Update api spec (#33)

* update rails to 7.1.3 * Update bullet gem version to 7.1.6 * prepare app for admin panels * add versioning to app routes * reword routes comment * use rails built in healthcheck controller * rename healthcheck spec file
gogrow-dev · Feb 2, 2024 · 672fed2 · 672fed2
1 parent cfb8b64
commit 672fed2
Show file tree

Hide file tree

Showing 24 changed files with 129 additions and 108 deletions.
diff --git a/Gemfile b/Gemfile
@@ -22,7 +22,7 @@ gem 'sidekiq', '~> 7.1', '>= 7.1.6'
 gem 'tzinfo-data', platforms: %i[mingw mswin x64_mingw jruby]
 
 group :development, :test do
-  gem 'bullet', '~> 7.1', '>= 7.1.2'
+  gem 'bullet', '~> 7.1', '>= 7.1.6'
   gem 'debug', '~> 1.8', platforms: %i[mri mingw x64_mingw]
   gem 'dotenv-rails', '~> 2.8', '>= 2.8.1'
   gem 'factory_bot_rails', '~> 6.2'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -104,7 +104,7 @@ GEM
     bootsnap (1.16.0)
       msgpack (~> 1.2)
     builder (3.2.4)
-    bullet (7.1.2)
+    bullet (7.1.6)
       activesupport (>= 3.0.0)
       uniform_notifier (~> 1.11)
     concurrent-ruby (1.2.3)
@@ -346,7 +346,7 @@ DEPENDENCIES
   aws-sdk-s3 (~> 1.122)
   blueprinter (~> 0.30.0)
   bootsnap
-  bullet (~> 7.1, >= 7.1.2)
+  bullet (~> 7.1, >= 7.1.6)
   debug (~> 1.8)
   devise (~> 4.9, >= 4.9.3)
   devise-jwt (~> 0.11.0)

diff --git a/app/controllers/api/users/confirmations_controller.rb b/app/controllers/api/users/confirmations_controller.rb
diff --git a/app/controllers/api/users/passwords_controller.rb b/app/controllers/api/users/passwords_controller.rb
diff --git a/app/controllers/api/users/registrations_controller.rb b/app/controllers/api/users/registrations_controller.rb
diff --git a/app/controllers/api/users/sessions_controller.rb b/app/controllers/api/users/sessions_controller.rb
diff --git a/app/controllers/api/v1/users/confirmations_controller.rb b/app/controllers/api/v1/users/confirmations_controller.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Api
+  module V1
+    module Users
+      class ConfirmationsController < Devise::ConfirmationsController
+        respond_to :json
+      end
+    end
+  end
+end
diff --git a/app/controllers/api/v1/users/passwords_controller.rb b/app/controllers/api/v1/users/passwords_controller.rb
@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Api
+  module V1
+    module Users
+      class PasswordsController < Devise::PasswordsController
+        include FakeSession
+        respond_to :json
+      end
+    end
+  end
+end
diff --git a/app/controllers/api/v1/users/registrations_controller.rb b/app/controllers/api/v1/users/registrations_controller.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Api
+  module V1
+    module Users
+      class RegistrationsController < Devise::RegistrationsController
+        include FakeSession
+
+        def respond_with(resource, _opts = {})
+          if resource.persisted?
+            render json: UserSerializer.render(resource), status: :created
+          else
+            render json: resource.errors, status: :unprocessable_entity
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/app/controllers/api/v1/users/sessions_controller.rb b/app/controllers/api/v1/users/sessions_controller.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Api
+  module V1
+    module Users
+      class SessionsController < Devise::SessionsController
+        def create
+          super do |user|
+            render json: UserSerializer.render(user), status: :created
+
+            return
+          end
+        end
+
+        private
+
+        def respond_to_on_destroy
+          current_user ? log_out_success : log_out_failure
+        end
+
+        def log_out_success
+          head :no_content
+        end
+
+        def log_out_failure
+          render json: { error: 'You need to sign in or sign up before continuing.' }, status: :unauthorized
+        end
+      end
+    end
+  end
+end
diff --git a/config/application.rb b/config/application.rb
@@ -38,10 +38,10 @@ class Application < Rails::Application
     # Skip views, helpers and assets when generating a new resource.
     config.api_only = true
 
-    # needed for sidekiq web interface and some admin panels
-    config.session_store :cookie_store, key: '_interslice_session'
+    # reenable cookies and sessions for web interfaces (sidekiq web and admin portals)
     config.middleware.use ActionDispatch::Cookies
-    config.middleware.use config.session_store, config.session_options
+    config.middleware.use ActionDispatch::Session::CookieStore
+    config.middleware.insert_after(ActionDispatch::Cookies, ActionDispatch::Session::CookieStore)
 
     config.require_master_key = false
     config.read_encrypted_secrets = false

diff --git a/config/deploy.staging.yml b/config/deploy.staging.yml
@@ -92,4 +92,4 @@ traefik:
 
 # Configure a custom healthcheck (default is /up on port 3000)
 healthcheck:
-  path: /healthcheck
+  path: /up
diff --git a/config/deploy.yml b/config/deploy.yml
@@ -92,4 +92,4 @@ traefik:
 
 # Configure a custom healthcheck (default is /up on port 3000)
 healthcheck:
-  path: /healthcheck
+  path: /up
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
@@ -98,9 +98,11 @@
   # may want to disable generating routes to Devise's sessions controller by
   # passing skip: :sessions to `devise_for` in your config/routes.rb
 
-  # Added params_auth so that admin panels which use devise can still use session
-  # to store the user session
-  config.skip_session_storage = %i[http_auth params_auth]
+  # because there's a devise-jwt for the User model, and a devise can be mounted
+  # for an AdminUser model, we need to set this to false, otherwise the AdminUser
+  # model won't be stored in the session and it will cause problems when trying to
+  # sign in as an AdminUser
+  config.skip_session_storage = [:http_auth]
 
   # By default, Devise cleans up the CSRF token on authentication to
   # avoid CSRF token fixation attacks. This means that, when using AJAX

diff --git a/config/routes.rb b/config/routes.rb
@@ -1,16 +1,29 @@
 # frozen_string_literal: true
 
 Rails.application.routes.draw do
-  scope module: 'api', defaults: { format: :json } do
-    devise_for :users, controllers: {
-      confirmations: 'api/users/confirmations',
-      sessions: 'api/users/sessions',
-      registrations: 'api/users/registrations',
-      passwords: 'api/users/passwords'
-    }
+  get 'up' => 'rails/health#show', as: :rails_health_check
+
+  defaults format: :html do
+    mount Sidekiq::Web => '/sidekiq'
+
+    # Uncomment when using AdminUser devise model for authenticated admin panels
+    # devise_for :admin_users, only: %i[sessions password], controllers: {
+    #   sessions: 'admin_users/sessions',
+    #   passwords: 'admin_users/passwords'
+    # }
+    # root to: '/admin'
   end
 
-  get '/healthcheck', to: ->(_env) { [200, {}, ['OK']] }
+  devise_for :users, path: 'api/v1/users', defaults: { format: :json }, controllers: {
+    confirmations: 'api/v1/users/confirmations',
+    sessions: 'api/v1/users/sessions',
+    registrations: 'api/v1/users/registrations',
+    passwords: 'api/v1/users/passwords'
+  }
 
-  mount Sidekiq::Web => '/sidekiq'
+  namespace :api, defaults: { format: :json } do
+    namespace :v1 do
+      # Your api routes go here
+    end
+  end
 end
diff --git a/spec/requests/healtchcheck_spec.rb b/spec/requests/healtchcheck_spec.rb
diff --git a/spec/requests/up_spec.rb b/spec/requests/up_spec.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'GET /up', type: :request do
+  subject { get '/up' }
+
+  it 'returns a 200 status code' do
+    subject
+    expect(response).to have_http_status(:ok)
+    expect(response.body).to eq('<!DOCTYPE html><html><body style="background-color: green"></body></html>')
+  end
+end
diff --git a/spec/requests/users/confirmations/create_spec.rb b/spec/requests/users/confirmations/create_spec.rb
@@ -2,7 +2,7 @@
 
 require 'rails_helper'
 
-RSpec.describe 'POST /api/users/confirmations', type: :request do
+RSpec.describe 'POST /api/v1/users/confirmations', type: :request do
   let(:user) { create(:user, :unconfirmed) }
   let(:email) { user.email }
   let(:params) do

diff --git a/spec/requests/users/confirmations/show_spec.rb b/spec/requests/users/confirmations/show_spec.rb
@@ -2,7 +2,7 @@
 
 require 'rails_helper'
 
-RSpec.describe 'GET /api/users/confirmation?confirmation_token', type: :request do
+RSpec.describe 'GET /api/v1/users/confirmation?confirmation_token', type: :request do
   let(:user) { create(:user, :unconfirmed) }
   let(:confirmation_token) { user.confirmation_token }
 

diff --git a/spec/requests/users/passwords/create_spec.rb b/spec/requests/users/passwords/create_spec.rb
@@ -2,7 +2,7 @@
 
 require 'rails_helper'
 
-RSpec.describe 'POST /users/password', type: :request do
+RSpec.describe 'POST /api/v1/users/password', type: :request do
   let(:user) { create(:user) }
   let(:email) { user.email }
   let(:params) do

diff --git a/spec/requests/users/passwords/update_spec.rb b/spec/requests/users/passwords/update_spec.rb
@@ -2,7 +2,7 @@
 
 require 'rails_helper'
 
-RSpec.describe 'PUT /users/password?reset_password_token', type: :request do
+RSpec.describe 'PUT /api/v1/users/password?reset_password_token', type: :request do
   let(:user) { create(:user) }
   let(:reset_password_token) { user.send(:set_reset_password_token) }
   let(:password) { 'new_password' }

diff --git a/spec/requests/users/registrations/create_spec.rb b/spec/requests/users/registrations/create_spec.rb
@@ -2,7 +2,7 @@
 
 require 'rails_helper'
 
-RSpec.describe 'POST /api/users', type: :request do
+RSpec.describe 'POST /api/v1/users', type: :request do
   let(:user) { build(:user) }
   let(:email) { user.email }
   let(:password) { user.password }

diff --git a/spec/requests/users/sessions/create_spec.rb b/spec/requests/users/sessions/create_spec.rb
@@ -2,7 +2,7 @@
 
 require 'rails_helper'
 
-RSpec.describe 'POST /api/users/sign_in', type: :request do
+RSpec.describe 'POST /api/v1/users/sign_in', type: :request do
   let(:user) { create(:user) }
   let(:email) { user.email }
   let(:password) { user.password }

diff --git a/spec/requests/users/sessions/destroy_spec.rb b/spec/requests/users/sessions/destroy_spec.rb
@@ -2,15 +2,15 @@
 
 require 'rails_helper'
 
-RSpec.describe 'DELETE /api/users/sign_out', type: :request do
+RSpec.describe 'DELETE /api/v1/users/sign_out', type: :request do
   let(:user) { create(:user) }
   let(:headers) do
     {
       'Authorization' => get_jwt(user)
     }
   end
 
-  subject { delete destroy_user_session_path, headers: }
+  subject { delete destroy_user_session_path, headers:, as: :json }
 
   context 'when the user is signed in' do
     it 'returns a successful response' do