Initial API Structure + Auth Route#4976
Conversation
github-actions
Bot
added
dependencies
|
@seanmarcia can I get some feedback please? Thank you! |
michaelruhl
left a comment
michaelruhl
left a comment
There was a problem hiding this comment.
lgtm, I'd be curious to know if @seanmarcia has any tips though :)
|
Hey, sorry for the slow reply. Our large in-person Ruby for Good event is happening this weekend so things have been pretty hectic. Yes, this is a much better direction and is a great start! |
xihai01
changed the title
|
not to sure why rspec and docker is failing.. |
littleforest
left a comment
littleforest
left a comment
There was a problem hiding this comment.
Thanks for getting a start on this. We will also need API documentation. I personally like to use the rswag gem which has you create request specs, and from there it will generate Swagger API documentation.
|
@xihai01 thanks for your changes. There are a lot of unaddressed comments and requests in the PR from the previous review. Also, could you please merge or rebase and fix the merge conflict? |
ah, my bad. It seems I missed them. I'll work on it right away! |
|
@littleforest I've addressed your suggestions and changes! |
|
@littleforest any thoughts? Is it good to merge? |
littleforest
left a comment
littleforest
left a comment
There was a problem hiding this comment.
@xihai01 thank you for addressing all of those changes. Sorry for the delay in review.
| Rails.application.routes.draw do | ||
| get "/index", to: "base#index" | ||
| end | ||
| end |
There was a problem hiding this comment.
This is okay for now, but let's remove once we have a route we can actually test authentication against.
|
@xihai01 looks like there are a number of merge conflicts now (sorry again for the delay). Can you merge in main and address the conflicts? |
5 participants
As per discussions in #4934
What github issue is this PR for, if any?
This PR sets up the initial structure of the API for the app we are building. An auth route for sign in is also added.
Unlike before, the api routes will start with the
/api/v1/*pattern.It isn't linked to any issue in this repo - we forked a copy of this repo and are working on that forked copy.
What changed, and why?
No longer using JWT with devise-jwt gem - instead, opted for a token based authentication approach.
In a nutshell, a token col is created for every row in the user table. The server sends this token in its response body to the client when they sign in. For future requests to server, the client sends this token in its request authorization header.
The reason is because configuring devise to also authenticate (in addition with the current existing web app auth) using devise-jwt was a major headache. I guess it is doable, but would require too much altering existing controllers and files.
I also added active model serializers to help structuring the json data.
Please take a look at the code and give me some feedback! Thank you.
How is this tested? (please write tests!) 💖💪
I created api specs for good/bad login to verify correct headers to ensure correct responses were sent such as token and error msg for bad credentials.
rswag gem used to create api documentations.
Postman was used to verify by hitting the login route for the api.
Screenshots please :)
Postman: Successful login
Postman: Unsuccessful login
Feedback please? (optional)
We are very interested in your feedback! Please give us some :) https://forms.gle/1D5ACNgTs2u9gSdh9