Milestone 11: API Endpoints

Gemfile

@@ -15,11 +15,6 @@ gem 'sprockets-rails'
 # Use postgresql as the database for Active Record
 gem 'pg', '~> 1.1'
 
-# Use devise for authentication
-gem 'devise'
-
-# Use CanCanCan for authorization
-gem 'cancancan'
 # Use the Puma web server [https://github.com/puma/puma]
 gem 'puma', '~> 5.0'
 
@@ -83,3 +78,12 @@ group :test do
   gem 'selenium-webdriver'
   gem 'webdrivers'
 end
+
+# Use devise for authentication
+gem 'devise'
+gem 'devise-jwt'
+
+# Use CanCanCan for authorization
+gem 'cancancan'
+
+gem 'rack-cors', '~> 1.1', '>= 1.1.1'

Gemfile.lock

@@ -99,7 +99,19 @@ GEM
       railties (>= 4.1.0)
       responders
       warden (~> 1.2.3)
+    devise-jwt (0.10.0)
+      devise (~> 4.0)
+      warden-jwt_auth (~> 0.6)
     diff-lcs (1.5.0)
+    dry-auto_inject (1.0.0)
+      dry-core (~> 1.0, < 2)
+      zeitwerk (~> 2.6)
+    dry-configurable (1.0.1)
+      dry-core (~> 1.0, < 2)
+      zeitwerk (~> 2.6)
+    dry-core (1.0.0)
+      concurrent-ruby (~> 1.0)
+      zeitwerk (~> 2.6)
     erubi (1.12.0)
     globalid (1.0.0)
       activesupport (>= 5.0)
@@ -115,6 +127,7 @@ GEM
       actionview (>= 5.0.0)
       activesupport (>= 5.0.0)
     json (2.6.3)
+    jwt (2.7.0)
     loofah (2.19.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
@@ -153,6 +166,8 @@ GEM
       nio4r (~> 2.0)
     racc (1.6.2)
     rack (2.2.5)
+    rack-cors (1.1.1)
+      rack (>= 2.0.0)
     rack-test (2.0.2)
       rack (>= 1.3)
     rails (7.0.4)
@@ -250,6 +265,11 @@ GEM
     uniform_notifier (1.16.0)
     warden (1.2.9)
       rack (>= 2.0.9)
+    warden-jwt_auth (0.8.0)
+      dry-auto_inject (>= 0.8, < 2)
+      dry-configurable (>= 0.13, < 2)
+      jwt (~> 2.1)
+      warden (~> 1.2)
     web-console (4.2.0)
       actionview (>= 6.0.0)
       activemodel (>= 6.0.0)
@@ -278,10 +298,12 @@ DEPENDENCIES
   capybara
   debug
   devise
+  devise-jwt
   importmap-rails
   jbuilder
   pg (~> 1.1)
   puma (~> 5.0)
+  rack-cors (~> 1.1, >= 1.1.1)
   rails (~> 7.0.4)
   rails-controller-testing
   rspec-rails

README.md

@@ -14,6 +14,7 @@
   - [Usage](#usage)
    - [Run Test](#run-tests)
   - [Run Linters](#run-tests)
+  - [Run Endpoints](#Api-Endpoint-Testing)
 - [👥 Authors](#authors)
 - [🔭 Future Features](#future-features)
 - [🤝 Contributing](#contributing)
@@ -117,6 +118,32 @@ OR
 
 **it will automatically correct the errors**
 
+
+### Api-Endpoint-Testing
+
+- Add user to database using(postman) on this path
+`http://localhost:3000/api/v1/register`
+```first_user = User.create(
+  name: "Tom",
+  photo: "https://res.cloudinary.com/dxsom7jmx/image/upload/v1674721420/Meta%20tags/girl-2696947_1280_2_ct8ivd.jpg",
+  bio: "Teacher from Mexico.",
+  email: "tom@apple.com",
+  password: "mysecret@12",
+  password_confirmation: "mysecret@12",
+  role: "admin",
+  jti: "sdhfsh64y4" )
+  ```
+
+  - Check your teminal for comfirmation link to verify account
+  - Check out terminal after verification to copy the jti key generated dusring sign up
+  - Add the copied jti key in this directory `config/devise.rb` on line `312` after the sacret
+  - Open postman and navigate to this routes `http://localhost:3000/api/v1/login`
+  add your login details as body and make a POST request to log in
+  - Click on `headers` and copy the authentication key
+  - Make a GET request to this path `http://localhost:3000/api/v1/users/`
+  and add the authentication key you copied as a bearer token to get access to database
+
+
 <p align="right">(<a href="#readme-top">back to top</a>)</p>
 
 <!-- AUTHORS -->

app/controllers/api/v1/application_controller.rb

@@ -0,0 +1,19 @@
+class Api::V1::ApplicationController < ActionController::API
+  include Response
+  include ExceptionHandler
+  before_action :authenticate_user!
+  before_action :configure_permitted_parameters, if: :devise_controller?
+
+  respond_to :json
+
+  protected
+
+  def configure_permitted_parameters
+    devise_parameter_sanitizer.permit(:sign_up) do |u|
+      u.permit(:name, :email, :password, :password_confirmation)
+    end
+    devise_parameter_sanitizer.permit(:sign_in) do |u|
+      u.permit(:email, :password)
+    end
+  end
+end

app/controllers/api/v1/comments_controller.rb

@@ -0,0 +1,23 @@
+class Api::V1::CommentsController < Api::V1::ApplicationController
+  def index
+    comment = Comment.all.where(author_id: params[:user_id], post_id: params[:post_id]).includes(:author)
+    render json: comment
+  end
+
+  def create
+    @comment = Comment.new(comment_params)
+    @comment.author = current_user
+    @comment.post_id = params[:post_id]
+    if @comment.save
+      render json: @comment, status: :created
+    else
+      render json: @comment.errors, status: :unprocessable_entity
+    end
+  end
+
+  private
+
+  def comment_params
+    params.permit(:text)
+  end
+end

app/controllers/api/v1/posts_controller.rb

@@ -0,0 +1,14 @@
+class Api::V1::PostsController < ApplicationController
+  def index
+    user = User.find(params[:user_id])
+    post = user.posts
+    render json: post
+  end
+
+  def show
+    @user = User.find(params[:user_id])
+    @posts = Post.find(params[:id])
+    @comments = @posts.comments.includes([:author])
+    render json: @comments
+  end
+end

app/controllers/api/v1/users/likes_controller.rb

@@ -0,0 +1,11 @@
+class LikesController < ApplicationController
+  def new
+    @like = Like.new
+  end
+
+  def create
+    @like = Like.new(post_id: params[:id], author: current_user)
+    @like.save
+    redirect_to user_post_path(current_user.id, params[:id])
+  end
+end

app/controllers/api/v1/users/registrations_controller.rb

@@ -0,0 +1,83 @@
+class Api::V1::Users::RegistrationsController < Devise::RegistrationsController
+  skip_before_action :verify_authentically_token, raise: false
+  protect_from_forgery with: :null_session
+
+  respond_to :json
+
+  private
+
+  def respond_with(resource, _opts = {})
+    p resource
+    resource.persisted? ? register_success : register_failed
+  end
+
+  def register_success
+    render json: {
+      status: 200,
+      message: 'Signed up successfully.'
+    }, status: ok
+  end
+
+  def register_failed
+    render json: {
+      status: 422,
+      message: "Signed up failure. #{resource.errors.full_messages.to_sentence}"
+    }, status: :unprocessable_entity
+  end
+
+  # GET /resource/sign_up
+  # def new
+  #   super
+  # end
+
+  # POST /resource
+  # def create
+  #   super
+  # end
+
+  # GET /resource/edit
+  # def edit
+  #   super
+  # end
+
+  # PUT /resource
+  # def update
+  #   super
+  # end
+
+  # DELETE /resource
+  # def destroy
+  #   super
+  # end
+
+  # GET /resource/cancel
+  # Forces the session data which is usually expired after sign
+  # in to be expired now. This is useful if the user wants to
+  # cancel oauth signing in/up in the middle of the process,
+  # removing all OAuth session data.
+  # def cancel
+  #   super
+  # end
+
+  # protected
+
+  # If you have extra params to permit, append them to the sanitizer.
+  # def configure_sign_up_params
+  #   devise_parameter_sanitizer.permit(:sign_up, keys: [:attribute])
+  # end
+
+  # If you have extra params to permit, append them to the sanitizer.
+  # def configure_account_update_params
+  #   devise_parameter_sanitizer.permit(:account_update, keys: [:attribute])
+  # end
+
+  # The path used after sign up.
+  # def after_sign_up_path_for(resource)
+  #   super(resource)
+  # end
+
+  # The path used after sign up for inactive accounts.
+  # def after_inactive_sign_up_path_for(resource)
+  #   super(resource)
+  # end
+end

app/controllers/api/v1/users/sessions_controller.rb

@@ -0,0 +1,78 @@
+class Api::V1::Users::SessionsController < Devise::SessionsController
+  skip_before_action :verify_authentically_token, raise: false
+  respond_to :json
+
+  private
+
+  def respond_with(_resource, _opts = {})
+    current_user ? log_in_success : log_in_failure
+  end
+
+  def respond_to_on_destroy
+    if request.headers['Authorization'].present?
+      jwt_payload = JWT.decode(request.headers['Authorization'].split.last, ENV.fetch('DEVISE_JWT_SECRET_KEY')).first
+
+      current_user = User.find(jwt_payload['sub'])
+
+      current_user ? log_out_success : log_out_failure
+    else
+      log_out_failure
+    end
+  end
+
+  def log_in_success
+    render json: {
+      status: {
+        code: 200,
+        message: 'Logged in successfully.',
+        data: current_user
+      }
+    }, status: :ok
+  end
+
+  def log_in_failure
+    render json: {
+      status: {
+        code: 401,
+        message: "Logged in failure. #{resource.errors.full_messages.to_sentence}",
+        data: current_user
+      }
+    }, status: :unauthorized
+  end
+
+  def log_out_success
+    render json: {
+      status: 200,
+      message: 'Logged out successfully.'
+    }, status: :ok
+  end
+
+  def log_out_failure
+    render json: {
+      status: 401,
+      message: 'Logged out failure.'
+    }, status: :unauthorized
+  end
+
+  # GET /resource/sign_in
+  # def new
+  #   super
+  # end
+
+  # POST /resource/sign_in
+  # def create
+  #   super
+  # end
+
+  # DELETE /resource/sign_out
+  # def destroy
+  #   super
+  # end
+
+  # protected
+
+  # If you have extra params to permit, append them to the sanitizer.
+  # def configure_sign_in_params
+  #   devise_parameter_sanitizer.permit(:sign_in, keys: [:attribute])
+  # end
+end

app/controllers/api/v1/users_controller.rb

@@ -0,0 +1,12 @@
+class Api::V1::UsersController < Api::V1::ApplicationController
+  def index
+    @users = User.all
+
+    render json: @users
+  end
+
+  def show
+    @user = User.find(params[:id])
+    render json: @user
+  end
+end

app/controllers/application_controller.rb

@@ -1,5 +1,8 @@
 class ApplicationController < ActionController::Base
-  before_action :authenticate_user!
+  # before_action :authenticate_user!
+  # protect_from_forgery Prepend: true
+  # protect_from_forgery with: :exception, prepend: true
+  protect_from_forgery with: :null_session
   before_action :configure_permitted_parameters, if: :devise_controller?
 
   protected

app/controllers/concerns/exception_handler.rb

@@ -0,0 +1,12 @@
+module ExceptionHandler
+  extend ActiveSupport::Concern
+  included do
+    rescue_from ActiveRecord::RecordNotFound do |e|
+      json_response({ message: e.message }, :not_found)
+    end
+
+    rescue_from ActiveRecord::RecordInvalid do |e|
+      json_response({ message: e.message }, :unprocessable_entity)
+    end
+  end
+end