kevinsivic/dawarich
1
0
Fork 0
mirror of https://github.com/Freika/dawarich.git synced 2026-01-11 09:41:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Accept API key in query string for api/v1/overland/batches

Browse source
This commit is contained in:
Eugene Burmakin 2024-05-25 12:47:25 +02:00
parent add1eb2539
commit 8c1d8a1470
6 changed files with 60 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app/controllers/api/v1/overland/batches_controller.rb
View file

@ -2,6 +2,7 @@
class Api::V1::Overland::BatchesController < ApplicationController class Api::V1::Overland::BatchesController < ApplicationController
skip_forgery_protection skip_forgery_protection
before_action :authenticate_api_key
def create def create
Overland::BatchCreatingJob.perform_later(batch_params) Overland::BatchCreatingJob.perform_later(batch_params)
@ -12,6 +13,6 @@ class Api::V1::Overland::BatchesController < ApplicationController
private private
def batch_params def batch_params
params.permit(locations: [:type, geometry: {}, properties: {}], batch: {}) params.permit(locations: [:type, { geometry: {}, properties: {} }], batch: {})
end end
end end

14
app/controllers/application_controller.rb
View file

@ -1,3 +1,17 @@
# frozen_string_literal: true
class ApplicationController < ActionController::Base class ApplicationController < ActionController::Base
include Pundit::Authorization include Pundit::Authorization
protected
def authenticate_api_key
return head :unauthorized unless current_api_user
true
end
def current_api_user
@current_api_user ||= User.find_by(api_key: params[:api_key])
end
end end

2
app/views/devise/registrations/edit.html.erb
View file

@ -2,7 +2,7 @@
<div class="hero-content flex-col lg:flex-row-reverse w-full my-10"> <div class="hero-content flex-col lg:flex-row-reverse w-full my-10">
<div class="text-center lg:text-left"> <div class="text-center lg:text-left">
<h1 class="text-5xl font-bold">Edit your account!</h1> <h1 class="text-5xl font-bold">Edit your account!</h1>
<%#= render 'devise/registrations/api_key' %> <%= render 'devise/registrations/api_key' %>
</div> </div>
<div class="card flex-shrink-0 w-full max-w-sm shadow-2xl bg-base-100 px-5 py-5"> <div class="card flex-shrink-0 w-full max-w-sm shadow-2xl bg-base-100 px-5 py-5">
<%= form_for(resource, as: resource_name, url: registration_path(resource_name), class: 'form-body', html: { method: :put }) do |f| %> <%= form_for(resource, as: resource_name, url: registration_path(resource_name), class: 'form-body', html: { method: :put }) do |f| %>

26
spec/requests/api/v1/overland/batches_spec.rb
View file

@ -9,16 +9,28 @@ RSpec.describe 'Api::V1::Overland::Batches', type: :request do
let(:json) { JSON.parse(file.read) } let(:json) { JSON.parse(file.read) }
let(:params) { json } let(:params) { json }
it 'returns http success' do context 'with invalid api key' do
post '/api/v1/overland/batches', params: params it 'returns http unauthorized' do
post '/api/v1/overland/batches', params: params
expect(response).to have_http_status(:created) expect(response).to have_http_status(:unauthorized)
end
end end
it 'enqueues a job' do context 'with valid api key' do
expect do let(:user) { create(:user) }
post '/api/v1/overland/batches', params: params
end.to have_enqueued_job(Overland::BatchCreatingJob) it 'returns http success' do
post "/api/v1/overland/batches?api_key=#{user.api_key}", params: params
expect(response).to have_http_status(:created)
end
it 'enqueues a job' do
expect do
post "/api/v1/overland/batches?api_key=#{user.api_key}", params: params
end.to have_enqueued_job(Overland::BatchCreatingJob)
end
end end
end end
end end

14
spec/swagger/api/v1/overland/batches_controller_spec.rb
View file

@ -72,12 +72,26 @@ describe 'Batches API', type: :request do
} }
} }
parameter name: :api_key, in: :query, type: :string, required: true, description: 'API Key'
response '201', 'Batch of points created' do response '201', 'Batch of points created' do
let(:file_path) { 'spec/fixtures/files/overland/geodata.json' } let(:file_path) { 'spec/fixtures/files/overland/geodata.json' }
let(:file) { File.open(file_path) } let(:file) { File.open(file_path) }
let(:json) { JSON.parse(file.read) } let(:json) { JSON.parse(file.read) }
let(:params) { json } let(:params) { json }
let(:locations) { params['locations'] } let(:locations) { params['locations'] }
let(:api_key) { create(:user).api_key }
run_test!
end
response '401', 'Unauthorized' do
let(:file_path) { 'spec/fixtures/files/overland/geodata.json' }
let(:file) { File.open(file_path) }
let(:json) { JSON.parse(file.read) }
let(:params) { json }
let(:locations) { params['locations'] }
let(:api_key) { nil }
run_test! run_test!
end end

12
swagger/v1/swagger.yaml
View file

@ -9,10 +9,18 @@ paths:
summary: Creates a batch of points summary: Creates a batch of points
tags: tags:
- Batches - Batches
parameters: [] parameters:
- name: api_key
in: query
required: true
description: API Key
schema:
type: string
responses: responses:
'201': '201':
description: Batch of points created description: Batch of points created
'401':
description: Unauthorized
requestBody: requestBody:
content: content:
application/json: application/json:
@ -172,7 +180,7 @@ paths:
lat: 52.502397 lat: 52.502397
lon: 13.356718 lon: 13.356718
tid: Swagger tid: Swagger
tst: 1716488929 tst: 1716633953
servers: servers:
- url: http://{defaultHost} - url: http://{defaultHost}
variables: variables: