From 8c1d8a14705c7278d2b0b042159409b6c78adf07 Mon Sep 17 00:00:00 2001 From: Eugene Burmakin Date: Sat, 25 May 2024 12:47:25 +0200 Subject: [PATCH] Accept API key in query string for api/v1/overland/batches --- .../api/v1/overland/batches_controller.rb | 3 ++- app/controllers/application_controller.rb | 14 ++++++++++ app/views/devise/registrations/edit.html.erb | 2 +- spec/requests/api/v1/overland/batches_spec.rb | 26 ++++++++++++++----- .../v1/overland/batches_controller_spec.rb | 14 ++++++++++ swagger/v1/swagger.yaml | 12 +++++++-- 6 files changed, 60 insertions(+), 11 deletions(-) diff --git a/app/controllers/api/v1/overland/batches_controller.rb b/app/controllers/api/v1/overland/batches_controller.rb index 2b0aacc8..014b43f5 100644 --- a/app/controllers/api/v1/overland/batches_controller.rb +++ b/app/controllers/api/v1/overland/batches_controller.rb @@ -2,6 +2,7 @@ class Api::V1::Overland::BatchesController < ApplicationController skip_forgery_protection + before_action :authenticate_api_key def create Overland::BatchCreatingJob.perform_later(batch_params) @@ -12,6 +13,6 @@ class Api::V1::Overland::BatchesController < ApplicationController private def batch_params - params.permit(locations: [:type, geometry: {}, properties: {}], batch: {}) + params.permit(locations: [:type, { geometry: {}, properties: {} }], batch: {}) end end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index cfb0a0a5..71021818 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,3 +1,17 @@ +# frozen_string_literal: true + class ApplicationController < ActionController::Base include Pundit::Authorization + + protected + + def authenticate_api_key + return head :unauthorized unless current_api_user + + true + end + + def current_api_user + @current_api_user ||= User.find_by(api_key: params[:api_key]) + end end diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index 8e0968fb..73cab649 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -2,7 +2,7 @@

Edit your account!

- <%#= render 'devise/registrations/api_key' %> + <%= render 'devise/registrations/api_key' %>
<%= form_for(resource, as: resource_name, url: registration_path(resource_name), class: 'form-body', html: { method: :put }) do |f| %> diff --git a/spec/requests/api/v1/overland/batches_spec.rb b/spec/requests/api/v1/overland/batches_spec.rb index 22d82818..912aa280 100644 --- a/spec/requests/api/v1/overland/batches_spec.rb +++ b/spec/requests/api/v1/overland/batches_spec.rb @@ -9,16 +9,28 @@ RSpec.describe 'Api::V1::Overland::Batches', type: :request do let(:json) { JSON.parse(file.read) } let(:params) { json } - it 'returns http success' do - post '/api/v1/overland/batches', params: params + context 'with invalid api key' do + it 'returns http unauthorized' do + post '/api/v1/overland/batches', params: params - expect(response).to have_http_status(:created) + expect(response).to have_http_status(:unauthorized) + end end - it 'enqueues a job' do - expect do - post '/api/v1/overland/batches', params: params - end.to have_enqueued_job(Overland::BatchCreatingJob) + context 'with valid api key' do + let(:user) { create(:user) } + + it 'returns http success' do + post "/api/v1/overland/batches?api_key=#{user.api_key}", params: params + + expect(response).to have_http_status(:created) + end + + it 'enqueues a job' do + expect do + post "/api/v1/overland/batches?api_key=#{user.api_key}", params: params + end.to have_enqueued_job(Overland::BatchCreatingJob) + end end end end diff --git a/spec/swagger/api/v1/overland/batches_controller_spec.rb b/spec/swagger/api/v1/overland/batches_controller_spec.rb index 038acb30..d0d0a2b5 100644 --- a/spec/swagger/api/v1/overland/batches_controller_spec.rb +++ b/spec/swagger/api/v1/overland/batches_controller_spec.rb @@ -72,12 +72,26 @@ describe 'Batches API', type: :request do } } + parameter name: :api_key, in: :query, type: :string, required: true, description: 'API Key' + response '201', 'Batch of points created' do let(:file_path) { 'spec/fixtures/files/overland/geodata.json' } let(:file) { File.open(file_path) } let(:json) { JSON.parse(file.read) } let(:params) { json } let(:locations) { params['locations'] } + let(:api_key) { create(:user).api_key } + + run_test! + end + + response '401', 'Unauthorized' do + let(:file_path) { 'spec/fixtures/files/overland/geodata.json' } + let(:file) { File.open(file_path) } + let(:json) { JSON.parse(file.read) } + let(:params) { json } + let(:locations) { params['locations'] } + let(:api_key) { nil } run_test! end diff --git a/swagger/v1/swagger.yaml b/swagger/v1/swagger.yaml index e710236d..32ddedfc 100644 --- a/swagger/v1/swagger.yaml +++ b/swagger/v1/swagger.yaml @@ -9,10 +9,18 @@ paths: summary: Creates a batch of points tags: - Batches - parameters: [] + parameters: + - name: api_key + in: query + required: true + description: API Key + schema: + type: string responses: '201': description: Batch of points created + '401': + description: Unauthorized requestBody: content: application/json: @@ -172,7 +180,7 @@ paths: lat: 52.502397 lon: 13.356718 tid: Swagger - tst: 1716488929 + tst: 1716633953 servers: - url: http://{defaultHost} variables: