auction api for mobile app

Gemfile

@@ -82,3 +82,5 @@ gem 'pagy', '~> 6.0'
 gem 'faker'
 
 gem 'noticed', '~> 1.6'
+gem 'devise-jwt'
+gem 'jsonapi-serializer'

Gemfile.lock

@@ -136,9 +136,21 @@ GEM
       railties (>= 4.1.0)
       responders
       warden (~> 1.2.3)
+    devise-jwt (0.11.0)
+      devise (~> 4.0)
+      warden-jwt_auth (~> 0.8)
     docile (1.4.0)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
+    dry-auto_inject (1.0.1)
+      dry-core (~> 1.0)
+      zeitwerk (~> 2.6)
+    dry-configurable (1.1.0)
+      dry-core (~> 1.0, < 2)
+      zeitwerk (~> 2.6)
+    dry-core (1.0.1)
+      concurrent-ruby (~> 1.0)
+      zeitwerk (~> 2.6)
     erubi (1.12.0)
     faker (3.2.0)
       i18n (>= 1.8.11, < 2)
@@ -186,6 +198,8 @@ GEM
       bindata
       faraday (~> 2.0)
       faraday-follow_redirects
+    jsonapi-serializer (2.2.0)
+      activesupport (>= 4.2)
     jwt (2.7.1)
     language_server-protocol (3.17.0.3)
     listen (3.8.0)
@@ -405,6 +419,11 @@ GEM
       rexml (>= 3.2, < 4.0)
     warden (1.2.9)
       rack (>= 2.0.9)
+    warden-jwt_auth (0.8.0)
+      dry-auto_inject (>= 0.8, < 2)
+      dry-configurable (>= 0.13, < 2)
+      jwt (~> 2.1)
+      warden (~> 1.2)
     web-console (4.2.0)
       actionview (>= 6.0.0)
       activemodel (>= 6.0.0)
@@ -449,12 +468,14 @@ DEPENDENCIES
   delayed_job (~> 4.1.0)
   delayed_job_active_record
   devise
+  devise-jwt
   directo!
   faker
   faraday
   hotwire-rails (~> 0.1.3)
   i18n-debug
   jbuilder (~> 2.11)
+  jsonapi-serializer
   jwt
   listen (>= 3.0.5, < 3.9)
   lograge

app/controllers/auth/sessions_controller.rb

@@ -2,6 +2,9 @@ module Auth
   class SessionsController < Devise::SessionsController
     include InvalidUserDataHelper
     after_action :set_invalid_data_flag_in_session, only: [:create]
+
+    skip_before_action :verify_authenticity_token
+    respond_to :html, :json
 
     def create
       super

app/controllers/offers_controller.rb

@@ -6,6 +6,8 @@ class OffersController < ApplicationController
   before_action :authorize_phone_confirmation
   before_action :authorize_offer_for_user, except: %i[new index create]
 
+  respond_to :html, :json
+
   include RecaptchaValidatable
   recaptcha_action 'offer'
 
@@ -49,6 +51,11 @@ def index
                   .order('auctions.ends_at DESC')
 
     @pagy, @offers = pagy(offers, items: params[:per_page] ||= 15)
+
+    respond_to do |format|
+      format.html
+      format.json { render json: @offers.as_json(include: [:auction, :billing_profile]) }
+    end
   end
 
   # GET /offers/aa450f1a-45e2-4f22-b2c3-f5f46b5f906b

app/models/user.rb

@@ -2,6 +2,8 @@
 
 class User < ApplicationRecord
   include Bannable
+  include Devise::JWT::RevocationStrategies::JTIMatcher
+
   PARTICIPANT_ROLE = 'participant'.freeze
   ADMINISTATOR_ROLE = 'administrator'.freeze
   ROLES = %w[administrator participant].freeze
@@ -10,7 +12,7 @@ class User < ApplicationRecord
   TARA_PROVIDER = 'tara'.freeze
 
   devise :database_authenticatable, :recoverable, :rememberable, :validatable, :confirmable,
-         :timeoutable
+         :timeoutable, :jwt_authenticatable, jwt_revocation_strategy: self
 
   alias_attribute :country_code, :alpha_two_country_code
 

config/customization.yml.sample

@@ -18,6 +18,8 @@ default: &default
   vapid_public: "BGgFbsalgk-emt7f0f279JsxF15NOfEJKQ-7w04FmXseeWt4pRvCaD7EMl6PqS-BHrwO3QWsPUOGkAjNWNBOVLY="
   vapid_private: "2xl1lvaQARjFHRCKrPo2B-MbTAc1IZ3UrfugDh6cJiE="
 
+  jwt_secret: ''
+
   mailer:
     # Host to which links from emails should redirect to
     host: 'https://auction.example.test'

config/initializers/devise.rb

@@ -20,6 +20,13 @@ def skip_format?
 
 config.navigational_formats = ['*/*', :html, :turbo_stream]
 
+config.jwt do |jwt|
+  jwt.secret = AuctionCenter::Application.config.customization[:jwt_secret]
+  jwt.dispatch_requests = [ ['POST', %r{^/login$}] ]
+  jwt.revocation_requests = [ ['DELETE', %r{^/logout$}] ]
+  jwt.expiration_time = 30.minutes.to_i
+end
+
 config.warden do |manager|
   manager.failure_app = TurboFailureApp
 #   manager.intercept_401 = false

db/migrate/20231013110924_add_jti_to_users.rb

@@ -0,0 +1,6 @@
+class AddJtiToUsers < ActiveRecord::Migration[7.0]
+  def change
+    add_column :users, :jti, :string
+    add_index :users, :jti, unique: true
+  end
+end

db/structure.sql

@@ -912,38 +912,6 @@ CREATE SEQUENCE public.auctions_id_seq
 ALTER SEQUENCE public.auctions_id_seq OWNED BY public.auctions.id;
 
 
---
--- Name: auto_bids; Type: TABLE; Schema: public; Owner: -
---
-
-CREATE TABLE public.auto_bids (
-    id bigint NOT NULL,
-    wishlist_item_id bigint NOT NULL,
-    cents integer NOT NULL,
-    created_at timestamp(6) without time zone NOT NULL,
-    updated_at timestamp(6) without time zone NOT NULL
-);
-
-
---
--- Name: auto_bids_id_seq; Type: SEQUENCE; Schema: public; Owner: -
---
-
-CREATE SEQUENCE public.auto_bids_id_seq
-    START WITH 1
-    INCREMENT BY 1
-    NO MINVALUE
-    NO MAXVALUE
-    CACHE 1;
-
-
---
--- Name: auto_bids_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
---
-
-ALTER SEQUENCE public.auto_bids_id_seq OWNED BY public.auto_bids.id;
-
-
 --
 -- Name: autobiders; Type: TABLE; Schema: public; Owner: -
 --
@@ -953,9 +921,10 @@ CREATE TABLE public.autobiders (
     user_id bigint,
     domain_name character varying,
     cents integer,
-    uuid uuid DEFAULT public.gen_random_uuid(),
+    uuid uuid DEFAULT gen_random_uuid(),
     created_at timestamp(6) without time zone NOT NULL,
-    updated_at timestamp(6) without time zone NOT NULL
+    updated_at timestamp(6) without time zone NOT NULL,
+    enable boolean DEFAULT false
 );
 
 
@@ -1586,7 +1555,7 @@ CREATE TABLE public.users (
     uid character varying,
     updated_by character varying,
     daily_summary boolean DEFAULT false NOT NULL,
-    discarded_at timestamp without time zone,
+    jti character varying,
     CONSTRAINT users_roles_are_known CHECK ((roles <@ ARRAY['participant'::character varying, 'administrator'::character varying]))
 );
 
@@ -1770,13 +1739,6 @@ ALTER TABLE ONLY audit.wishlist_items ALTER COLUMN id SET DEFAULT nextval('audit
 ALTER TABLE ONLY public.auctions ALTER COLUMN id SET DEFAULT nextval('public.auctions_id_seq'::regclass);
 
 
---
--- Name: auto_bids id; Type: DEFAULT; Schema: public; Owner: -
---
-
-ALTER TABLE ONLY public.auto_bids ALTER COLUMN id SET DEFAULT nextval('public.auto_bids_id_seq'::regclass);
-
-
 --
 -- Name: autobiders id; Type: DEFAULT; Schema: public; Owner: -
 --
@@ -2078,14 +2040,6 @@ ALTER TABLE ONLY public.ar_internal_metadata
     ADD CONSTRAINT ar_internal_metadata_pkey PRIMARY KEY (key);
 
 
---
--- Name: auto_bids auto_bids_pkey; Type: CONSTRAINT; Schema: public; Owner: -
---
-
-ALTER TABLE ONLY public.auto_bids
-    ADD CONSTRAINT auto_bids_pkey PRIMARY KEY (id);
-
-
 --
 -- Name: autobiders autobiders_pkey; Type: CONSTRAINT; Schema: public; Owner: -
 --
@@ -2442,13 +2396,6 @@ CREATE UNIQUE INDEX index_auctions_on_remote_id ON public.auctions USING btree (
 CREATE UNIQUE INDEX index_auctions_on_uuid ON public.auctions USING btree (uuid);
 
 
---
--- Name: index_auto_bids_on_wishlist_item_id; Type: INDEX; Schema: public; Owner: -
---
-
-CREATE INDEX index_auto_bids_on_wishlist_item_id ON public.auto_bids USING btree (wishlist_item_id);
-
-
 --
 -- Name: index_autobiders_on_domain_name; Type: INDEX; Schema: public; Owner: -
 --
@@ -2729,6 +2676,13 @@ CREATE UNIQUE INDEX index_users_on_confirmation_token ON public.users USING btre
 CREATE UNIQUE INDEX index_users_on_email ON public.users USING btree (email);
 
 
+--
+-- Name: index_users_on_jti; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE UNIQUE INDEX index_users_on_jti ON public.users USING btree (jti);
+
+
 --
 -- Name: index_users_on_provider_and_uid; Type: INDEX; Schema: public; Owner: -
 --
@@ -2770,6 +2724,7 @@ CREATE INDEX index_wishlist_items_on_domain_name ON public.wishlist_items USING
 
 CREATE UNIQUE INDEX users_by_identity_code_and_country ON public.users USING btree (alpha_two_country_code, identity_code) WHERE ((alpha_two_country_code)::text = 'EE'::text);
 
+
 --
 -- Name: auctions process_auction_audit; Type: TRIGGER; Schema: public; Owner: -
 --
@@ -2886,14 +2841,6 @@ ALTER TABLE ONLY public.autobiders
     ADD CONSTRAINT fk_rails_3d4f798ed7 FOREIGN KEY (user_id) REFERENCES public.users(id);
 
 
---
--- Name: auto_bids fk_rails_473d19add3; Type: FK CONSTRAINT; Schema: public; Owner: -
---
-
-ALTER TABLE ONLY public.auto_bids
-    ADD CONSTRAINT fk_rails_473d19add3 FOREIGN KEY (wishlist_item_id) REFERENCES public.wishlist_items(id);
-
-
 --
 -- Name: wishlist_items fk_rails_5c10acf6bc; Type: FK CONSTRAINT; Schema: public; Owner: -
 --
@@ -3087,14 +3034,11 @@ INSERT INTO "schema_migrations" (version) VALUES
 ('20191025092912'),
 ('20191028092316'),
 ('20191121162323'),
-('20191129102035'),
-('20191206123023'),
 ('20191209073454'),
 ('20191209083000'),
 ('20191209085222'),
 ('20191213082941'),
 ('20191220131845'),
-('20200109093043'),
 ('20200110135003'),
 ('20200115145246'),
 ('20200205092158'),
@@ -3106,7 +3050,6 @@ INSERT INTO "schema_migrations" (version) VALUES
 ('20220422094307'),
 ('20220422094556'),
 ('20220422095751'),
-('20220422121056'),
 ('20220425103701'),
 ('20220426082102'),
 ('20220527064738'),
@@ -3125,8 +3068,11 @@ INSERT INTO "schema_migrations" (version) VALUES
 ('20230419114412'),
 ('20230607092953'),
 ('20230705192353'),
+('20230721102651'),
 ('20230925130405'),
 ('20230927114150'),
-('20231006095158');
+('20231002090548'),
+('20231006095158'),
+('20231013110924');