Merge pull request #76 from it3s/api

Api

app/controllers/api/v1/api_controller.rb

@@ -0,0 +1,28 @@
+module API
+  module V1
+    class APIController < ApplicationController
+
+      before_action :authenticate_or_resquest
+
+      respond_to :json, :xml
+
+      def show
+        respond_with model.find(params[:id])
+      end
+
+      def index
+        respond_with model.all
+      end
+
+      protected
+
+        # curl -H "Authorization: Token token=usertokengoeshere" http://...
+        def authenticate_or_resquest
+          authenticate_or_request_with_http_token do |token, opt|
+            User.find_by(auth_token: token).present?
+          end
+        end
+
+    end
+  end
+end

app/controllers/api/v1/geo_data_controller.rb

@@ -0,0 +1,9 @@
+module API
+  module V1
+    class GeoDataController < APIController
+
+      def model; GeoData end
+
+    end
+  end
+end

app/controllers/api/v1/maps_controller.rb

@@ -0,0 +1,9 @@
+module API
+  module V1
+    class MapsController < APIController
+
+      def model; Map end
+
+    end
+  end
+end

app/controllers/api/v1/users_controller.rb

@@ -0,0 +1,9 @@
+module API
+  module V1
+    class UsersController < APIController
+
+      def model; User end
+
+    end
+  end
+end

app/models/user.rb

@@ -27,6 +27,8 @@ class User < ActiveRecord::Base
   validates :password,          length:       {minimum: 6}, on: :create
   validates :license_aggrement, acceptance:   true,         on: :create
 
+  before_create :set_auth_token
+
   def send_activation_email
     UserMailer.delay.activation_email(id, I18n.locale)
   end
@@ -51,4 +53,15 @@ def notifications
   def unread_notifications_count
     Notification.where(user: self, status: "unread").count
   end
+
+  private
+
+    def set_auth_token
+      return if auth_token.present?
+      self.auth_token = generate_auth_token
+    end
+
+    def generate_auth_token
+      SecureRandom.uuid.gsub /\-/, ''
+    end
 end

app/serializers/base_serializer.rb

@@ -1,7 +1,7 @@
 module BaseSerializer
   extend ActiveSupport::Concern
 
-  def to_json
+  def to_json(ctx=nil)
     serializable_hash.to_json
   end
 

app/serializers/user_serializer.rb

@@ -0,0 +1,15 @@
+class UserSerializer < ActiveModel::Serializer
+  include BaseSerializer
+
+  attributes :id, :name, :about_me, :language, :location, :contacts,
+             :interests, :avatar, :created_at, :active
+
+  def active
+    object.activation_state == 'active'
+  end
+
+  def avatar
+    object.avatar_url
+  end
+
+end

config/initializers/inflections.rb

@@ -17,4 +17,5 @@
 ActiveSupport::Inflector.inflections do |inflect|
   inflect.irregular 'geo_data', 'geo_data'
   inflect.irregular 'relation_metadata', 'relation_metadata'
+  inflect.acronym 'API'
 end

config/routes.rb

@@ -92,6 +92,14 @@
     post :revert, on: :member
   end
 
+  namespace :api do
+    namespace :v1 do
+      resources :geo_data, only: [:show, :index]
+      resources :maps,     only: [:show, :index]
+      resources :users,    only: [:show]
+    end
+  end
+
   if Rails.env.development?
     mount LetterOpenerWeb::Engine, at: "/letter_opener"
   end

db/migrate/20140908010847_add_auth_token_to_users.rb

@@ -0,0 +1,8 @@
+class AddAuthTokenToUsers < ActiveRecord::Migration
+  def change
+    change_table :users do |t|
+      t.string :auth_token
+    end
+    add_index :users, :auth_token
+  end
+end

db/schema.rb

@@ -11,13 +11,12 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20140905181858) do
+ActiveRecord::Schema.define(version: 20140908010847) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
-  enable_extension "hstore"
-  enable_extension "uuid-ossp"
   enable_extension "postgis"
+  enable_extension "hstore"
   enable_extension "pg_trgm"
   enable_extension "fuzzystrmatch"
 
@@ -173,22 +172,23 @@
     t.string   "remember_me_token"
     t.datetime "remember_me_token_expires_at"
     t.text     "interests",                                                                default: [],              array: true
+    t.string   "auth_token"
   end
 
   add_index "users", ["activation_token"], :name => "index_users_on_activation_token"
+  add_index "users", ["auth_token"], :name => "index_users_on_auth_token"
   add_index "users", ["email"], :name => "index_users_on_email", :unique => true
   add_index "users", ["interests"], :name => "index_users_on_interests"
   add_index "users", ["location"], :name => "index_users_on_location", :spatial => true
   add_index "users", ["remember_me_token"], :name => "index_users_on_remember_me_token"
   add_index "users", ["reset_password_token"], :name => "index_users_on_reset_password_token"
 
   create_table "versions", force: true do |t|
-    t.string   "item_type",      null: false
-    t.integer  "item_id",        null: false
-    t.string   "event",          null: false
+    t.string   "item_type",  null: false
+    t.integer  "item_id",    null: false
+    t.string   "event",      null: false
     t.string   "whodunnit"
     t.text     "object"
-    t.text     "object_changes"
     t.datetime "created_at"
   end
 

spec/models/user_spec.rb

@@ -124,4 +124,10 @@
     it { expect(User.with_interests(['aa', 'bb']).count).to eq 1}
     it { expect(User.with_interests(['aa', 'bb'], :any).count).to eq 3}
   end
+
+  describe "auth_token" do
+    before { FactoryGirl.create :user }
+
+    it { expect(user.auth_token).to_not be nil }
+  end
 end

spec/requests/api/v1/geo_data_spec.rb

@@ -0,0 +1,72 @@
+require 'spec_helper'
+
+describe "API::V1::GeoData" do
+  let(:geo_data) { FactoryGirl.create :geo_data }
+  let(:user) { FactoryGirl.create :user }
+
+  describe "GET show" do
+    describe "deny non authenticated requests" do
+      it "401 unauthorized when auth_token is empty" do
+        get "/api/v1/geo_data/#{geo_data.id}"
+        expect(response.status).to eq 401
+        expect(response.body).to match 'HTTP Token: Access denied.'
+      end
+      it "401 unauthorized when auth_token is invalid" do
+        get "/api/v1/geo_data/#{geo_data.id}", {}, {'Authorization'=>"Token token=fake_token"}
+        expect(response.status).to eq 401
+        expect(response.body).to match 'HTTP Token: Access denied.'
+      end
+    end
+
+    context "authenticated" do
+      before { get "/api/v1/geo_data/#{geo_data.id}", {}, headers }
+
+      context "json" do
+        let(:headers) { {'Authorization'=>"Token token=#{user.auth_token}", "Accept"=>Mime::JSON} }
+
+        it { expect(response.status).to eq 200 }
+        it { expect(response.content_type).to eq Mime::JSON }
+      end
+
+      context "xml" do
+        let(:headers) { {'Authorization'=>"Token token=#{user.auth_token}", "Accept"=>Mime::XML} }
+
+        it { expect(response.status).to eq 200 }
+        it { expect(response.content_type).to eq Mime::XML }
+      end
+    end
+  end
+
+  describe "GET index" do
+    describe "deny non authenticated requests" do
+      it "401 unauthorized when auth_token is empty" do
+        get "/api/v1/geo_data"
+        expect(response.status).to eq 401
+        expect(response.body).to match 'HTTP Token: Access denied.'
+      end
+      it "401 unauthorized when auth_token is invalid" do
+        get "/api/v1/geo_data", {}, {'Authorization'=>"Token token=fake_token"}
+        expect(response.status).to eq 401
+        expect(response.body).to match 'HTTP Token: Access denied.'
+      end
+    end
+
+    context "authenticated" do
+      before { get "/api/v1/geo_data", {}, headers }
+
+      context "json" do
+        let(:headers) { {'Authorization'=>"Token token=#{user.auth_token}", "Accept"=>Mime::JSON} }
+
+        it { expect(response.status).to eq 200 }
+        it { expect(response.content_type).to eq Mime::JSON }
+      end
+
+      context "xml" do
+        let(:headers) { {'Authorization'=>"Token token=#{user.auth_token}", "Accept"=>Mime::XML} }
+
+        it { expect(response.status).to eq 200 }
+        it { expect(response.content_type).to eq Mime::XML }
+      end
+    end
+  end
+end

spec/requests/api/v1/maps_spec.rb

@@ -0,0 +1,72 @@
+require 'spec_helper'
+
+describe "API::V1::Maps" do
+  let(:map) { FactoryGirl.create :map }
+  let(:user) { FactoryGirl.create :user }
+
+  describe "GET show" do
+    describe "deny non authenticated requests" do
+      it "401 unauthorized when auth_token is empty" do
+        get "/api/v1/maps/#{map.id}"
+        expect(response.status).to eq 401
+        expect(response.body).to match 'HTTP Token: Access denied.'
+      end
+      it "401 unauthorized when auth_token is invalid" do
+        get "/api/v1/maps/#{map.id}", {}, {'Authorization'=>"Token token=fake_token"}
+        expect(response.status).to eq 401
+        expect(response.body).to match 'HTTP Token: Access denied.'
+      end
+    end
+
+    context "authenticated" do
+      before { get "/api/v1/maps/#{map.id}", {}, headers }
+
+      context "json" do
+        let(:headers) { {'Authorization'=>"Token token=#{user.auth_token}", "Accept"=>Mime::JSON} }
+
+        it { expect(response.status).to eq 200 }
+        it { expect(response.content_type).to eq Mime::JSON }
+      end
+
+      context "xml" do
+        let(:headers) { {'Authorization'=>"Token token=#{user.auth_token}", "Accept"=>Mime::XML} }
+
+        it { expect(response.status).to eq 200 }
+        it { expect(response.content_type).to eq Mime::XML }
+      end
+    end
+  end
+
+  describe "GET index" do
+    describe "deny non authenticated requests" do
+      it "401 unauthorized when auth_token is empty" do
+        get "/api/v1/maps"
+        expect(response.status).to eq 401
+        expect(response.body).to match 'HTTP Token: Access denied.'
+      end
+      it "401 unauthorized when auth_token is invalid" do
+        get "/api/v1/maps", {}, {'Authorization'=>"Token token=fake_token"}
+        expect(response.status).to eq 401
+        expect(response.body).to match 'HTTP Token: Access denied.'
+      end
+    end
+
+    context "authenticated" do
+      before { get "/api/v1/maps", {}, headers }
+
+      context "json" do
+        let(:headers) { {'Authorization'=>"Token token=#{user.auth_token}", "Accept"=>Mime::JSON} }
+
+        it { expect(response.status).to eq 200 }
+        it { expect(response.content_type).to eq Mime::JSON }
+      end
+
+      context "xml" do
+        let(:headers) { {'Authorization'=>"Token token=#{user.auth_token}", "Accept"=>Mime::XML} }
+
+        it { expect(response.status).to eq 200 }
+        it { expect(response.content_type).to eq Mime::XML }
+      end
+    end
+  end
+end

spec/requests/api/v1/users_spec.rb

@@ -0,0 +1,39 @@
+require 'spec_helper'
+
+describe "API::V1::Users" do
+  let(:user) { FactoryGirl.create :user }
+
+  describe "GET show" do
+    describe "deny non authenticated requests" do
+      it "401 unauthorized when auth_token is empty" do
+        get "/api/v1/users/#{user.id}"
+        expect(response.status).to eq 401
+        expect(response.body).to match 'HTTP Token: Access denied.'
+      end
+      it "401 unauthorized when auth_token is invalid" do
+        get "/api/v1/users/#{user.id}", {}, {'Authorization'=>"Token token=fake_token"}
+        expect(response.status).to eq 401
+        expect(response.body).to match 'HTTP Token: Access denied.'
+      end
+    end
+
+    context "authenticated" do
+      before { get "/api/v1/users/#{user.id}", {}, headers }
+
+      context "json" do
+        let(:headers) { {'Authorization'=>"Token token=#{user.auth_token}", "Accept"=>Mime::JSON} }
+
+        it { expect(response.status).to eq 200 }
+        it { expect(response.content_type).to eq Mime::JSON }
+      end
+
+      context "xml" do
+        let(:headers) { {'Authorization'=>"Token token=#{user.auth_token}", "Accept"=>Mime::XML} }
+
+        it { expect(response.status).to eq 200 }
+        it { expect(response.content_type).to eq Mime::XML }
+      end
+    end
+  end
+
+end