From fb7a1c4ff3ee4b609c9148f431abf92eb14c4048 Mon Sep 17 00:00:00 2001 From: Oleg Hasjanov Date: Fri, 13 Oct 2023 15:23:44 +0300 Subject: [PATCH] auction api for mobile app --- Gemfile | 2 + Gemfile.lock | 21 +++++ app/controllers/auth/sessions_controller.rb | 3 + app/controllers/offers_controller.rb | 7 ++ app/models/user.rb | 4 +- config/customization.yml.sample | 2 + config/initializers/devise.rb | 7 ++ db/migrate/20231013110924_add_jti_to_users.rb | 6 ++ db/structure.sql | 86 ++++--------------- 9 files changed, 67 insertions(+), 71 deletions(-) create mode 100644 db/migrate/20231013110924_add_jti_to_users.rb diff --git a/Gemfile b/Gemfile index 6a37a3566..58f2b00f5 100644 --- a/Gemfile +++ b/Gemfile @@ -82,3 +82,5 @@ gem 'pagy', '~> 6.0' gem 'faker' gem 'noticed', '~> 1.6' +gem 'devise-jwt' +gem 'jsonapi-serializer' \ No newline at end of file diff --git a/Gemfile.lock b/Gemfile.lock index 0a9cf5e03..93025c056 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -136,9 +136,21 @@ GEM railties (>= 4.1.0) responders warden (~> 1.2.3) + devise-jwt (0.11.0) + devise (~> 4.0) + warden-jwt_auth (~> 0.8) docile (1.4.0) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) + dry-auto_inject (1.0.1) + dry-core (~> 1.0) + zeitwerk (~> 2.6) + dry-configurable (1.1.0) + dry-core (~> 1.0, < 2) + zeitwerk (~> 2.6) + dry-core (1.0.1) + concurrent-ruby (~> 1.0) + zeitwerk (~> 2.6) erubi (1.12.0) faker (3.2.0) i18n (>= 1.8.11, < 2) @@ -186,6 +198,8 @@ GEM bindata faraday (~> 2.0) faraday-follow_redirects + jsonapi-serializer (2.2.0) + activesupport (>= 4.2) jwt (2.7.1) language_server-protocol (3.17.0.3) listen (3.8.0) @@ -405,6 +419,11 @@ GEM rexml (>= 3.2, < 4.0) warden (1.2.9) rack (>= 2.0.9) + warden-jwt_auth (0.8.0) + dry-auto_inject (>= 0.8, < 2) + dry-configurable (>= 0.13, < 2) + jwt (~> 2.1) + warden (~> 1.2) web-console (4.2.0) actionview (>= 6.0.0) activemodel (>= 6.0.0) @@ -449,12 +468,14 @@ DEPENDENCIES delayed_job (~> 4.1.0) delayed_job_active_record devise + devise-jwt directo! faker faraday hotwire-rails (~> 0.1.3) i18n-debug jbuilder (~> 2.11) + jsonapi-serializer jwt listen (>= 3.0.5, < 3.9) lograge diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index 84e7577d1..23b900be3 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -2,6 +2,9 @@ module Auth class SessionsController < Devise::SessionsController include InvalidUserDataHelper after_action :set_invalid_data_flag_in_session, only: [:create] + + skip_before_action :verify_authenticity_token + respond_to :html, :json def create super diff --git a/app/controllers/offers_controller.rb b/app/controllers/offers_controller.rb index f6030f3ff..79f5f50d0 100644 --- a/app/controllers/offers_controller.rb +++ b/app/controllers/offers_controller.rb @@ -6,6 +6,8 @@ class OffersController < ApplicationController before_action :authorize_phone_confirmation before_action :authorize_offer_for_user, except: %i[new index create] + respond_to :html, :json + include RecaptchaValidatable recaptcha_action 'offer' @@ -49,6 +51,11 @@ def index .order('auctions.ends_at DESC') @pagy, @offers = pagy(offers, items: params[:per_page] ||= 15) + + respond_to do |format| + format.html + format.json { render json: @offers.as_json(include: [:auction, :billing_profile]) } + end end # GET /offers/aa450f1a-45e2-4f22-b2c3-f5f46b5f906b diff --git a/app/models/user.rb b/app/models/user.rb index f059df023..a8733cf4f 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -2,6 +2,8 @@ class User < ApplicationRecord include Bannable + include Devise::JWT::RevocationStrategies::JTIMatcher + PARTICIPANT_ROLE = 'participant'.freeze ADMINISTATOR_ROLE = 'administrator'.freeze ROLES = %w[administrator participant].freeze @@ -10,7 +12,7 @@ class User < ApplicationRecord TARA_PROVIDER = 'tara'.freeze devise :database_authenticatable, :recoverable, :rememberable, :validatable, :confirmable, - :timeoutable + :timeoutable, :jwt_authenticatable, jwt_revocation_strategy: self alias_attribute :country_code, :alpha_two_country_code diff --git a/config/customization.yml.sample b/config/customization.yml.sample index ec6071cb5..cae9c0d29 100644 --- a/config/customization.yml.sample +++ b/config/customization.yml.sample @@ -18,6 +18,8 @@ default: &default vapid_public: "BGgFbsalgk-emt7f0f279JsxF15NOfEJKQ-7w04FmXseeWt4pRvCaD7EMl6PqS-BHrwO3QWsPUOGkAjNWNBOVLY=" vapid_private: "2xl1lvaQARjFHRCKrPo2B-MbTAc1IZ3UrfugDh6cJiE=" + jwt_secret: '' + mailer: # Host to which links from emails should redirect to host: 'https://auction.example.test' diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 24fc5452e..b8aab83d7 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -20,6 +20,13 @@ def skip_format? config.navigational_formats = ['*/*', :html, :turbo_stream] +config.jwt do |jwt| + jwt.secret = AuctionCenter::Application.config.customization[:jwt_secret] + jwt.dispatch_requests = [ ['POST', %r{^/login$}] ] + jwt.revocation_requests = [ ['DELETE', %r{^/logout$}] ] + jwt.expiration_time = 30.minutes.to_i +end + config.warden do |manager| manager.failure_app = TurboFailureApp # manager.intercept_401 = false diff --git a/db/migrate/20231013110924_add_jti_to_users.rb b/db/migrate/20231013110924_add_jti_to_users.rb new file mode 100644 index 000000000..cf4d56a7b --- /dev/null +++ b/db/migrate/20231013110924_add_jti_to_users.rb @@ -0,0 +1,6 @@ +class AddJtiToUsers < ActiveRecord::Migration[7.0] + def change + add_column :users, :jti, :string + add_index :users, :jti, unique: true + end +end diff --git a/db/structure.sql b/db/structure.sql index 1ae521498..2145f4145 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -912,38 +912,6 @@ CREATE SEQUENCE public.auctions_id_seq ALTER SEQUENCE public.auctions_id_seq OWNED BY public.auctions.id; --- --- Name: auto_bids; Type: TABLE; Schema: public; Owner: - --- - -CREATE TABLE public.auto_bids ( - id bigint NOT NULL, - wishlist_item_id bigint NOT NULL, - cents integer NOT NULL, - created_at timestamp(6) without time zone NOT NULL, - updated_at timestamp(6) without time zone NOT NULL -); - - --- --- Name: auto_bids_id_seq; Type: SEQUENCE; Schema: public; Owner: - --- - -CREATE SEQUENCE public.auto_bids_id_seq - START WITH 1 - INCREMENT BY 1 - NO MINVALUE - NO MAXVALUE - CACHE 1; - - --- --- Name: auto_bids_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: - --- - -ALTER SEQUENCE public.auto_bids_id_seq OWNED BY public.auto_bids.id; - - -- -- Name: autobiders; Type: TABLE; Schema: public; Owner: - -- @@ -953,9 +921,10 @@ CREATE TABLE public.autobiders ( user_id bigint, domain_name character varying, cents integer, - uuid uuid DEFAULT public.gen_random_uuid(), + uuid uuid DEFAULT gen_random_uuid(), created_at timestamp(6) without time zone NOT NULL, - updated_at timestamp(6) without time zone NOT NULL + updated_at timestamp(6) without time zone NOT NULL, + enable boolean DEFAULT false ); @@ -1586,7 +1555,7 @@ CREATE TABLE public.users ( uid character varying, updated_by character varying, daily_summary boolean DEFAULT false NOT NULL, - discarded_at timestamp without time zone, + jti character varying, CONSTRAINT users_roles_are_known CHECK ((roles <@ ARRAY['participant'::character varying, 'administrator'::character varying])) ); @@ -1770,13 +1739,6 @@ ALTER TABLE ONLY audit.wishlist_items ALTER COLUMN id SET DEFAULT nextval('audit ALTER TABLE ONLY public.auctions ALTER COLUMN id SET DEFAULT nextval('public.auctions_id_seq'::regclass); --- --- Name: auto_bids id; Type: DEFAULT; Schema: public; Owner: - --- - -ALTER TABLE ONLY public.auto_bids ALTER COLUMN id SET DEFAULT nextval('public.auto_bids_id_seq'::regclass); - - -- -- Name: autobiders id; Type: DEFAULT; Schema: public; Owner: - -- @@ -2078,14 +2040,6 @@ ALTER TABLE ONLY public.ar_internal_metadata ADD CONSTRAINT ar_internal_metadata_pkey PRIMARY KEY (key); --- --- Name: auto_bids auto_bids_pkey; Type: CONSTRAINT; Schema: public; Owner: - --- - -ALTER TABLE ONLY public.auto_bids - ADD CONSTRAINT auto_bids_pkey PRIMARY KEY (id); - - -- -- Name: autobiders autobiders_pkey; Type: CONSTRAINT; Schema: public; Owner: - -- @@ -2442,13 +2396,6 @@ CREATE UNIQUE INDEX index_auctions_on_remote_id ON public.auctions USING btree ( CREATE UNIQUE INDEX index_auctions_on_uuid ON public.auctions USING btree (uuid); --- --- Name: index_auto_bids_on_wishlist_item_id; Type: INDEX; Schema: public; Owner: - --- - -CREATE INDEX index_auto_bids_on_wishlist_item_id ON public.auto_bids USING btree (wishlist_item_id); - - -- -- Name: index_autobiders_on_domain_name; Type: INDEX; Schema: public; Owner: - -- @@ -2729,6 +2676,13 @@ CREATE UNIQUE INDEX index_users_on_confirmation_token ON public.users USING btre CREATE UNIQUE INDEX index_users_on_email ON public.users USING btree (email); +-- +-- Name: index_users_on_jti; Type: INDEX; Schema: public; Owner: - +-- + +CREATE UNIQUE INDEX index_users_on_jti ON public.users USING btree (jti); + + -- -- Name: index_users_on_provider_and_uid; Type: INDEX; Schema: public; Owner: - -- @@ -2770,6 +2724,7 @@ CREATE INDEX index_wishlist_items_on_domain_name ON public.wishlist_items USING CREATE UNIQUE INDEX users_by_identity_code_and_country ON public.users USING btree (alpha_two_country_code, identity_code) WHERE ((alpha_two_country_code)::text = 'EE'::text); + -- -- Name: auctions process_auction_audit; Type: TRIGGER; Schema: public; Owner: - -- @@ -2886,14 +2841,6 @@ ALTER TABLE ONLY public.autobiders ADD CONSTRAINT fk_rails_3d4f798ed7 FOREIGN KEY (user_id) REFERENCES public.users(id); --- --- Name: auto_bids fk_rails_473d19add3; Type: FK CONSTRAINT; Schema: public; Owner: - --- - -ALTER TABLE ONLY public.auto_bids - ADD CONSTRAINT fk_rails_473d19add3 FOREIGN KEY (wishlist_item_id) REFERENCES public.wishlist_items(id); - - -- -- Name: wishlist_items fk_rails_5c10acf6bc; Type: FK CONSTRAINT; Schema: public; Owner: - -- @@ -3087,14 +3034,11 @@ INSERT INTO "schema_migrations" (version) VALUES ('20191025092912'), ('20191028092316'), ('20191121162323'), -('20191129102035'), -('20191206123023'), ('20191209073454'), ('20191209083000'), ('20191209085222'), ('20191213082941'), ('20191220131845'), -('20200109093043'), ('20200110135003'), ('20200115145246'), ('20200205092158'), @@ -3106,7 +3050,6 @@ INSERT INTO "schema_migrations" (version) VALUES ('20220422094307'), ('20220422094556'), ('20220422095751'), -('20220422121056'), ('20220425103701'), ('20220426082102'), ('20220527064738'), @@ -3125,8 +3068,11 @@ INSERT INTO "schema_migrations" (version) VALUES ('20230419114412'), ('20230607092953'), ('20230705192353'), +('20230721102651'), ('20230925130405'), ('20230927114150'), -('20231006095158'); +('20231002090548'), +('20231006095158'), +('20231013110924');