Release 0.0.2

Igorxp5 · Oct 31, 2019 · 9e8f39b · 9e8f39b
2 parents 2dd9c9f + 67b6224
commit 9e8f39b
Show file tree

Hide file tree

Showing 55 changed files with 1,562 additions and 447 deletions.
diff --git a/api/.rspec b/api/.rspec
@@ -0,0 +1 @@
+--require spec_helper
diff --git a/api/Gemfile b/api/Gemfile
@@ -16,6 +16,7 @@ gem 'puma', '~> 3.11'
 
 # Use Json Web Token (JWT) for token based authentication
 gem 'jwt'
+gem 'devise-jwt'
 # Use Active Model has_secure_password
 gem 'bcrypt', '~> 3.1.7'
 
@@ -34,7 +35,9 @@ group :development, :test do
   gem 'byebug', platforms: [:mri, :mingw, :x64_mingw]
   gem 'cucumber-rails', require: false
   gem 'database_cleaner'
-  gem 'rspec', '~> 3.7.0'
+  gem 'rspec-rails', '~> 3.8'
+  gem 'factory_bot'
+  gem 'ffaker'
 end
 
 group :development do

diff --git a/api/Gemfile.lock b/api/Gemfile.lock
@@ -97,15 +97,34 @@ GEM
     cucumber-tag_expressions (1.1.1)
     cucumber-wire (0.0.1)
     database_cleaner (1.7.0)
+    devise (4.7.1)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0)
+      responders
+      warden (~> 1.2.3)
+    devise-jwt (0.6.0)
+      devise (~> 4.0)
+      warden-jwt_auth (~> 0.4)
     diff-lcs (1.3)
+    dry-auto_inject (0.6.1)
+      dry-container (>= 0.3.4)
+    dry-configurable (0.8.3)
+      concurrent-ruby (~> 1.0)
+      dry-core (~> 0.4, >= 0.4.7)
+    dry-container (0.7.2)
+      concurrent-ruby (~> 1.0)
+      dry-configurable (~> 0.1, >= 0.1.3)
+    dry-core (0.4.9)
+      concurrent-ruby (~> 1.0)
     erubi (1.9.0)
+    factory_bot (5.1.1)
+      activesupport (>= 4.2.0)
+    ffaker (2.13.0)
     ffi (1.11.1)
     gherkin (5.1.0)
     globalid (0.4.2)
       activesupport (>= 4.2.0)
-    httparty (0.17.1)
-      mime-types (~> 3.0)
-      multi_xml (>= 0.5.2)
     i18n (1.6.0)
       concurrent-ruby (~> 1.0)
     jwt (2.2.1)
@@ -131,10 +150,10 @@ GEM
     msgpack (1.3.1)
     multi_json (1.13.1)
     multi_test (0.1.2)
-    multi_xml (0.6.0)
     nio4r (2.5.2)
     nokogiri (1.10.4)
       mini_portile2 (~> 2.4.0)
+    orm_adapter (0.5.0)
     pg (1.1.4)
     public_suffix (4.0.1)
     puma (3.12.1)
@@ -173,19 +192,26 @@ GEM
     rb-inotify (0.10.0)
       ffi (~> 1.0)
     regexp_parser (1.6.0)
-    rspec (3.7.0)
-      rspec-core (~> 3.7.0)
-      rspec-expectations (~> 3.7.0)
-      rspec-mocks (~> 3.7.0)
-    rspec-core (3.7.1)
-      rspec-support (~> 3.7.0)
-    rspec-expectations (3.7.0)
+    responders (3.0.0)
+      actionpack (>= 5.0)
+      railties (>= 5.0)
+    rspec-core (3.9.0)
+      rspec-support (~> 3.9.0)
+    rspec-expectations (3.9.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.7.0)
-    rspec-mocks (3.7.0)
+      rspec-support (~> 3.9.0)
+    rspec-mocks (3.9.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.7.0)
-    rspec-support (3.7.1)
+      rspec-support (~> 3.9.0)
+    rspec-rails (3.9.0)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+      rspec-support (~> 3.9.0)
+    rspec-support (3.9.0)
     ruby_dep (1.5.0)
     spring (2.1.0)
     spring-watcher-listen (2.0.1)
@@ -202,6 +228,13 @@ GEM
     thread_safe (0.3.6)
     tzinfo (1.2.5)
       thread_safe (~> 0.1)
+    warden (1.2.8)
+      rack (>= 2.0.6)
+    warden-jwt_auth (0.4.0)
+      dry-auto_inject (~> 0.6)
+      dry-configurable (~> 0.8)
+      jwt (~> 2.1)
+      warden (~> 1.2)
     websocket-driver (0.7.1)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.4)
@@ -218,13 +251,16 @@ DEPENDENCIES
   byebug
   cucumber-rails
   database_cleaner
+  devise-jwt
+  factory_bot
+  ffaker
   jwt
   listen (>= 3.0.5, < 3.2)
   pg (>= 0.18, < 2.0)
   puma (~> 3.11)
   rack-cors
   rails (~> 6.0.0)
-  rspec (~> 3.7.0)
+  rspec-rails (~> 3.8)
   spring
   spring-watcher-listen (~> 2.0.0)
   tzinfo-data

diff --git a/api/app/controllers/application_controller.rb b/api/app/controllers/application_controller.rb
@@ -1,35 +1,16 @@
 class ApplicationController < ActionController::API
+	include ActionController::MimeResponds
+
+	respond_to :json
 
 	def not_found
 		render json: format_response(errors: ErrorCodes.get_error_message(19))
 	end
-
-	def format_response(args = {})
-		if not args[:errors].nil?
-			validate_response_errors(args[:errors])
-		else
-			args[:errors] = []
-		end
-
-		args[:errors] = [args[:errors]] if args[:errors].instance_of? String
-		args[:errors] = ErrorCodes.get_errors_by_messages(args[:errors])
-		args[:payload] = {} if args[:payload].nil?
-		return {data: args[:payload], errors: args[:errors]}
-	end
 
-	def authorize_request
-		header = request.headers['Authorization']
-		header = header.split(' ').last if header
-		begin
-			@decoded = JsonWebToken.decode(header)
-			@current_user = User.find_by_login(@decoded[:login])
-		rescue ActiveRecord::RecordNotFound => e
-			unauthorized_request
-		rescue JWT::ExpiredSignature => e
-			unauthorized_request(21)
-		rescue JWT::DecodeError => e
-			unauthorized_request(20)
-		end
+	protected
+
+	def format_response(args = {})
+		DeviseFailureApp.format_response(args)
 	end
 
 	def unauthorized_request(error_code=nil)
@@ -40,21 +21,7 @@ def unauthorized_request(error_code=nil)
 		end
 	end
 
-	protected
-
 	def restrict_to_development
 		head(:not_found) unless Rails.env.development?
 	end
-
-	private
-
-	def validate_response_errors(errors)
-		raise_message = 'errors must be string or string list'
-		unless errors.instance_of? String
-			raise ArgumentError, raise_message unless errors.respond_to? :select
-			if not errors.empty? and (errors.select {|s| s.instance_of? String}).empty?
-				raise ArgumentError, raise_message
-			end
-		end
-	end
 end
diff --git a/api/app/controllers/login_controller.rb b/api/app/controllers/login_controller.rb
diff --git a/api/app/controllers/main_controller.rb b/api/app/controllers/main_controller.rb
@@ -1,8 +1,10 @@
 class MainController < ApplicationController
 	before_action :restrict_to_development
-	before_action :authorize_request
+	before_action :authenticate_user!
 
 	def index
-		render json: format_response(payload: 'You are logged in'), status: :ok
+		payload = {msg: 'You are logged in', current_user: current_user}
+		render json: format_response(payload: payload), status: :ok
 	end
+
 end
diff --git a/api/app/controllers/registrations_controller.rb b/api/app/controllers/registrations_controller.rb
@@ -0,0 +1,20 @@
+class RegistrationsController < Devise::RegistrationsController
+	respond_to :json
+
+	def create
+		build_resource(register_params)
+
+		resource.save
+		if resource.persisted?		
+			render json: format_response, status: :created
+		else
+			render json: format_response(errors: resource.errors.full_messages), status: :bad_request
+		end
+	end
+
+	def register_params
+		params.permit(
+			:login, :password, :name, :email, :gender, :birthday
+		)
+  	end
+end
diff --git a/api/app/controllers/sessions_controller.rb b/api/app/controllers/sessions_controller.rb
@@ -0,0 +1,48 @@
+class SessionsController < Devise::SessionsController
+	before_action :validate_params, only: [:create]
+	before_action :pass_params_to_user, only: [:create]
+
+	respond_to :json
+
+	def create
+		self.resource = warden.authenticate(auth_options)
+		if resource.nil?
+			unauthorized_request(18)
+		else
+			sign_in(resource_name, resource)
+			payload = {token: jwt_token}
+			render json: format_response(payload: payload), status: :ok
+		end
+	end
+
+	def respond_to_on_destroy
+		head :no_content
+	end
+
+	private
+
+	def pass_params_to_user
+		request.params[:user] = ActiveSupport::HashWithIndifferentAccess.new(
+			login: params[:login], email: params[:email], password: params[:password]
+		)
+	end
+
+	def jwt_token
+		request.env['warden-jwt_auth.token']
+	end
+
+	def validate_params
+		# Conditions to test and error code if not pass
+		conditions = [
+			[(params[:login].present? or params[:email].present?), 28],
+			[params[:password].present?, 8],
+			[(params[:login].instance_of?(String) or params[:email].instance_of?(String)), 17],
+			[params[:password].instance_of?(String), 17]
+		]
+		errors = conditions.collect { |condition| ErrorCodes.get_error_message(condition[1]) unless condition[0] }
+		errors = errors.uniq.compact
+		unless errors.empty?
+			render json: format_response(errors: errors), status: :bad_request
+		end
+	end
+end
diff --git a/api/app/controllers/signup_controller.rb b/api/app/controllers/signup_controller.rb
diff --git a/api/app/lib/devise_failure_app.rb b/api/app/lib/devise_failure_app.rb
@@ -0,0 +1,36 @@
+class DeviseFailureApp < Devise::FailureApp
+  def http_auth_body
+    json_error_response
+  end
+
+  def self.format_response(args = {})
+    if not args[:errors].nil?
+      validate_response_errors(args[:errors])
+    else
+      args[:errors] = []
+    end
+
+    args[:errors] = [args[:errors]] if args[:errors].instance_of? String
+    args[:errors].uniq!
+    args[:errors] = ErrorCodes.get_errors_by_messages(args[:errors])
+    return {data: args[:payload], errors: args[:errors]}
+  end
+
+  protected
+
+  def json_error_response
+    self.status = 401
+    self.content_type = "application/json"
+    self.response_body = DeviseFailureApp.format_response(errors: i18n_message).to_json
+  end
+
+  def self.validate_response_errors(errors)
+    raise_message = 'errors must be string or string list'
+    unless errors.instance_of? String
+      raise ArgumentError, raise_message unless errors.respond_to? :select
+      if not errors.empty? and (errors.select {|s| s.instance_of? String}).empty?
+        raise ArgumentError, raise_message
+      end
+    end
+  end
+end