技術部ã®å°é‡Ž(@taiki45)ã§ã™ã€‚ã“ã®è¨˜äº‹ã§ã¯ç°¡å˜ãªã‚¢ãƒ—リケーション(ブãƒã‚°ã‚·ã‚¹ãƒ†ãƒ )ã®å®Ÿè£…を通ã—ã¦ã€ã‚¯ãƒƒã‚¯ãƒ‘ッドã§ä½œæˆãƒ»ä½¿ç”¨ã—ã¦ã„るライブラリã®Garage ã®ç´¹ä»‹ã¨ Garage を使ã£ãŸ RESTful Web API ã®é–‹ç™ºã‚’ã”紹介ã—ãŸã„ã¨æ€ã„ã¾ã™ã€‚
Garage 㯠RESTful Web API を開発ã™ã‚‹ãŸã‚ã®ã€ Rails gemified plugins ã§ã™ã€‚Rails プãƒã‚°ãƒ©ãƒžã¯ Garage を使ã£ã¦ Rails ã‚’æ‹¡å¼µã™ã‚‹ã“ã¨ã§ç´ æ—©ã Web API を開発ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚Garage ã¯æ–°ã—ãアプリケーションを開発ã™ã‚‹å ´åˆã«ã‚‚ã€æ—¢å˜ã® Rails アプリケーションã«çµ„ã¿è¾¼ã‚“㧠Web API を実装ã™ã‚‹å ´åˆã§ã‚‚使用ã§ãã¾ã™ã€‚Garage ã¯ãƒªã‚½ãƒ¼ã‚¹ã®ã‚·ãƒªã‚¢ãƒ©ã‚¤ã‚ºã‚„アクセスコントãƒãƒ¼ãƒ«ãªã© Web API ã®å®Ÿè£…ã«å¿…è¦ãªæ©Ÿèƒ½ã‚’ã‚«ãƒãƒ¼ã—ã¦ã„ã¾ã™ã€‚
RubyKaigi2014 ã«ã¦ Garage ã® OSS 化をãŠçŸ¥ã‚‰ã›ã—ã¾ã—ãŸãŒã€å®Ÿéš›ã®ã‚¢ãƒ—リケーション開発å‘ã‘ã®æƒ…å ±ãŒå°‘ãªã„ã®ã§ã€ã“ã®è¨˜äº‹ã¨ã‚µãƒ³ãƒ—ルアプリケーションを通ã˜ã¦è£œå®Œã—ãŸã„ã¨æ€ã„ã¾ã™ã€‚
ã“ã®è¨˜äº‹ã§å®Ÿè£…ã™ã‚‹ãƒ–ãƒã‚°ã‚¢ãƒ—リケーションã®ã‚³ãƒ¼ãƒ‰ã¯ https://github.com/taiki45/garage-example ã«ã‚ã‚Šã¾ã™ã€‚
今回実装ã™ã‚‹ã‚¢ãƒ—リケーション
次ã®ã‚ˆã†ãªãƒ–ãƒã‚°ã‚·ã‚¹ãƒ†ãƒ を実装ã—ã¾ã™ã€‚
- アプリケーションãŒæä¾›ã™ã‚‹ãƒªã‚½ãƒ¼ã‚¹ã¯ãƒã‚°ã‚¤ãƒ³ãƒ¦ãƒ¼ã‚¶ãƒ¼ã§ã‚ã‚‹ user ã¨æŠ•ç¨¿ã•ã‚ŒãŸæŠ•ç¨¿ã§ã‚ã‚‹ post ã®2ã¤ã€‚
- user ã«ã¤ã„ã¦ä»¥ä¸‹ã®æ“作をæä¾›ã—ã¾ã™
- ユーザーã®ä¸€è¦§ã®è¡¨ç¤º
GET /v1/users - ãã‚Œãžã‚Œã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®æƒ…å ±ã®è¡¨ç¤º
GET /v1/users/:user_id - 自身ã®æƒ…å ±ã®æ›´æ–°
PUT /v1/users/:user_id
- ユーザーã®ä¸€è¦§ã®è¡¨ç¤º
- post ã«ã¤ã„ã¦ã¯ä»¥ä¸‹ã®æ“作をæä¾›ã—ã¾ã™ã€‚
- æ–°è¦è¨˜äº‹ã®ä½œæˆ
POST /v1/posts - アプリケーション全体ã®è¨˜äº‹ã®ä¸€è¦§ã®è¡¨ç¤º
GET /v1/posts - ã‚るユーザーã®æŠ•ç¨¿ã—ãŸè¨˜äº‹ä¸€è¦§ã®è¡¨ç¤º
GET /v1/users/:user_id/posts - ãã‚Œãžã‚Œã®è¨˜äº‹ã®æƒ…å ±ã®è¡¨ç¤º
GET /v1/posts/:post_id - 自身ã®æŠ•ç¨¿ã—ãŸè¨˜äº‹ã®æ›´æ–°
PUT /v1/posts/:post_id - 投稿ã—ãŸè¨˜äº‹ã®å‰Šé™¤
DELETE /v1/posts/:post_id
- æ–°è¦è¨˜äº‹ã®ä½œæˆ
- user ã®ä½œæˆã‚„削除ã«ã¤ã„ã¦ã¯å®Ÿè£…ã—ã¾ã›ã‚“。
実際ã®é–‹ç™ºã ã¨ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‚¢ãƒ—リケーション㮠API 利用ã®ä»•æ–¹ã«ã‚ˆã£ã¦ã€ãƒªã‚½ãƒ¼ã‚¹ã® URL 表ç¾ã‚„リソースã®é–¢ä¿‚ã®è¡¨ç¾æ–¹æ³•(リソースを埋ã‚è¾¼ã¿ã§ãƒ¬ã‚¹ãƒãƒ³ã‚¹ã™ã‚‹ã‹ãƒã‚¤ãƒ‘ーリンクã¨ã—ã¦ãƒ¬ã‚¹ãƒãƒ³ã‚¹ã™ã‚‹ã‹)ã¯ç•°ãªã‚Šã¾ã™ã€‚今回ã¯ã“ã®ã‚ˆã†ã«è¨è¨ˆã—ã¾ã™ã€‚
Rails new
ãã‚Œã§ã¯å®Ÿéš›ã«ãƒ–ãƒã‚°ã‚¢ãƒ—リケーションを実装ã—ã¦ã„ãã¾ã™ã€‚Garage 㯠Rails ã® gemified plugin ãªã®ã§ã‚¢ãƒ—リケーションã®ä½œæˆã«ã¤ã„ã¦å¤‰æ›´ã™ã‚‹ç‚¹ã¯ã‚ã‚Šã¾ã›ã‚“。
Garage アプリケーションã®é–‹ç™ºã«ã¯å…¸åž‹çš„ã«ã¯ RSpec を使用ã™ã‚‹ã®ã§ã€ã“ã“ã§ã¯ --skip-testunit フラグを付ã‘㦠rails new コマンドを実行ã—ã¾ã™ã€‚
⯠rails new blog --skip-bundle --skip-test-unit -q && cd blog
開発ã«å¿…è¦ãª gem ã‚’è¿½åŠ ã—ã¾ã™ã€‚ç¾åœ¨ rubygems.org ã§ãƒ›ã‚¹ãƒˆã•ã‚Œã¦ã„ã‚‹ garage gem ã¯ã“ã®è¨˜äº‹ã§æ‰±ã£ã¦ã„ã‚‹ Garage ã¨ã¯åˆ¥ã® gem ã§ã™ã®ã§ã€Bundler ã® github shorthand を使ã£ã¦ Garage を指定ã—ã¾ã™ã€‚
# Gemfile +gem 'garage', github: 'cookpad/garage' + +group :development, :test do + gem 'factory_girl_rails', '~> 4.5.0' + gem 'pry-rails', '~> 0.3.2' + gem 'rspec-rails', '~> 3.1.0' +end +
bundle install 㨠rspec helper ã®è¨å®šã‚’è¡Œã£ã¦ãŠãã¾ã™ã€‚
⯠bundle install ⯠bundle exec rails g rspec:install
# spec/rails_helper.rb -# Dir[Rails.root.join("spec/support/**/*.rb")].each { |f| require f } +Dir[Rails.root.join("spec/support/**/*.rb")].each { |f| require f } # spec/spec_helper.rb -# The settings below are suggested to provide a good initial experience -# with RSpec, but feel free to customize to your heart's content. -=begin # These two settings work together to allow you to limit a spec run # to individual examples or groups you care about by tagging them with # `:focus` metadata. When nothing is tagged with `:focus`, all examples @@ -81,5 +78,4 @@ RSpec.configure do |config| # test failures related to randomization by passing the same `--seed` value # as the one that triggered the failure. Kernel.srand config.seed -=end end # spec/support/factory_girl.rb +RSpec.configure do |config| + config.include FactoryGirl::Syntax::Methods +end
Configuration and authentication/authorization
bundle install ã‚„ rspec helper ã®è¨å®šã‚’終ãˆãŸå¾Œã¯ã€Garage åˆæœŸè¨å®šã¨èªå¯ãƒ©ã‚¤ãƒ–ラリ㮠Doorkeeper ã®åˆæœŸè¨å®šã‚’ã—ã¾ã™ã€‚
Doorkeeper 㯠Rails アプリケーション㫠OAuth 2 provider ã®æ©Ÿèƒ½ã‚’æŒãŸã›ã‚‹ãŸã‚ã® gem ã§ã™ã€‚Garage 㯠Doorkeeper を用ã„ã¦èªå¯æ©Ÿèƒ½ã‚’æä¾›ã—ã¾ã™ã€‚
クックパッドã§ã¯è¤‡æ•°ã® Garage アプリケーションãŒå˜åœ¨ã—ã¦ã„ã‚‹ã®ã§ã€Doorkeeper を使用ã›ãšã«ã€èªè¨¼èªå¯ã‚µãƒ¼ãƒãƒ¼ã¸èªè¨¼èªå¯ã‚’委è²ã™ã‚‹ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã‚’ Garage ã«è¿½åŠ ã—ã¦ã„ã¾ã™ã€‚ã“ã®ã‚ˆã†ãª Doorkeeper 以外ã®èªå¯å®Ÿè£…ã‚„èªå¯ã‚’è¡Œã‚ãªã„実装ã¸ã®å¯¾å¿œã¯ Garage 本体ã¸è¿½åŠ 予定ã§ã™ã€‚
今回実装ã™ã‚‹ã‚¢ãƒ—リケーションã§ã¯ Doorkeeper を用ã„ã¦1アプリケーション内ã§èªè¨¼èªå¯ã‚’完çµã•ã›ã¾ã™ã€‚config/initializers/garage.rb を作æˆã—ã€Garage 㨠Doorkeeper ã®è¨å®šã‚’è¿½åŠ ã—ã¾ã™ã€‚
# config/initializers/garage.rb +Garage.configure {} +Garage::TokenScope.configure {} + +Doorkeeper.configure do + orm :active_record + default_scopes :public + optional_scopes(*Garage::TokenScope.optional_scopes) + + resource_owner_from_credentials do |routes| + User.find_by(email: params[:username]) + end +end # config/routes.rb Rails.application.routes.draw do + use_doorkeeper end
Garage ã®è¨å®šã®éª¨çµ„ã¿ã¨ä»Šå›žã®ã‚¢ãƒ—リケーション用㮠Doorkeeper ã®è¨å®šã‚’è¿½åŠ ã—ã¦ã„ã¾ã™ã€‚resource_owner_from_credentials メソッドã§è¨å®šã—ã¦ã„ã‚‹ã®ã¯ OAuth2 ã® Resource Owner Password Credentials Grant を使用ã—ãŸæ™‚ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®èªè¨¼æ–¹æ³•ã§ã™ã€‚今回ã¯ç°¡å˜ã«ã™ã‚‹ãŸã‚ã€ãƒ‘スワード無ã—ã§ãƒ¡ãƒ¼ãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹ã®ã¿ã‚’用ã„ã¦èªè¨¼ã‚’è¡Œã„ã¾ã™ã€‚
è¨å®šã‚’定義ã—ãŸå¾Œã¯ã€Doorkeeper ãŒæä¾›ã™ã‚‹ migration を生æˆã—ã¦å®Ÿè¡Œã—ã¦ãŠãã¾ã™ã€‚
⯠bundle exec rails generate doorkeeper:migration ⯠bundle exec rake db:create db:migrate
Start with GET /v1/users
ã¾ãšã¯ã‚³ãƒ³ãƒˆãƒãƒ¼ãƒ©ãƒ¼ã‚„モデルã®ä½œæˆã‚’è¡Œã£ã¦ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼æƒ…å ±ã® GET ãŒã§ãã‚‹ã¨ã“ã‚ã¾ã§é€²ã‚ã¾ã™ã€‚
コントãƒãƒ¼ãƒ©ãƒ¼ã®ä½œæˆ
Rails 標準㮠ApplicationController ã‚ã‚‹ã„ã¯ã™ã§ã«å®Ÿè£…ã•ã‚Œã¦ã„ã‚‹ Rails アプリケーション㫠Garage を使用ã™ã‚‹å ´åˆã¯ãã‚Œã«æº–ãšã‚‹æŠ½è±¡ã‚³ãƒ³ãƒˆãƒãƒ¼ãƒ©ãƒ¼ã‚¯ãƒ©ã‚¹(ApiController ãªã©)ã« Garage::ControllerHelper ã‚’ include ã—ã¾ã™ã€‚ControllerHelper ã¯å…¨ã¦ã®ã‚³ãƒ³ãƒˆãƒãƒ¼ãƒ©ãƒ¼ã«å…±é€šã®åŸºæœ¬çš„ãªãƒ•ã‚£ãƒ«ã‚¿ã¨ãƒ¡ã‚½ãƒƒãƒ‰ã‚’æä¾›ã—ã¾ã™ã€‚Doorkeeper を使用ã—ãŸèªè¨¼ã¨èªå¯ã‚‚è¡Œã‚ã‚Œã¾ã™ã€‚
# app/controllers/application_controller.rb + + include Garage::ControllerHelper + + def current_resource_owner + @current_resource_owner ||= User.find(resource_owner_id) if resource_owner_id + end end
Garage ã®è¦ç´„ã¨ã—ã¦ã“ã“ã§ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒå®šç¾©ã™ã¹ãã‚‚ã®ã¯ current_resource_owner ã¨ã„ã†ãƒ¡ã‚½ãƒƒãƒ‰ã§ã™ã€‚ã“ã®ãƒ¡ã‚½ãƒƒãƒ‰ã¯ãƒªã‚¯ã‚¨ã‚¹ãƒˆã•ã‚ŒãŸã‚¢ã‚¯ã‚»ã‚¹ãƒˆãƒ¼ã‚¯ãƒ³ã«ç´ä»˜ã„ã¦ã„ã‚‹ãƒªã‚½ãƒ¼ã‚¹ã‚ªãƒ¼ãƒŠãƒ¼æƒ…å ±ã‚’ä½¿ç”¨ã—ã¦ã‚¢ãƒ—リケーションã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚ªãƒ–ジェクトã¸å¤‰æ›ã™ã‚‹ã“ã¨ãŒæœŸå¾…ã•ã‚Œã¦ã„ã¾ã™ã€‚注æ„ã™ã‚‹ç‚¹ã¨ã—ã¦ã¯ã€OAuth2 ã® client credentials ãªã©ã® grant type ã§èªå¯ã—ãŸã‚¢ã‚¯ã‚»ã‚¹ãƒˆãƒ¼ã‚¯ãƒ³ã«ã¤ã„ã¦ã¯ãƒªã‚½ãƒ¼ã‚¹ã‚ªãƒ¼ãƒŠãƒ¼æƒ…å ±ãŒç´ã¤ã‹ãªã„ã®ã§ nil ãŒå…¥ã£ã¦ã„ã‚‹ã“ã¨ãŒã‚ã‚Šã¾ã™ã€‚ã“ã“ã§å¤‰æ›ã—ãŸãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚ªãƒ–ジェクトã«å¯¾ã—ã¦å¾Œè¿°ã™ã‚‹ã‚¢ã‚¯ã‚»ã‚¹ã‚³ãƒ³ãƒˆãƒãƒ¼ãƒ«ãƒã‚¸ãƒƒã‚¯ãŒå®Ÿè¡Œã•ã‚Œã¾ã™ã€‚
次ã«æ™®æ®µã® Rails アプリケーションã¨åŒã˜ã‚ˆã†ãªå‘½åè¦å‰‡ã§ãƒ¦ãƒ¼ã‚¶ãƒ¼ãƒªã‚½ãƒ¼ã‚¹ã®æ供用㫠UsersController を作æˆã—ã¾ã™ã€‚routes è¨å®šã¯æ™®æ®µã® Rails アプリケーションã¨åŒã˜ã§ã™ã€‚
# app/controllers/users_controller.rb +class UsersController < ApplicationController + include Garage::RestfulActions + + def require_resources + @resources = User.all + end +end # config/routes.rb Rails.application.routes.draw do use_doorkeeper + + scope :v1 do + resources :users, only: %i(index show update) + end end
リソースをæä¾›ã™ã‚‹ã‚³ãƒ³ãƒˆãƒãƒ¼ãƒ©ãƒ¼ã§ã¯ Garage::RestfulActions ã‚’ include ã—ã¦ã€index/create/show/update/delete ãã‚Œãžã‚Œã«å¯¾å¿œã™ã‚‹ require_resources/create_resource/require_resource/update_resource/destroy_resource メソッドを定義ã—ã¾ã™ã€‚ã“ã“ã§ã¯ index ã«å¯¾å¿œã™ã‚‹ require_resources メソッドを定義ã—ã¦ã„ã¾ã™ã€‚Garage::RestfulActions ãŒãƒ¦ãƒ¼ã‚¶ãƒ¼å®šç¾©ã® require_resources ãªã©ã‚’使用ã—ã¦å®Ÿéš›ã® action をラップã—ãŸå½¢ã§å®šç¾©ã—ã¦ãã‚Œã¾ã™ã€‚
ã“ã“ã§ã¯ç´¹ä»‹ã—ã¾ã›ã‚“ã§ã—ãŸãŒã€ä»–ã«ã‚‚ Garage ã¯ãƒšãƒ¼ã‚¸ãƒãƒ¼ã‚·ãƒ§ãƒ³æ©Ÿèƒ½ãªã©ã‚’æä¾›ã—ã¦ã„ã¾ã™ã€‚コントãƒãƒ¼ãƒ©ãƒ¼ã§ respond_with_resources_options メソッドをオーãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã—㦠paginate option を有効ã«ã™ã‚‹ã“ã¨ã§ã€ãƒªã‚½ãƒ¼ã‚¹ã‚³ãƒ¬ã‚¯ã‚·ãƒ§ãƒ³ã®ç·æ•°ã‚„次ã®ãƒšãƒ¼ã‚¸ã¸ã®ãƒªãƒ³ã‚¯ãªã©ã‚’レスãƒãƒ³ã‚¹ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚サンプルアプリケーションã§ã¯å®Ÿè£…ã—ã¦ã„ã‚‹ã®ã§ã€ãœã²ã”覧ã«ãªã£ã¦ãã ã•ã„。
モデルã¨ãƒªã‚½ãƒ¼ã‚¹ã®å®šç¾©
ActiveRecord モデル㯠Rails 標準ã®ã‚„ã‚Šæ–¹ã§ä½œæˆã—ã¾ã™ã€‚今回ã®ã‚¢ãƒ—リケーションã§ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¯è‡ªç”±ã«è¨å®šã§ãã‚‹åå‰ã¨èªè¨¼ç”¨ã® email アドレスをæŒã¤ã“ã¨ã«ã—ã¾ã™ã€‚
⯠bundle exec rails g model user name:string email:string ⯠bundle exec rake db:migrate
モデルã«ãƒªã‚½ãƒ¼ã‚¹ã¨ã—ã¦ã®å®šç¾©ã‚’è¿½åŠ ã—ã¾ã™ã€‚Garage ã¯ã“ã®å®šç¾©ã‚’利用ã—ã¦ãƒªã‚½ãƒ¼ã‚¹ã®ã‚·ãƒªã‚¢ãƒ©ã‚¤ã‚¼ãƒ¼ã‚·ãƒ§ãƒ³ã‚„アクセスコントãƒãƒ¼ãƒ«ã‚’実行ã—ã¾ã™ã€‚
# app/models/user.rb class User < ActiveRecord::Base + include Garage::Representer + include Garage::Authorizable + + property :id + property :name + property :email + + def self.build_permissions(perms, other, target) + perms.permits! :read + end + + def build_permissions(perms, other) + perms.permits! :read + perms.permits! :write + end end # config/initializers/garage.rb Garage.configure {} -Garage::TokenScope.configure {} +Garage::TokenScope.configure do + register :public, desc: 'acessing publicly available data' do + access :read, User + access :write, User + end +end Doorkeeper.configure do
Garage::Representer ãŒãƒªã‚½ãƒ¼ã‚¹ã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ãƒ»ã‚·ãƒªã‚¢ãƒ©ã‚¤ã‚¼ãƒ¼ã‚·ãƒ§ãƒ³ã‚’æä¾›ã™ã‚‹ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã§ã™ã€‚property ã§ãƒªã‚½ãƒ¼ã‚¹ãŒæŒã¤å±žæ€§ã‚’宣言ã—ã¾ã™ã€‚ä»–ã«ã‚‚ link を用ã„ã¦ä»–ã®ãƒªã‚½ãƒ¼ã‚¹ã¸ã®ãƒªãƒ³ã‚¯ã‚’宣言ã™ã‚‹ã“ã¨ã‚‚ã§ãã¾ã™ã€‚詳ã—ãã¯ã‚µãƒ³ãƒ—ルアプリケーションをå‚ç…§ã—ã¦ãã ã•ã„。
Garage::Authorizable ãŒã‚¢ã‚¯ã‚»ã‚¹ã‚³ãƒ³ãƒˆãƒãƒ¼ãƒ«æ©Ÿèƒ½ã‚’æä¾›ã™ã‚‹ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã§ã™ã€‚アクセスコントãƒãƒ¼ãƒ«ã«ã¤ã„ã¦ã¯å¾Œè¿°ã™ã‚‹ã®ã§ã€ã“ã“ã§ã¯ãƒ‘ブリックãªãƒªã‚½ãƒ¼ã‚¹ã¨ã—ã¦å®šç¾©ã‚’ã—ã¦ãŠãã¾ã™ã€‚åŒæ§˜ã« OAuth2 ã®ã‚¹ã‚³ãƒ¼ãƒ—ã«ã‚ˆã‚‹ã‚¢ã‚¯ã‚»ã‚¹ã‚³ãƒ³ãƒˆãƒãƒ¼ãƒ«ã«ã¤ã„ã¦ã‚‚後述ã™ã‚‹ã®ã§ã“ã“ã§ã¯ãƒ‘ブリックãªå®šç¾©ã«ã—ã¦ãŠãã¾ã™ã€‚
ãƒãƒ¼ã‚«ãƒ«ã‚µãƒ¼ãƒãƒ¼ã§ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚’試ã™
ã“ã“ã¾ã§ã§ãƒ¦ãƒ¼ã‚¶ãƒ¼ãƒªã‚½ãƒ¼ã‚¹ã® GET を実装ã—ãŸã®ã§ãƒãƒ¼ã‚«ãƒ«ç’°å¢ƒã§å®Ÿè¡Œã—ã¦ã¿ã¾ã™ã€‚
# テストユーザーを作æˆã—ã¾ã™ ⯠bundle exec rails runner 'User.create(name: "alice", email: "[email protected]")' ⯠bundle exec rails s
サーãƒãƒ¼ãŒèµ·å‹•ã—ãŸã‚‰ Doorkeeper ãŒæä¾›ã™ã‚‹ OAuth provider ã®æ©Ÿèƒ½ã‚’利用ã—ã¦ã‚¢ã‚¯ã‚»ã‚¹ãƒˆãƒ¼ã‚¯ãƒ³ã‚’å–å¾—ã—ã¾ã™ã€‚http://localhost:3000/oauth/applications ã‚’é–‹ã„ã¦ãƒ†ã‚¹ãƒˆç”¨ã« OAuth クライアントを作æˆã—㦠client id 㨠client secret を作æˆã—ã¦ã€ã‚¢ã‚¯ã‚»ã‚¹ãƒˆãƒ¼ã‚¯ãƒ³ã‚’発行ã—ã¾ã™ã€‚
⯠curl -u "$APPLICTION_ID:$APPLICATION_SECRET" -XPOST http://localhost:3000/oauth/token -d 'grant_type=password&[email protected]' {"access_token":"XXXX","token_type":"bearer","expires_in":7200,"scope":"public"}
å–å¾—ã—ãŸã‚¢ã‚¯ã‚»ã‚¹ãƒˆãƒ¼ã‚¯ãƒ³ã‚’使ã£ã¦å…ˆã»ã©å®Ÿè£…ã—ãŸãƒ¦ãƒ¼ã‚¶ãƒ¼ãƒªã‚½ãƒ¼ã‚¹ã‚’å–å¾—ã—ã¾ã™ã€‚
⯠curl -s -XGET -H "Authorization: Bearer XXXX" http://localhost:3000/v1/users | jq '.'
[
{
"id": 1,
"name": "alice",
"email": "[email protected]"
}
]
You're done!!
自動テスト
Garage アプリケーションを開発ã™ã‚‹ä¸Šã§è‡ªå‹•ãƒ†ã‚¹ãƒˆã‚’セットアップã™ã‚‹ã¾ã§ã«ã„ãã¤ã‹æ³¨æ„ã™ã‚‹ç‚¹ãŒã‚ã‚‹ã®ã§ã€ã“ã“ã§ã¯ request spec を実行ã™ã‚‹ã¾ã§ã®ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ—を紹介ã—ã¾ã™ã€‚
Doorkeeper ã«ã‚ˆã‚‹èªè¨¼èªå¯ã‚’スタブã™ã‚‹ãŸã‚ã®ãƒ˜ãƒ«ãƒ‘ãƒ¼ã‚’è¿½åŠ ã—ã¾ã™ã€‚
# spec/support/request_helper.rb +require 'active_support/concern' + +module RequestHelper + extend ActiveSupport::Concern + + included do + + let(:params) { {} } + + let(:env) do + { + accept: 'application/json', + authorization: authorization_header_value + } + end + + let(:authorization_header_value) { "Bearer #{access_token.token}" } + + let(:access_token) do + FactoryGirl.create( + :access_token, + resource_owner_id: resource_owner.id, + scopes: scopes, + application: application + ) + end + + let(:resource_owner) { FactoryGirl.create(:user) } + let(:scopes) { 'public' } + let(:application) { FactoryGirl.create(:application) } + end +end
RSpec example group ã®ä¸ã§å¿…è¦ã«å¿œã˜ã¦ resource_owner ã‚„ scopes を上書ã定義ã™ã‚‹ã“ã¨ã§ã€ãƒªã‚½ãƒ¼ã‚¹ã‚ªãƒ¼ãƒŠãƒ¼ã®é•ã„ã‚„ OAuth2 ã®ã‚¹ã‚³ãƒ¼ãƒ—ã®é•ã„を作りã ã›ã¾ã™ã€‚
ã¤ã„ã§ã«ç´°ã‹ã„ã¨ã“ã‚ã§ã™ãŒã€facotry ã®å®šç¾©ã‚’書ãæ›ãˆã¦ãŠãã¾ã™ã€‚
# spec/factories/users.rb FactoryGirl.define do factory :user do - name "MyString" -email "MyString" + sequence(:name) {|n| "user#{n}" } + email { "#{name}@example.com" } end - end
最åˆã® request spec ã¯æœ€å°é™ã®ãƒ†ã‚¹ãƒˆã®ã¿å®Ÿè¡Œã™ã‚‹ã‚ˆã†ã«ã—ã¾ã™ã€‚
# spec/requests/users_spec.rb +require 'rails_helper' + +RSpec.describe 'users', type: :request do + include RequestHelper + + describe 'GET /v1/users' do + let!(:users) { create_list(:user, 3) } + + it 'returns user resources' do + get '/v1/users', params, env + expect(response).to have_http_status(200) + end + end +end
テスト用データベースを作æˆã—ã¦ãƒ†ã‚¹ãƒˆå®Ÿè¡Œã—ã¦ã¿ã¾ã™ã€‚
⯠RAILS_ENV=test bundle exec rake db:create migrate
⯠bundle exec rspec -fp spec/requests/users_spec.rb
Run options: include {:focus=>true}
All examples were filtered out; ignoring {:focus=>true}
.
Finished in 0.06393 seconds (files took 1.67 seconds to load)
1 example, 0 failures
無事自動テストã®ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ—ãŒã§ãã¾ã—ãŸã€‚
よりテストコードを DRY ã«ã™ã‚‹ã«ã¯ rspec-request_describer gem ã‚’å°Žå…¥ã™ã‚‹ã“ã¨ã‚‚ãŠã™ã™ã‚ã§ã™ã€‚
リソースã®ä¿è·
実際㮠Web API ã§ã¯ãƒªã‚½ãƒ¼ã‚¹ã«å¯¾ã™ã‚‹ã‚¢ã‚¯ã‚»ã‚¹ã‚³ãƒ³ãƒˆãƒãƒ¼ãƒ«ã‚„権é™è¨å®šãŒé‡è¦ã«ãªã‚Šã¾ã™ã€‚具体的ã«ã¯ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒèªå¯ã—ãŸã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«ã®ã¿ãƒ—ライベートãªãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®èªã¿æ›¸ãを許å¯ã—ãŸã‚Šã€ã‚ã‚‹ã„ã¯ãƒ–ãƒã‚°è¨˜äº‹ã®ç·¨é›†ã¯æŠ•ç¨¿è€…自身ã«ã®ã¿è¨±å¯ã™ã‚‹ã€ã¨ã„ã£ãŸä¾‹ãŒã‚ã‚Šã¾ã™ã€‚
Garage ã§ã¯ OAuth2 利用ã—ãŸã‚¢ã‚¯ã‚»ã‚¹æ¨©ã®è¨å®šã‚’リソース毎ã«å®šç¾©ã™ã‚‹ã“ã¨ã¨ã€ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚³ãƒ³ãƒ†ã‚ストを使用ã—ã¦ãƒªã‚½ãƒ¼ã‚¹æ“作ã«å¯¾ã™ã‚‹æ¨©é™ã‚’リソース毎ã«å®šç¾©ã™ã‚‹ã“ã¨ã§ã€ãƒªã‚½ãƒ¼ã‚¹ã®ä¿è·ã‚’実ç¾ã§ãã¾ã™ã€‚
アクセスコントãƒãƒ¼ãƒ«ã«ã¤ã„ã¦ã¯æ¦‚念自体ã‚ã‹ã‚Šã«ãã„ã¨æ€ã†ã®ã§ã€å®Ÿéš›ã«å‹•ãアプリケーションã§è©¦ã—ã¦ã¿ã¾ã™ã€‚サンプルアプリケーションアプリケーションã®ãƒªãƒ“ジョン 1b3e35463b87631d1e6acdd08e11ae09cab1b7cc ã‚’ãƒã‚§ãƒƒã‚¯ã‚¢ã‚¦ãƒˆã—ã¾ã™ã€‚
git clone [email protected]:taiki45/garage-example.git && cd garage-example git checkout 1b3e35463b87631d1e6acdd08e11ae09cab1b7cc
ã“ã“ã§ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ãƒªã‚½ãƒ¼ã‚¹ã«å¯¾ã—ã¦ãƒªã‚½ãƒ¼ã‚¹æ“作ã®æ¨©é™è¨å®šã‚’ã—ã¦ã¿ã¾ã™ã€‚他人ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼æƒ…å ±ã¯é–²è¦§ã§ãã‚‹ã€ä»–人ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼æƒ…å ±ã¯å¤‰æ›´ã§ããªã„ã€ã¨ã„ã†æŒ™å‹•ã«å¤‰æ›´ã—ã¾ã™ã€‚テストã¨ã—ã¦ã¯æ¬¡ã®ã‚ˆã†ã«æ›¸ã‘ã¾ã™ã€‚
# spec/requests/users_spec.rb describe 'PUT /v1/users/:user_id' do before { params[:name] = 'bob' } context 'with owned resource' do let!(:user) { resource_owner } it 'updates user resource' do put "/v1/users/#{user.id}", params, env expect(response).to have_http_status(204) end end context 'without owned resource' do let!(:other) { create(:user, name: 'raymonde') } it 'returns 403' do put "/v1/users/#{other.id}", params, env expect(response).to have_http_status(403) end end end
テストãŒå¤±æ•—ã™ã‚‹ã“ã¨ã‚’確ã‹ã‚ã¾ã™ã€‚
⯠bundle exec rspec spec/requests/users_spec.rb:24
users
PUT /v1/users/:user_id
with owned resource
updates user resource
without owned resource
returns 403 (FAILED - 1)
ユーザーリソースã®ãƒ‘ーミッション組ã¿ç«‹ã¦ãƒã‚¸ãƒƒã‚¯ã‚’変更ã—ã¾ã™ã€‚other ã¯ãƒªã‚¯ã‚¨ã‚¹ãƒˆã«ãŠã‘るリソースオーナーãŒæŸç¸›ã•ã‚Œã¾ã™ã€‚リソースオーナーã¯å…ˆã»ã© ApplicationController ã§å®Ÿè£…ã—㟠current_resource_owner メソッドã§å¤‰æ›ã•ã‚ŒãŸã‚¢ãƒ—リケーションã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚ªãƒ–ジェクトãŒæŸç¸›ã•ã‚Œã¦ã„ã‚‹ã®ã§ã€ä»Šå›žã®ã‚¢ãƒ—リケーションã 㨠User クラスã®ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã§ã™ã€‚
# app/models/user.rb def build_permissions(perms, other) perms.permits! :read - perms.permits! :write + perms.permits! :write if self == other end
テストを実行ã—ã¦ã¿ã¾ã™ã€‚
⯠bundle exec rspec spec/requests/users_spec.rb:24
users
PUT /v1/users/:user_id
without owned resource
returns 403
with owned resource
updates user resource
他人ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼æƒ…å ±ã¯æ›´æ–°ã§ããªã„よã†ã«ã§ãã¾ã—ãŸã€‚
Garage ã¯ä»–ã«ã‚‚ブãƒã‚°ã®ä¸‹æ›¸ã投稿ã¯æŠ•ç¨¿è€…ã—ã‹é–²è¦§ã§ããªã„ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®åå‰ã®å¤‰æ›´ã¯ç‰¹å®šã®ã‚¹ã‚³ãƒ¼ãƒ—ãŒãªã„ã¨å¤‰æ›´ã§ããªã„ã€ãªã©æ§˜ã€…ãªæ¨©é™è¨å®šãŒã§ãã¾ã™ã€‚ã“ã“ã§ã¯ç´¹ä»‹ã—ã¾ã›ã‚“ã§ã—ãŸãŒã€ã‚¢ã‚¯ã‚»ã‚¹æ¨©ã®è¨å®šã‚„ã„ãã¤ã‹ã®æ‹¡å¼µæ©Ÿèƒ½ã«ã¤ã„ã¦ã¯ã‚µãƒ³ãƒ—ルアプリケーションã¨ãƒ‰ã‚ュメントをå‚ç…§ã—ã¦ãã ã•ã„。
Response matcher
JSON API ã®ãƒ¬ã‚¹ãƒãƒ³ã‚¹ã®ãƒ†ã‚¹ãƒˆã¯ RSpec2 ã§ã¯ rspec-json_matcher を用ã„ã¦ã€RSpec3 ã§ã¯ composing-matchers を使用ã—ã¦è¨˜è¿°ã—ã¾ã™ã€‚テストã«ã‚ˆã£ã¦ã¯æ§‹é€ を検査ã™ã‚‹ã ã‘ã§ãªãã€å®Ÿéš›ã®ãƒ¬ã‚¹ãƒãƒ³ã‚¹ã•ã‚ŒãŸå€¤ã‚’検査ã—ã¾ã™ã€‚
RSpec2
let(:post_structure) do { 'id' => Integer, 'title' => String, 'body' => String, 'published_at' => String } end describe 'GET /v1/posts/:post_id' do let!(:post) { create(:post, user: resource_owner) } it 'returns post resource' do get "/v1/posts/#{post.id}", params, env response.status.should == 200 response.body.should be_json_as(post_structure) end end
RSpec3
let(:post_structure) do { 'id' => a_kind_of(Integer), 'title' => a_kind_of(String), 'body' => a_kind_of(String).or(a_nil_value), 'published_at' => a_kind_of(String).or(a_nil_value) } end describe 'GET /v1/posts/:post_id' do let!(:post) { create(:post, user: resource_owner) } it 'returns post resource' do get "/v1/posts/#{post.id}", params, env expect(response).to have_http_status(200) expect(JSON(response.body)).to match(post_structure) end end
DebugExceptions
Rails ã¯ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã®è¨å®šã 㨠development 環境ã§ã¯ã‚µãƒ¼ãƒãƒ¼ã‚¨ãƒ©ãƒ¼ãŒèµ·ããŸå ´åˆã€ ActionDispatch::DebugExceptions ãŒã‚¨ãƒ©ãƒ¼æƒ…å ±ã‚’ HTML ã§ãƒ¬ã‚¹ãƒãƒ³ã‚¹ã—ã¾ã™ã€‚JSON API 開発ã®æ–‡è„ˆã§ã¯ãƒ‡ãƒãƒƒã‚°ç”¨ã®ã‚¨ãƒ©ãƒ¼ãƒ¬ã‚¹ãƒãƒ³ã‚¹ã‚‚ JSON ã®ã»ã†ãŒéƒ½åˆãŒè‰¯ã„ã§ã™ã€‚ãã®å ´åˆ debug_exceptions_json gem を使ã„ã¾ã™ã€‚ã‚¨ãƒ©ãƒ¼æƒ…å ±ãŒ JSON ã§ãƒ¬ã‚¹ãƒãƒ³ã‚¹ã•ã‚Œã‚‹ã®ã§ã€é–‹ç™ºãŒã—ã‚„ã™ããªã‚Šã¾ã™ã€‚ã¾ãŸã€RSpec ã¨ã®é€£æºæ©Ÿèƒ½ãŒã‚ã‚Šã€request spec ã®å®Ÿè¡Œä¸ã«ã‚µãƒ¼ãƒãƒ¼ã‚¨ãƒ©ãƒ¼ãŒèµ·ãる㨠RSpec ã®ãƒ•ã‚©ãƒ¼ãƒžãƒƒã‚¿ã‚’利用ã—ã¦ã‚¨ãƒ©ãƒ¼æƒ…å ±ã‚’ãƒ€ãƒ³ãƒ—ã—ã¦ãã‚Œã¾ã™ã€‚
Failures:
1) server error dump when client accepts application/json with exception raised responses error json
Failure/Error: expect(response).to have_http_status(200)
expected the response to have status code 200 but it was 500
# ./spec/features/server_error_dump_spec.rb:21:in `block (4 levels) in <top (required)>'
ServerErrorDump:
exception class:
HelloController::TestError
message:
test error
short_backtrace:
<backtrace is here>
APIドã‚ュメント
Web API 開発ã®æ–‡è„ˆã§ã¯ã€API ã®ãƒ‰ã‚ュメントをæä¾›ã—ドã‚ュメントを最新ã®çŠ¶æ…‹ã«ã‚¢ãƒƒãƒ—デートã—ã¦ãŠãã“ã¨ã§é–‹ç™ºä¸ã®ã‚³ãƒŸãƒ¥ãƒ‹ã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚’効率化ã§ãã¾ã™ã€‚
API ドã‚ュメントã®ç”Ÿæˆã«ã¯ autodoc gem を使ã£ã¦ã„ã¾ã™ã€‚リクエスト例ã€ãƒ¬ã‚¹ãƒãƒ³ã‚¹ä¾‹ã ã‘ã§ãªãã€weak_parameters gem ã¨çµ„ã¿åˆã‚ã›ã‚‹ã“ã¨ã§ãƒªã‚¯ã‚¨ã‚¹ãƒˆãƒ‘ラメータã«ã¤ã„ã¦ã‚‚ドã‚ュメント化ã§ãã¾ã™ã€‚生æˆã•ã‚ŒãŸãƒ‰ã‚ュメント㯠Garage ã®ãƒ‰ã‚ュメントæ供機能を使用ã—ã¦ãƒ–ラウザã§é–²è¦§ã§ãるよã†ã«ã™ã‚‹ã“ã¨ã‚‚ã§ãã¾ã™ã—ã€ã‚ˆã‚Šç°¡å˜ã«ã¯ markdown フォーマットã§ç”Ÿæˆã•ã‚Œã‚‹ã®ã§ Github 上ã§ãƒ¬ãƒ³ãƒ€ãƒ¼ã•ã‚ŒãŸãƒ‰ã‚ュメントをå‚ç…§ã—ã¦ã‚‚らã†ã“ã¨ã‚‚ã§ãã¾ã™ã€‚
Garage を使用ã—㟠RESTful Web API ã®é–‹ç™ºã«ã¤ã„ã¦ã”紹介ã—ã¾ã—ãŸã€‚コントãƒãƒ¼ãƒ©ãƒ¼ã‚’作るã€ãƒªã‚½ãƒ¼ã‚¹ã‚’定義ã™ã‚‹ã€ã‚¢ã‚¯ã‚»ã‚¹ã‚³ãƒ³ãƒˆãƒãƒ¼ãƒ«ã‚’定義ã™ã‚‹ã€ã“ã®ã‚¹ãƒ†ãƒƒãƒ—ã‚’ç¹°ã‚Šè¿”ã™ã“ã¨ã§ã‚¢ãƒ—リケーションを開発ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚
ã“ã®è¨˜äº‹ãŒ Garage を使用ã—ãŸã‚¢ãƒ—リケーション実装ã®å‚考ã«ãªã‚Œã°å¹¸ã„ã§ã™ã€‚
