A test project for the code challenge
- Apipie for documentation with basic auth access
- Registration and authentication via API with Devise
- JWT as additional authorization Devise strategy
- Some API calls required authorization with JWT
- Filtering results with model scopes
- Rspec + Factory Bot tests for models and API calls
- Parsing heroes' remote data with rake task
- Active Admin as admin panel
-
Ruby version: 2.4.1
-
Database: PosgreSQL
-
Clone the repo.
-
Update the file with your databases
config/database.yml. -
Run
bundle installto install gems. -
Run
rails db:setupto init database and seed.
Run the test suite rspec.
At this point all test should pass.
Run rails heroes_source:parse to fetch heroes data from remote source and persist it in DB.
And now start the rails server rails s and let's have some fun!
Visit Apipie path to get API documentation. Use the next credentials:
- username:
heroes - password:
heroes
Of course you can disable user authentication, and access API actions without it, but it's not interesting. Let's access our restricted API with auth token. First we should obtain it. You can get it from registration and authentication processes. Run from the terminal to register a new user:
$ curl -X POST -d 'user[email][email protected]&user[password]=123123123' -D - localhost:3000/api/users/sign_upor authenticate with existed user:
$ curl -X POST -d 'user[email][email protected]&user[password]=123123123' -D - localhost:3000/api/users/sign_inHere's an example of response with Authorization header:
HTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Authorization: eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1MTYxODI1MDl9.41O9gQW4_V3Ywy3Mn2VsHYl92Nac453cNOPn33w5G6U
Content-Type: application/json; charset=utf-8
ETag: W/"805dfd5764cb831055aaa353c2b728a3"
Cache-Control: max-age=0, private, must-revalidate
Set-Cookie: _heroes_session=Z0M5dVkyZW9FN3dZWm9HcnVoUms3SUhGVmI5dWczd2lhSC9HZ28vV2JTOUlaZlJQRzFSWVlROWl3QlBCZHMzYWQxSThTeDFTZk9nNENDc1dyMjh3Slp0Z3E4dVZtUkNKNXpoZ2h5bzVPV1p1K05GRmFKb0FQYnFNOUtyaU5vcnVnRExNUnc4MTZsZmpOdmx0WVgrcFZTeklGNFMxWEdNcHYweGYvNHpuUWI1U0tlT2RvMVAzTHgraWFMb1V0MWdGLS02RHg4Unl6TlZpc1kyT2QrdGpEWS9BPT0%3D--35a63d15f907801c31ac64f69d2b1a2f3a9e5b0d; path=/; HttpOnly
X-Request-Id: 27d0d2ab-647c-4690-b38a-bed1085f7682
X-Runtime: 0.238648
Transfer-Encoding: chunkedAnd the user info in the body:
{"id":1,"email":"[email protected]","created_at":"2017-12-18T00:02:35.785Z"}To make using token easy put it into variable. Mind Bearer in the header according with W3C specification.
$ export token="Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1MTYxODI1MDl9.41O9gQW4_V3Ywy3Mn2VsHYl92Nac453cNOPn33w5G6U"Now you able to access API calls with token in request header. Without token you'll get 401 error. Here're examples of API calls:
$ curl -X GET -H "$token" http://localhost:3000/api/heros
$ curl -X GET -H "$token" http://localhost:3000/api/heros/13
$ curl -X GET -H "$token" http://localhost:3000/api/heros/13/abilities
$ curl -X GET -H "$token" http://localhost:3000/api/abilities
$ curl -X GET -H "$token" http://localhost:3000/api/abilities/13Each time you'll get in response body a JSON object with persisted data or with error and corresponding http status. For more information please access Apipie documentation.
Visit admin panel to manage stored data.
- username:
[email protected] - password:
password