      end
+
+      it 'returns a JSON response with an error message' do
+        post :add_job
+        json_response = JSON.parse(response.body)
+        expect(json_response['error']).to eq('Unauthorized origin')
+      end
+    end
+  end
+end
diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb
@@ -73,5 +73,5 @@
   # arbitrary gems may also be filtered via:
   # config.filter_gems_from_backtrace("gem name")
 
-  # config.include Devise::Test::ControllerHelpers, type: :controller
+  config.include Devise::Test::ControllerHelpers, type: :controller
 end