diff --git a/Gemfile b/Gemfile index 82815ce..ba07031 100644 --- a/Gemfile +++ b/Gemfile @@ -1,16 +1,16 @@ source "https://rubygems.org" # Frameworks -gem "grape", "~> 0.14.0" +gem "grape", "~> 0.17.0" gem "grape-rabl", "~> 0.4.1" gem "grape-kaminari", "~> 0.1.8" -gem "grape-cors", "~> 0.9.2" gem "grape_logging", '~> 1.3.0' gem "sinatra", "~> 1.4.6" gem "kramdown", "~> 1.9.0" # Security gem "rack_csrf", "~> 2.5.0" +gem "rack-cors", :require => "rack/cors" gem "dotenv", "~> 2.1.0" # Database diff --git a/Gemfile.lock b/Gemfile.lock index 11fee8e..e61a898 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -77,6 +77,7 @@ GEM descendants_tracker (0.0.4) thread_safe (~> 0.3, >= 0.3.1) dotenv (2.1.0) + enumerable-lazy (0.0.1) equalizer (0.0.11) erubis (2.7.0) exception_notification (4.1.4) @@ -86,18 +87,16 @@ GEM activesupport (>= 3.0.0) globalid (0.3.6) activesupport (>= 4.1.0) - grape (0.14.0) + grape (0.17.0) activesupport builder hashie (>= 2.1.0) multi_json (>= 1.3.2) multi_xml (>= 0.5.2) + mustermann19 (~> 0.4.3) rack (>= 1.3.0) rack-accept - rack-mount virtus (>= 1.0.0) - grape-cors (0.9.2) - grape grape-kaminari (0.1.8) grape kaminari @@ -108,7 +107,7 @@ GEM tilt grape_logging (1.3.0) grape - hashie (3.4.3) + hashie (3.4.6) i18n (0.7.0) ice_nine (0.11.2) json (1.8.3) @@ -122,11 +121,13 @@ GEM mime-types (>= 1.16, < 3) mime-types (2.99) mini_portile2 (2.0.0) - minitest (5.8.4) + minitest (5.9.0) minitest-around (0.3.2) minitest (~> 5.0) - multi_json (1.11.2) + multi_json (1.12.1) multi_xml (0.5.5) + mustermann19 (0.4.4) + enumerable-lazy net-scp (1.2.1) net-ssh (>= 2.6.5) net-ssh (3.0.2) @@ -140,8 +141,7 @@ GEM rack (1.6.4) rack-accept (0.4.5) rack (>= 0.4) - rack-mount (0.8.3) - rack (>= 1.0.0) + rack-cors (0.4.0) rack-protection (1.5.3) rack rack-test (0.6.3) @@ -204,8 +204,7 @@ DEPENDENCIES dotenv (~> 2.1.0) exception_notification (~> 4.1.4) factory_girl (~> 4.0) - grape (~> 0.14.0) - grape-cors (~> 0.9.2) + grape (~> 0.17.0) grape-kaminari (~> 0.1.8) grape-rabl (~> 0.4.1) grape_logging (~> 1.3.0) @@ -214,6 +213,7 @@ DEPENDENCIES minitest-around (~> 0.3.2) pg (~> 0.18.4) pony (~> 1.11) + rack-cors rack-test (~> 0.6.3) rack_csrf (~> 2.5.0) rake (~> 10.5.0) diff --git a/api/root.rb b/api/root.rb index c64051a..d06330b 100644 --- a/api/root.rb +++ b/api/root.rb @@ -58,8 +58,5 @@ class Root < Grape::API mount API::V3::Countries end end - end end - -Grape::CORS.apply! diff --git a/config.ru b/config.ru index 06979d7..06624de 100644 --- a/config.ru +++ b/config.ru @@ -11,4 +11,11 @@ use Rack::Config do |env| env['api.tilt.root'] = "#{File.dirname(__FILE__)}/api" end +use Rack::Cors do + allow do + origins '*' + resource '*', headers: :any, methods: [:get, :post, :options] + end +end + run Rack::Cascade.new [Web::Root, API::Root] diff --git a/config/environment.rb b/config/environment.rb index d071c9b..1401bfe 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -5,6 +5,7 @@ # Sinatra require 'rack/csrf' +require 'rack/cors' require 'sinatra' # Grape diff --git a/web/controllers/admin.rb b/web/controllers/admin.rb index 71dad81..1c433a6 100644 --- a/web/controllers/admin.rb +++ b/web/controllers/admin.rb @@ -1,53 +1,50 @@ -module Web - module AdminController - # Routes implementation - ####################### - SHOW_ADMIN = -> { - protected! - erb :admin, layout: :layout - } - - UPDATE_API_USER = -> { - protected! - user = ApiUser.find(params[:id]) - - if params.has_key?("destroy") - user.destroy - elsif params.has_key?("save") - UPDATE_USER[user, params["api_user"]] - user.save - end - - redirect back - } - - SIGN_OUT = -> { - protected! - session.destroy - - redirect "/" - } - - # Private implementation - ######################## - UPDATE_USER = -> (user, params) { - if params["active"].present? - user.activate! - else - user.deactivate! - end - - params["permissions"].each do |(api_object, attrs)| - user.permissions[api_object] = attrs.keys - end - } - - # Register to Sinatra app - ######################### - def self.registered(app) - app.get "/admin", &SHOW_ADMIN - app.get "/admin/sign_out", &SIGN_OUT - app.post "/admin/api_users/:id", &UPDATE_API_USER +module Web; end +require "web/helpers" + +class Web::AdminController < Sinatra::Base + helpers Web::Helpers + set :views, File.join(settings.root, '../views') + + get("/admin") do + protected! + erb :admin, layout: :layout + end + + post("/admin/api_users/:id") do + protected! + user = ApiUser.find(params[:id]) + + if params.has_key?("destroy") + user.destroy + elsif params.has_key?("save") + update_user(user, params["api_user"]) + user.save + end + + redirect back + end + + get("/admin/sign_out") do + protected! + session.destroy + + redirect "/" + end + + private + + def update_user user, params + if params["active"].present? + user.activate! + + documentation_url = url("/documentation") + Mailer.send_new_activation_notification(user, documentation_url) + else + user.deactivate! + end + + params["permissions"].each do |(api_object, attrs)| + user.permissions[api_object] = attrs.keys end end end diff --git a/web/controllers/api_users.rb b/web/controllers/api_users.rb deleted file mode 100644 index 973b022..0000000 --- a/web/controllers/api_users.rb +++ /dev/null @@ -1,39 +0,0 @@ -module Web - module ApiUsersController - # Routes - ######## - ACTIVATE_USER = -> { - protected! - - if api_user = ApiUser.find_by_token(params["token"]) - api_user.activate! - Thread.new { - documentation_url = url("/documentation") - Mailer.send_new_activation_notification(api_user, documentation_url) - } - "User successfully activated!" - else - "User not found!" - end - } - - DEACTIVATE_USER = -> { - protected! - - if api_user = ApiUser.find_by_token(params["token"]) - api_user.deactivate! - "User successfully deactivated!" - else - "User not found!" - end - } - - - # Register to Sinatra app - ######################### - def self.registered(app) - app.get "/api_users/:token/activate", &ACTIVATE_USER - app.get "/api_users/:token/deactivate", &DEACTIVATE_USER - end - end -end diff --git a/web/controllers/documentation.rb b/web/controllers/documentation.rb index 70bd884..a664212 100644 --- a/web/controllers/documentation.rb +++ b/web/controllers/documentation.rb @@ -1,16 +1,10 @@ -module Web - module DocumentationController - # Routes - ######## - SHOW_DOCUMENTATION = -> { - erb :documentation, layout: :layout - } +module Web; end - # Register to Sinatra app - ######################### - def self.registered(app) - app.get "/documentation", &SHOW_DOCUMENTATION - end +class Web::DocumentationController < Sinatra::Base + set :views, File.join(settings.root, '../views') + + get("/documentation") do + erb :documentation, layout: :layout end end diff --git a/web/controllers/requests.rb b/web/controllers/requests.rb index 6f80619..0e57166 100644 --- a/web/controllers/requests.rb +++ b/web/controllers/requests.rb @@ -1,28 +1,36 @@ -module Web - module RequestsController - # Routes - ######## - SHOW_REQUEST = -> { - erb :request, layout: :layout - } +module Web; end - POST_REQUEST = -> { - if @new_user = create_api_user(params) - Thread.new { - activation_url = url("/admin") - Mailer.send_new_request_notification(@new_user, activation_url) - } - erb :request_success, layout: :layout - else - erb :request_error, layout: :layout - end - } +class Web::RequestsController < Sinatra::Base + set :views, File.join(settings.root, '../views') - # Register to Sinatra app - ######################### - def self.registered(app) - app.get "/request", &SHOW_REQUEST - app.post "/request", &POST_REQUEST + get("/request") do + erb :request, layout: :layout + end + + post("/request") do + if @new_user = create_api_user(params) + Thread.new{ send_notification(@new_user) } + erb :request_success, layout: :layout + else + erb :request_error, layout: :layout end end + + private + + def send_notification(new_user) + activation_url = url("/admin") + Mailer.send_new_request_notification(new_user, activation_url) + end + + def create_api_user params + ApiUser.create( + email: params["email"], + full_name: params["fullname"], + company: params["company"], + reason: params["reason"], + active: false, + token: ApiUser.new_token + ) + end end diff --git a/web/root.rb b/web/root.rb index b902292..fc548a0 100644 --- a/web/root.rb +++ b/web/root.rb @@ -2,7 +2,6 @@ require "web/helpers" require "web/controllers/admin" -require "web/controllers/api_users" require "web/controllers/documentation" require "web/controllers/requests" @@ -12,11 +11,9 @@ class Root < Sinatra::Base erb :home, layout: :layout end - helpers Web::Helpers - register Web::AdminController - register Web::ApiUsersController - register Web::DocumentationController - register Web::RequestsController + use Web::AdminController + use Web::DocumentationController + use Web::RequestsController end end