Kalunge/create new user account api endpoint #48
Conversation
|
Visit the preview URL for this PR (updated for commit 363973c): https://moringa-library--pr48-kalunge-create-new-u-e30r6l4w.web.app (expires Thu, 30 Mar 2023 08:59:35 GMT) 🔥 via Firebase Hosting GitHub Action 🌎 Sign: 28c4ac8715d663d94559951bf1a9d3f1dcb7979f |
There was a problem hiding this comment.
Hello @Kalunge, great initial PR.
There are some changes I have requested in the comments.
The database migration files will be ready by tomorrow so that you can use the validation errors that have been added. In the meantime, you can work on any of the comments that do not need the user db models right now.
| require 'sinatra' | ||
| require 'jwt' | ||
|
|
There was a problem hiding this comment.
Since we are using Rack, we do not need the require statements at the top. Everything will be automatically set up by the bundler. Ensure the gems are listed in the Gemfile and everything should work accordingly.
| require 'sinatra' | ||
| require 'jwt' | ||
|
|
||
| class UserController < Sinatra::Base |
There was a problem hiding this comment.
Instead of inheriting Sinatra::Base in every controller, inherit the Base Controller, it will have all the header options and formatting methods by default. You won't need to set them up afresh in every single controller.
| require 'jwt' | ||
|
|
||
| class UserController < Sinatra::Base | ||
| JWT_SECRET = 'my$ecretK3y' |
There was a problem hiding this comment.
Kindly store your JWT_SECRET in an environment variable.
Secrets should not be exposed directly in code.
| # @API: Enable CORS headers from all origins | ||
| configure do | ||
| enable :cross_origin | ||
| end | ||
|
|
||
| before do | ||
| response.headers['Access-Control-Allow-Origin'] = '*' | ||
| end | ||
|
|
||
| options '*' do | ||
| response.headers['Allow'] = 'GET, PUT, POST, DELETE, OPTIONS' | ||
| response.headers['Access-Control-Allow-Headers'] = 'Authorization, Content-Type, Accept, X-User-Email, X-Auth-Token' | ||
| response.headers['Access-Control-Allow-Origin'] = '*' | ||
| 200 | ||
| end | ||
|
|
||
| # @API: Format all JSON responses | ||
| def json_response(code: 200, data: nil) | ||
| status = [200, 201].include?(code) ? 'SUCCESS' : 'FAILED' | ||
| headers['Content-Type'] = 'application/json' | ||
| return unless data | ||
|
|
||
| [code, { data: data, message: status }.to_json] | ||
| end | ||
|
|
||
| # @API: Format all common error responses as JSON (thrown errors) | ||
| def error_response(err:, code: 422) | ||
| json_response(code: code, data: { error: err.message }) | ||
| end | ||
|
|
||
| # @API: 404 handler | ||
| not_found do | ||
| json_response(code: 404, data: { error: 'You seem lost. That page does not exist!' }) | ||
| end |
There was a problem hiding this comment.
Once you inherit the BaseController, all these methods are no longer needed. You can safely delete these methods.
| if email.nil? || password.nil? | ||
| error_response(err: 'Email and password are required') | ||
| end |
There was a problem hiding this comment.
You can omit these checks since you will have been provided with validations on the model already. The validations will have customized error messages already.
| payload = { email: email } | ||
| token = JWT.encode payload, JWT_SECRET, 'HS256' |
There was a problem hiding this comment.
You can generate the JWT token after the user is successfully registered. You can move this code after you've created a valid user account.
Also, please make sure you add a timeout for the token. (You can have it set at 6 hours)
This pull request adds a user registration endpoint to the Sinatra application. The endpoint accepts a POST request with JSON data containing the user's email and password. Upon successful registration, a JSON Web Token (JWT) is generated for the user, which can be used to authenticate future requests. The UserController class has been created to handle the /register endpoint. The class includes error handling for missing email and password fields in the JSON data, allows cross-origin requests, and generates a JWT token for the user upon successful registration.
Changes Made