Update dependencies and routes, add Blazer migration and config

Author: tuanle03

Gemfile

@@ -1,36 +1,36 @@
-source "https://rubygems.org"
+source 'https://rubygems.org'
 git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
-ruby "3.2.0"
+ruby '3.2.0'
 
 # Bundle edge Rails instead: gem "rails", github: "rails/rails", branch: "main"
-gem "rails", "~> 7.0.4", ">= 7.0.4.3"
+gem 'rails', '~> 7.0.4', '>= 7.0.4.3'
 
 # The original asset pipeline for Rails [https://github.com/rails/sprockets-rails]
-gem "sprockets-rails"
+gem 'sprockets-rails'
 
 # Use sqlite3 as the database for Active Record
-gem "sqlite3", "~> 1.4"
+gem 'sqlite3', '~> 1.4'
 
 gem 'pg'
 
 # Use the Puma web server [https://github.com/puma/puma]
-gem "puma", "~> 5.0"
+gem 'puma', '~> 5.0'
 
 # Use JavaScript with ESM import maps [https://github.com/rails/importmap-rails]
-gem "importmap-rails"
+gem 'importmap-rails'
 
 # Hotwire's SPA-like page accelerator [https://turbo.hotwired.dev]
-gem "turbo-rails"
+gem 'turbo-rails'
 
 # Hotwire's modest JavaScript framework [https://stimulus.hotwired.dev]
-gem "stimulus-rails"
+gem 'stimulus-rails'
 
 # Build JSON APIs with ease [https://github.com/rails/jbuilder]
-gem "jbuilder"
+gem 'jbuilder'
 
 # Use Redis adapter to run Action Cable in production
-gem "redis", "~> 4.0"
+gem 'redis', '~> 4.0'
 
 # Use Kredis to get higher-level data types in Redis [https://github.com/rails/kredis]
 # gem "kredis"
@@ -39,12 +39,12 @@ gem "redis", "~> 4.0"
 # gem "bcrypt", "~> 3.1.7"
 
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
-gem "tzinfo-data", platforms: %i[ mingw mswin x64_mingw jruby ]
+gem 'tzinfo-data', platforms: %i[ mingw mswin x64_mingw jruby ]
 
 # Reduces boot times through caching; required in config/boot.rb
-gem "bootsnap", require: false
+gem 'bootsnap', require: false
 
-gem "devise"
+gem 'devise'
 
 gem 'devise-jwt'
 
@@ -58,6 +58,8 @@ gem 'grape_logging'
 
 gem 'faker'
 
+gem 'blazer'
+
 # Use Sass to process CSS
 # gem "sassc-rails"
 
@@ -66,15 +68,15 @@ gem 'faker'
 
 group :development, :test do
   # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
-  gem "debug", platforms: %i[ mri mingw x64_mingw ]
+  gem 'debug', platforms: %i[ mri mingw x64_mingw ]
   gem 'byebug'
   gem 'rspec-rails'
   gem 'factory_bot_rails'
 end
 
 group :development do
   # Use console on exceptions pages [https://github.com/rails/web-console]
-  gem "web-console"
+  gem 'web-console'
 
   # Add speed badges [https://github.com/MiniProfiler/rack-mini-profiler]
   # gem "rack-mini-profiler"
@@ -85,7 +87,7 @@ end
 
 group :test do
   # Use system testing [https://guides.rubyonrails.org/testing.html#system-testing]
-  gem "capybara"
-  gem "selenium-webdriver"
-  gem "webdrivers"
+  gem 'capybara'
+  gem 'selenium-webdriver'
+  gem 'webdrivers'
 end

Gemfile.lock

@@ -72,6 +72,11 @@ GEM
       rack
     bcrypt (3.1.20)
     bindex (0.8.1)
+    blazer (3.0.2)
+      activerecord (>= 6.1)
+      chartkick (>= 5)
+      railties (>= 6.1)
+      safely_block (>= 0.4)
     bootsnap (1.17.0)
       msgpack (~> 1.2)
     builder (3.2.4)
@@ -85,6 +90,7 @@ GEM
       rack-test (>= 0.6.3)
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
+    chartkick (5.0.5)
     concurrent-ruby (1.2.2)
     crass (1.0.6)
     date (3.3.4)
@@ -258,6 +264,7 @@ GEM
     rspec-support (3.12.1)
     ruby2_keywords (0.0.5)
     rubyzip (2.3.2)
+    safely_block (0.4.0)
     selenium-webdriver (4.10.0)
       rexml (~> 3.2, >= 3.2.5)
       rubyzip (>= 1.2.2, < 3.0)
@@ -311,6 +318,7 @@ PLATFORMS
 
 DEPENDENCIES
   appsignal
+  blazer
   bootsnap
   byebug
   capybara

app/api/helpers/authentication_helper.rb

@@ -8,7 +8,7 @@ def authenticate_user!
   def current_user
     @current_user ||=
       begin
-        token = request.headers['Authorization'].split(' ').last
+        token = request.headers['Token']
         User.find_by(id: JWT.decode(token, Rails.application.credentials.devise_jwt_secret_key)[0]['user_id']) if token
       rescue JWT::DecodeError
         nil

app/api/web/feedbacks_api.rb

@@ -3,7 +3,8 @@ class Web::FeedbacksAPI < Grape::API
 
     resource :feedbacks do
 
-      desc 'Create feedback'
+      desc 'Create feedback',
+        security: [access_token: {}]
       params do
         requires :content, type: String, allow_blank: false
         requires :post_id, type: Integer
@@ -47,7 +48,8 @@ class Web::FeedbacksAPI < Grape::API
         end
       end
 
-      desc 'Delete feedback'
+      desc 'Delete feedback',
+        security: [access_token: {}]
       params do
         requires :id, type: Integer
       end
@@ -70,7 +72,8 @@ class Web::FeedbacksAPI < Grape::API
         end
       end
 
-      desc 'Update feedback'
+      desc 'Update feedback',
+        security: [access_token: {}]
       params do
         requires :id, type: Integer
         requires :new_content, type: String, allow_blank: false

app/api/web/posts_api.rb

@@ -77,7 +77,8 @@ def format_post(post)
         end
       end
 
-      desc 'Create a post'
+      desc 'Create a post',
+        security: [access_token: {}]
       params do
         requires :title, type: String, desc: 'Post title', allow_blank: false
         requires :body, type: String, desc: 'Post body', allow_blank: false
@@ -88,6 +89,7 @@ def format_post(post)
           post = current_user.posts.new({
             title: params[:title],
             body: params[:body],
+            total_view: 0,
             status: 'approved'
           })
         end
@@ -107,7 +109,8 @@ def format_post(post)
         end
       end
 
-      desc 'Update a post'
+      desc 'Update a post',
+        security: [access_token: {}]
       params do
         requires :id, type: Integer, desc: 'Post id'
         optional :new_title, type: String, desc: 'New post title'
@@ -135,7 +138,8 @@ def format_post(post)
         end
       end
 
-      desc 'Delete a post'
+      desc 'Delete a post',
+        security: [access_token: {}]
       params do
         requires :id, type: Integer, desc: 'Post id'
       end
@@ -175,7 +179,8 @@ def format_post(post)
         }
       end
 
-      desc 'Approve a post'
+      desc 'Approve a post',
+        security: [access_token: {}]
       params do
         requires :id, type: Integer, desc: 'Post id'
       end
@@ -222,7 +227,8 @@ def format_post(post)
         }
       end
 
-      desc 'Create a feedback for a post'
+      desc 'Create a feedback for a post',
+        security: [access_token: {}]
       params do
         requires :id, type: Integer, desc: 'Post id'
         requires :content, type: String, desc: 'Feedback content', allow_blank: false

app/api/web/registrations_api.rb

@@ -4,6 +4,8 @@ class Web::RegistrationsAPI < Grape::API
       desc 'Create a new user'
       params do
         requires :user, type: Hash do
+          optional :first_name, type: String, desc: 'First name'
+          optional :last_name, type: String, desc: 'Last name'
           requires :email, type: String, desc: 'Email'
           requires :password, type: String, desc: 'Password'
           requires :password_confirmation, type: String, desc: 'Password confirmation'

app/api/web/sessions_api.rb

@@ -24,10 +24,11 @@ class Web::SessionsAPI < Grape::API
         end
       end
 
-      desc 'Sign out and revoke JWT token'
+      desc 'Sign out and revoke JWT token',
+        security: [access_token: {}]
       delete 'sign_out' do
         authenticate_user!
-        current_user.revoke_jwt(request.headers['Authorization'])
+        current_user.revoke_jwt(request.headers['token'])
         status 200
         {
           success: true,

app/api/web_api.rb

@@ -20,6 +20,13 @@ class WebAPI < Grape::API
     info: {
       title: 'CodeLearn APIs Documentation',
       description: 'This is a documentation of CodeLearn APIs. To support client rendering the UI',
-    }
+    },
+    security_definitions: {
+      access_token: {
+        name: 'token',
+        type: :apiKey,
+        in: :header,
+      },
+    },
   )
 end

config/application.rb

@@ -23,5 +23,10 @@ class Application < Rails::Application
 
     # config.eager_load_paths << Rails.root.join("extras")
     config.eager_load_paths << Rails.root.join('app/api')
+
+    config.before_initialize do
+      ENV["BLAZER_USERNAME"] = Rails.application.credentials.dig(:basic_auth, :blazer_username)
+      ENV["BLAZER_PASSWORD"] = Rails.application.credentials.dig(:basic_auth, :blazer_password)
+    end
   end
 end

config/blazer.yml

@@ -0,0 +1,78 @@
+# see https://github.com/ankane/blazer for more info
+data_sources:
+  main:
+    url: <%= ENV["DATABASE_URL"].presence || 'sqlite3:db/development.sqlite3' %>
+
+    # statement timeout, in seconds
+    # none by default
+    # timeout: 15
+
+    # caching settings
+    # can greatly improve speed
+    # off by default
+    # cache:
+    #   mode: slow # or all
+    #   expires_in: 60 # min
+    #   slow_threshold: 15 # sec, only used in slow mode
+
+    # wrap queries in a transaction for safety
+    # not necessary if you use a read-only user
+    # true by default
+    # use_transaction: false
+
+    smart_variables:
+      # zone_id: "SELECT id, name FROM zones ORDER BY name ASC"
+      # period: ["day", "week", "month"]
+      # status: {0: "Active", 1: "Archived"}
+
+    linked_columns:
+      # user_id: "/admin/users/{value}"
+
+    smart_columns:
+      # user_id: "SELECT id, name FROM users WHERE id IN {value}"
+
+# create audits
+audit: true
+
+# change the time zone
+# time_zone: "Pacific Time (US & Canada)"
+
+# class name of the user model
+# user_class: User
+
+# method name for the current user
+# user_method: current_user
+
+# method name for the display name
+# user_name: name
+
+# custom before_action to use for auth
+# before_action_method: require_admin
+
+# email to send checks from
+# from_email: blazer@example.org
+
+# webhook for Slack
+# slack_webhook_url: <%= ENV["BLAZER_SLACK_WEBHOOK_URL"] %>
+
+check_schedules:
+  - "1 day"
+  - "1 hour"
+  - "5 minutes"
+
+# enable anomaly detection
+# note: with trend, time series are sent to https://trendapi.org
+# anomaly_checks: prophet / trend / anomaly_detection
+
+# enable forecasting
+# note: with trend, time series are sent to https://trendapi.org
+# forecasting: prophet / trend
+
+# enable map
+# mapbox_access_token: <%= ENV["MAPBOX_ACCESS_TOKEN"] %>
+
+# enable uploads
+# uploads:
+#   url: <%= ENV["BLAZER_UPLOADS_URL"] %>
+#   schema: uploads
+#   data_source: main