aheh/bit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: auth middleware

Browse Source 
- CORS headers
- Get all links that belong to user
This commit is contained in:
Juan Rodriguez
2024-05-13 22:34:35 +02:00
parent 0ad534065c
commit 7f2a27ec79
9 changed files with 50 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.env.development
+1 -1
View File
@@ -1,2 +1,2 @@
DATABASE_URL=sqlite3://./sqlite/data.db?journal_mode=wal&synchronous=normal DATABASE_URL=sqlite3://./sqlite/data.db?journal_mode=wal&synchronous=normal&foreign_keys=true
APP_URL=http://localhost:4000 APP_URL=http://localhost:4000
README.md
+2 -3
View File
@@ -21,14 +21,13 @@ TODO: Write usage instructions here
```bash ```bash
DATABASE_URL=sqlite3://./sqlite/data.db micrate up DATABASE_URL=sqlite3://./sqlite/data.db micrate up
crystal run url-shortener.cr shards run url-shortener
``` ```
## Build ## Build
```bash ```bash
crystal build url-shortener.cr --release --progress shards build
ENV=production ./url-shortener
``` ```
## Contributing ## Contributing
app/lib/errors.cr
+15
View File
@@ -9,6 +9,21 @@ module App
end end
end end
class UnauthorizedException < Kemal::Exceptions::CustomException
def initialize(context)
context.response.status_code = 401
super(context)
end
end
class ForbiddenException < Kemal::Exceptions::CustomException
def initialize(context)
context.response.status_code = 403
context.response.print({ "error" => "Access not allowed" }.to_json)
super(context)
end
end
class NotFoundException < Kemal::Exceptions::CustomException class NotFoundException < Kemal::Exceptions::CustomException
def initialize(context) def initialize(context)
context.response.status_code = 404 context.response.status_code = 404
app/middlewares/auth.cr
+19
View File
@@ -0,0 +1,19 @@
module App::Middlewares
class Auth < Kemal::Handler
include App::Models
include App::Lib
exclude ["/api/ping", "/:slug"]
def call(env)
return call_next(env) if exclude_match?(env)
begin
user = Database.get_by!(User, api_key: env.request.headers["X-Api-Key"])
env.set "user", user
rescue exception
raise App::UnauthorizedException.new(env)
end
call_next(env)
end
end
end
app/routes.cr
+8 -2
View File
@@ -2,6 +2,12 @@ require "./controllers/**"
module App module App
before_all do |env| before_all do |env|
env.response.headers["Access-Control-Allow-Origin"] = "*"
env.response.headers["Access-Control-Allow-Methods"] = "GET, POST, PUT, DELETE, OPTIONS"
env.response.headers["Access-Control-Allow-Headers"] = "Content-Type, Accept, X-Api-Key"
end
after_all do |env|
env.response.content_type = "application/json" env.response.content_type = "application/json"
end end
@@ -13,8 +19,8 @@ module App
Controllers::Link::Index.new.call(env) Controllers::Link::Index.new.call(env)
end end
get "/api/links/:id" do |env| get "/api/links" do |env|
Controllers::Link::Read.new.call(env) Controllers::Link::All.new.call(env)
end end
post "/api/links" do |env| post "/api/links" do |env|
bruno/Delete Link.bru
+1 -1
View File
@@ -5,7 +5,7 @@ meta {
} }
delete { delete {
url: {{baseUrl}}/api/links/ad9fb116-9e5b-45b7-b272-5285b579d2e4 url: {{baseUrl}}/api/links/995c5abf-2506-4d3e-b664-f2168c34b936
body: none body: none
auth: none auth: none
} }
bruno/Get Link.bru
-11
View File
@@ -1,11 +0,0 @@
meta {
name: Get Link
type: http
seq: 3
}
get {
url: {{baseUrl}}/api/links/d017c966-c28b-4c4c-a83e-97bce81ee6e7
body: none
auth: none
}
bruno/Index Link.bru
+2 -2
View File
@@ -1,11 +1,11 @@
meta { meta {
name: Index Link name: Index Link
type: http type: http
seq: 4 seq: 5
} }
get { get {
url: {{baseUrl}}/3JQV8w url: {{baseUrl}}/HkIN8g
body: none body: none
auth: none auth: none
} }
bruno/Update Link.bru
+2 -2
View File
@@ -1,11 +1,11 @@
meta { meta {
name: Update Link name: Update Link
type: http type: http
seq: 5 seq: 6
} }
put { put {
url: {{baseUrl}}/api/links/0da9dc9d-c56c-4d4e-942e-1ebf05ed7090 url: {{baseUrl}}/api/links/b5a0112d-49e6-4bc9-bd2b-6d5cc10cd5d2
body: json body: json
auth: none auth: none
} }