scalableinternetservicesarchive · aroddick · Nov 5, 2021 · Nov 3, 2021 · Nov 4, 2021 · Nov 4, 2021
diff --git a/.gitignore b/.gitignore
@@ -34,3 +34,5 @@
 /yarn-error.log
 yarn-debug.log*
 .yarn-integrity
+
+*.DS_Store
diff --git a/Dockerfile b/Dockerfile
@@ -2,7 +2,7 @@ FROM ruby:2.7.4
 
 RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add \
   && echo "deb https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list \
-  && apt-get update && apt-get install -y nodejs yarn --no-install-recommends \
+  && apt-get update && apt-get install -y nodejs yarn vim --no-install-recommends \
   && gem install rails
 
 WORKDIR /app

diff --git a/Gemfile b/Gemfile
@@ -14,14 +14,17 @@ gem 'sass-rails', '>= 6'
 # Transpile app-like JavaScript. Read more: https://github.com/rails/webpacker
 gem 'webpacker', '~> 5.0'
 # Use Active Model has_secure_password
-# gem 'bcrypt', '~> 3.1.7'
+gem 'bcrypt', '~> 3.1.7'
 
 # Use Active Storage variant
 # gem 'image_processing', '~> 1.2'
 
 # Reduces boot times through caching; required in config/boot.rb
 gem 'bootsnap', '>= 1.4.4', require: false
 
+# Use Rack CORS for handling Cross-Origin Resource Sharing (CORS), making cross-origin AJAX possible
+gem 'rack-cors'
+
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console
   gem 'byebug', platforms: [:mri, :mingw, :x64_mingw]
@@ -41,3 +44,9 @@ end
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
 gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
 gem 'sassc', '~> 2.1.0'
+
+gem "jwt", "~> 2.3"
+
+gem "active_model_serializers", "~> 0.10.12"
+
+gem "faker", "~> 2.19"
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -39,6 +39,11 @@ GEM
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    active_model_serializers (0.10.12)
+      actionpack (>= 4.1, < 6.2)
+      activemodel (>= 4.1, < 6.2)
+      case_transform (>= 0.2)
+      jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
     activejob (6.1.4.1)
       activesupport (= 6.1.4.1)
       globalid (>= 0.3.6)
@@ -60,19 +65,26 @@ GEM
       minitest (>= 5.1)
       tzinfo (~> 2.0)
       zeitwerk (~> 2.3)
+    bcrypt (3.1.16)
     bindex (0.8.1)
     bootsnap (1.9.1)
       msgpack (~> 1.0)
     builder (3.2.4)
     byebug (11.1.3)
+    case_transform (0.2)
+      activesupport
     concurrent-ruby (1.1.9)
     crass (1.0.6)
     erubi (1.10.0)
+    faker (2.19.0)
+      i18n (>= 1.6, < 2)
     ffi (1.15.4)
     globalid (0.5.2)
       activesupport (>= 5.0)
     i18n (1.8.10)
       concurrent-ruby (~> 1.0)
+    jsonapi-renderer (0.2.2)
+    jwt (2.3.0)
     listen (3.7.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
@@ -96,6 +108,8 @@ GEM
       nio4r (~> 2.0)
     racc (1.6.0)
     rack (2.2.3)
+    rack-cors (1.1.1)
+      rack (>= 2.0.0)
     rack-mini-profiler (2.3.3)
       rack (>= 1.2.0)
     rack-proxy (0.7.0)
@@ -174,11 +188,16 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  active_model_serializers (~> 0.10.12)
+  bcrypt (~> 3.1.7)
   bootsnap (>= 1.4.4)
   byebug
+  faker (~> 2.19)
+  jwt (~> 2.3)
   listen (~> 3.3)
   pg (~> 1.1)
   puma (~> 5.0)
+  rack-cors
   rack-mini-profiler (~> 2.0)
   rails (~> 6.1.4, >= 6.1.4.1)
   sass-rails (>= 6)

diff --git a/app/assets/stylesheets/login.scss b/app/assets/stylesheets/login.scss
@@ -0,0 +1,3 @@
+// Place all the styles related to the login controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: https://sass-lang.com/
diff --git a/app/assets/stylesheets/register.scss b/app/assets/stylesheets/register.scss
@@ -0,0 +1,3 @@
+// Place all the styles related to the register controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: https://sass-lang.com/
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -1,2 +1,39 @@
 class ApplicationController < ActionController::Base
+  before_action :authorized
+  SECRET_KEY = Rails.application.secrets.secret_key_base. to_s
+
+  def encode_token(payload, exp = 2.hours.from_now)
+    payload[:exp] = exp.to_i
+    JWT.encode(payload, SECRET_KEY)
+  end
+
+  def auth_header
+    request.headers['Authorization']
+  end
+
+  def decoded_token
+    if auth_header
+      token = auth_header.split(' ')[1]
+      begin
+        JWT.decode(token, SECRET_KEY, true, algorithm: 'HS256')
+      rescue JWT::DecodeError
+        nil
+      end
+    end
+  end
+
+  def current_user
+    if decoded_token
+      user_id = decoded_token[0]['user_id']
+      @user = User.find_by(id: user_id)
+    end
+  end
+
+  def logged_in?
+    !!current_user
+  end
+
+  def authorized
+    render json: { message: 'Please log in' }, status: :unauthorized unless logged_in?
+  end
 end
diff --git a/app/controllers/login_controller.rb b/app/controllers/login_controller.rb
@@ -0,0 +1,20 @@
+class LoginController < ApplicationController
+  skip_before_action :verify_authenticity_token, :authorized, only: [:create]
+
+  def create
+    @user = User.find_by(username: user_login_params[:username])
+    #User#authenticate comes from BCrypt
+    if @user && @user.authenticate(user_login_params[:password])
+      @token = encode_token({ user_id: @user.id })
+      time = Time.now + 2.hours.to_i
+      render json: { user: UserSerializer.new(@user), jwt: @token, exp: time }, status: :accepted
+    else
+      render json: { message: 'Invalid username or password' }, status: :unauthorized
+    end
+  end
+
+  private
+  def user_login_params
+    params.require(:user).permit(:username, :password)
+  end
+end
diff --git a/app/controllers/register_controller.rb b/app/controllers/register_controller.rb
@@ -0,0 +1,23 @@
+class RegisterController < ApplicationController
+  skip_before_action :verify_authenticity_token, :authorized, only: [:create]
+
+  def create
+    if User.exists?(username: user_params[:username])
+      render json: { error: 'Username taken'}, status: 409
+      return
+    end
+    @user = User.create(user_params)
+    if @user.valid?
+      @token = encode_token({ user_id: @user.id })
+      time = Time.now + 2.hours.to_i
+      render json: { user: UserSerializer.new(@user), jwt: @token, exp: time }, status: :created
+    else
+      render json: { errors: @user.errors.full_messages }, status: :unprocessable_entity
+    end
+  end
+
+  private
+  def user_params
+    params.require(:user).permit(:username, :password, :role)
+  end
+end
diff --git a/app/helpers/login_helper.rb b/app/helpers/login_helper.rb
@@ -0,0 +1,2 @@
+module LoginHelper
+end
diff --git a/app/helpers/register_helper.rb b/app/helpers/register_helper.rb
@@ -0,0 +1,2 @@
+module RegisterHelper
+end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -1,6 +1,6 @@
 class User < ApplicationRecord
-    enum role: [:buyer, :seller]
-    validates :username, presence: true
-    validates :password, presence: true
-    validates :role, presence: true
+  has_secure_password
+  enum role: [:buyer, :seller]
+  validates :username, presence: true, uniqueness: { case_sensitive: false }
+  validates :role, presence: true
 end
diff --git a/app/serializers/user_serializer.rb b/app/serializers/user_serializer.rb
@@ -0,0 +1,3 @@
+class UserSerializer < ActiveModel::Serializer
+  attributes :username, :role
+end
diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb
@@ -0,0 +1,7 @@
+Rails.application.config.middleware.insert_before 0, Rack::Cors do
+  allow do
+    # Change to frontend domain
+    origins '*'
+    resource '*', headers: :any, methods: :any
+  end
+end
diff --git a/config/routes.rb b/config/routes.rb
@@ -2,4 +2,6 @@
   root "doughnuts#index"
   # For details on the DSL available within this file, see https://guides.rubyonrails.org/routing.html
   resources :doughnuts
+  resources :register, only: [:create]
+  resources :login, only: [:create]
 end
diff --git a/db/migrate/20211101054308_remove_quantity_from_doughnuts.rb b/db/migrate/20211101054308_remove_quantity_from_doughnuts.rb
@@ -1,5 +1,5 @@
 class RemoveQuantityFromDoughnuts < ActiveRecord::Migration[6.1]
   def change
-    remove_column :doughnuts, :quantity, :float
+    # remove_column :doughnuts, :quantity, :float
   end
 end
diff --git a/db/migrate/20211103042845_create_users.rb b/db/migrate/20211103042845_create_users.rb
@@ -2,7 +2,7 @@ class CreateUsers < ActiveRecord::Migration[6.1]
   def change
     create_table :users do |t|
       t.string :username
-      t.string :password
+      t.string :password_digest
       t.integer :role
 
       t.timestamps

diff --git a/db/schema.rb b/db/schema.rb
diff --git a/test/controllers/login_controller_test.rb b/test/controllers/login_controller_test.rb
@@ -0,0 +1,7 @@
+require "test_helper"
+
+class LoginControllerTest < ActionDispatch::IntegrationTest
+  # test "the truth" do
+  #   assert true
+  # end
+end
diff --git a/test/controllers/register_controller_test.rb b/test/controllers/register_controller_test.rb
@@ -0,0 +1,7 @@
+require "test_helper"
+
+class RegisterControllerTest < ActionDispatch::IntegrationTest
+  # test "the truth" do
+  #   assert true
+  # end
+end
diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml
@@ -2,10 +2,10 @@
 
 one:
   username: MyString
-  password: MyString
+  password_digest: MyString
   role: 1
 
 two:
   username: MyString
-  password: MyString
+  password_digest: MyString
   role: 1