• Stars
    star
    511
  • Rank 86,473 (Top 2 %)
  • Language
    Ruby
  • License
    MIT License
  • Created over 10 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Rails extension for RESTful Hypermedia API

Garage

Ruby Gem Version

Rails framework to add RESTful hypermedia API to your application.

Gem name has been changed!

We renamed gem name the_garage from version 2.0.0. Please update your Gemfile.

What Is It?

Garage provides a simple, Hypermedia friendly RESTful API to your Rails application using its native RESTful routes. Garage provides a descriptive way to serve your ActiveRecord models, as well as plain old Ruby objects as JSON-based resources.

Garage supports OAuth 2 authorizations via Doorkeeper (more extensions to come), and provides resource-based access controls.

Quickstart

In Gemfile:

# Notice this gem has "the_" prefix for gem name.
gem 'the_garage'

In your Rails model class:

class Employee < ActiveRecord::Base
  include Garage::Representer
  include Garage::Authorizable

  belongs_to :division
  has_many :projects
  property :id
  property :title
  property :first_name
  property :last_name

  property :division, selectable: true
  collection :projects, selectable: true

  link(:division) { division_path(division) }
  link(:projects) { employee_projects_path(self) }

  def self.build_permissions(perms, other, target)
    perms.permits! :read
  end
end

In your controller classes:

class ApplicationController < ActionController::Base
  include Garage::ControllerHelper

  # ...
end

class EmployeesController < ApplicationController
  include Garage::RestfulActions

  def require_resources
    @resources = Employee.all
  end
end

Resources are rendered with respond_with (responders gem). Additional options can be passed to respond_with by implementing respond_with_resources_options (index action) and respond_with_resource_options (show, update destroy actions).

Available options

  • :paginate - (Boolean) Enable pagination when true. Paginates with the per_page and page params
  • :per_page - (Integer) value for default number of resources per page when paginating
  • :max_per_page - (Integer) Maximum resources per page, irrespective of requested per_page
  • :hard_limit - (Integer) Limit of retrievable records when paginating. Also hides total records.
  • :distinct_by - (Symbol) Specify a property to count by for total page count
  • :to_resource_options - (Hash) Options to pass as argument to to_resource(options)

Create decorator for your AR models

With not small application, you may add a presentation layer to build API responses. Define a decorator class with Resource suffix and define #to_resource in your AR model.

class User < ActiveRecord::Base
  def to_resource
    UserResource.new(self)
  end
end

class UserResource
  include Garage::Representer
  include Garage::Authorizable

  property :id
  property :name
  property :email

  delegate :id, :name, :email, to: :@model

  def initialize(model)
    @model = model
  end
end

Advanced Configurations

In config/initializers/garage.rb:

Garage.configure {}

# Optional
Rails.application.config.to_prepare do
  Garage::TokenScope.configure do
    register :public, desc: "accessing publicly available data" do
      access :read, Recipe
    end

    register :read_post, desc: "reading blog post" do
      access :read, Post
    end
  end
end

# If you want to use different authentication/authorization logic.
Garage.configuration.strategy = Garage::Strategy::AuthServer

The following authentication strategies are available.

  • Garage::Strategy::NoAuthentication - Does not authenticate request and does not verify permission and access on resource operation. For non-public, internal-use Garage application.
  • Garage::Strategy::Test - Trust request thoroughly, and build access token from request headers. For testing or prototyping.
  • Garage::Strategy::Doorkeeper - Authenticate request with doorkeeper gem. To use this strategy, bundle garage-doorkeeper gem.
  • Garage::Strategy::AuthServer - Delegate authentication to OAuth server. This auth strategy has configurations.

Delegate Authentication/Authorization to your OAuth server

To delegate auth to your OAuth server, use Garage::Strategy::AuthServer strategy. Then configure auth server strategy:

  • Garage.configuration.auth_server_url - A full url of your OAuth server's access token validation endpoint. i.e. https://example.com/token.
  • Garage.configuration.auth_server_host - A host header value to request to your OAuth server. Can be empty.
  • Garage.configuration.auth_server_timeout - A read timeout second. Default is 1 second.

The OAuth server must response a json with following structure.

  • token (string, null) - OAuth access token value.
  • token_type (string) - OAuth access token value. i.e. bearer type.
  • scope (string) - OAuth scopes separated by spaces. i.e. public read_user.
  • application_id (integer) - OAuth application id of the access token.
  • resource_owner_id (integer, null) - Resource owner id of the access token.
  • expired_at (string, null) - Expire datetime with string representation.
  • revoked_at (string, null) - Revoked datetime with string representation.

When requested access token is invalid, OAuth server must response 401.

Customize Authentication/Authorization

Garage supports customizable Authentication/Authorization strategy. The Strategy has some conventions to follow.

  • Offer OAuth access token via access_token method. With no access token case (does not authenticate request) access_token should return nil.
  • Register verify_auth hook as before filter in included block if authenticate request. Or register custom authentication hook. The custom authentication hook should response unauthorized using unauthorized_render_options when fails to authenticate a request.
  • Offer whether verify permission and access in RestfulActions via verify_permission method. Return true to verify them.
module MyStrategy
  extend ActiveSupport::Concern

  included do
    # Register verify_auth hook if you want to authenticate request.
    before_action :verify_auth
  end

  def access_token
    # Fetch some `attributes` from DB or auth server API using request.
    # Then returns an AccessToken with caching.
    @access_token ||= Garage::Strategy::AccessToken.new(attributes)
  end

  # Whether verify permission and access in `RestfulActions`.
  def verify_permission?
    true
  end
end

Distributed tracing

In case you use auth-server strategy, you can setup distributed tracing for the service communication between garage application and auth server. Currently, we support following tracers:

  • aws-xray using aws-xray gem.
    • Bundle aws-xray gem in your application.
    • Configure service option for a logical service name of the auth server.
# e.g. aws-xray tracer
require 'aws/xray/hooks/net_http'
Garage::Tracer::AwsXrayTracer.service = 'your-auth-server-name'
Garage.configuration.tracer = Garage::Tracer::AwsXrayTracer

Development

See DEVELOPMENT.md.

Authors

  • Tatsuhiko Miyagawa
  • Taiki Ono
  • Yusuke Mito
  • Ryo Nakamura

Inspired By

More Repositories

1

styleguide

Cookpad's coding style guides
1,173
star
2

chanko

Rapidly and safely prototyping your rails application
Ruby
636
star
3

kage

Kage (kah-geh) is a shadow proxy server to duplex HTTP requests
Ruby
503
star
4

rrrspec

Distributed RSpec
Ruby
490
star
5

puree-android

A log collector for Android
Java
480
star
6

license-tools-plugin

Gradle plugin to check library licenses and generate license pages.
HTML
331
star
7

arproxy

Arproxy is a proxy between ActiveRecord and database adapter
Ruby
326
star
8

kuroko2

Kuroko2 is a web-based job scheduler / workflow engine.
Ruby
313
star
9

expeditor

Expeditor provides asynchronous execution and fault tolerance for Microservices
Ruby
231
star
10

omniauth-rails_csrf_protection

Provides CSRF protection on OmniAuth request endpoint on Rails application.
Ruby
227
star
11

Puree-Swift

🍯 Awesome log aggregator for iOS
Swift
217
star
12

barbeque

Job queue system to run job with Docker
Ruby
196
star
13

LicenseToolsPlugin

Gradle plugin to check library licenses and generate license pages for Android
HTML
174
star
14

grpc_kit

A kit for creating gRPC server/client in Ruby.
Ruby
161
star
15

puree-ios

[Obsoleted] A log collector for iOS (new version! -> https://github.com/cookpad/Puree-Swift)
Objective-C
149
star
16

dmemo

Ruby
130
star
17

dokumi

Automatically check if anything is wrong with the code in a pull request
Ruby
128
star
18

s3ar

A massively fast S3 downloader/uploader
Rust
113
star
19

griffin

gRPC server and client for Ruby
Ruby
102
star
20

android-code-style

Cookpad Android Code Style
Java
89
star
21

elasticfox-ec2tag

Patched Elasticfox (for EC2 Tag) branched from http://aws.amazon.com/developertools/609 and provide standalone version based on http://code.google.com/p/efoxapp/. ELB Tab from hybridfox http://code.google.com/p/hybridfox/
JavaScript
78
star
22

cookpad-pad

Cookpad Pad — A six keys macro pad made by Cookpad.
73
star
23

trice

Provides reference time concept to application. Use it instead of ad-hoc `Time.now`.
Ruby
72
star
24

terraform-aws-eks

A Terraform module to Provision AWS Elastic Kubernetes (EKS) clusters and worker nodes
HCL
70
star
25

global-style-guides

Official style guides for Cookpad Global
66
star
26

issue-reporter-android

Java
61
star
27

cookpad-internship-2015-summer

http://techlife.cookpad.com/entry/2015/09/08/113442
60
star
28

mixed_gauge

A simple and robust database sharding with ActiveRecord.
Ruby
58
star
29

garage_client

Ruby client library for the Garage application API
Ruby
53
star
30

aws-xray

The unofficial AWS X-Ray Tracing SDK for Ruby
Ruby
50
star
31

blouson

Filter tools to mask sensitive log data for rails
Ruby
49
star
32

presentations

The presentations of Cookpad staff
Ruby
48
star
33

deepalert

Serverless SOAR (Security Orchestration, Automation and Response) framework for automatic inspection and evaluation of security alert
Go
44
star
34

pendaxes

Send reminder to developers about their left pending tests!
Ruby
43
star
35

BottomNavWatson

Bottom navigation bar library that allows multiple back stacks and one single navigation graph
Kotlin
40
star
36

cookpad-internship-2016-summer

Docs and materials at Cookpad Internship 2016 Summer
Ruby
39
star
37

react-native-puree

A log collector for React Native
TypeScript
39
star
38

gradle-android-sdk-manager

DEPRECATED
39
star
39

murakumo

Murakumo is the internal DNS server which manages name information using a gossip protocol.
Ruby
38
star
40

RxT4A

DEPRECATED
Java
38
star
41

tokite

Ruby
35
star
42

r53-fox

AWS Route53 GUI client
JavaScript
31
star
43

daifuku

A markdown parser and compiler for log definitions in mobile applications
Ruby
31
star
44

android-crud-paging-v3

Kotlin
30
star
45

kumonos

Moved to https://github.com/cookpad/itacho
Ruby
30
star
46

itacho

itacho to manage and operate envoy based service mesh.
Go
28
star
47

gem_collector

Collect gems used by applications
Ruby
27
star
48

iam-fox

AWS IAM GUI client
JavaScript
26
star
49

sds

Envoy's v1 Service Discovery Service API and v2 Endpoint Discovery Service API
Rust
24
star
50

ViewsWaiter

A reactive approach for updating views that you don't view
Kotlin
23
star
51

streamy

Basic toolset for hooking into event stream
Ruby
22
star
52

cpc1.0

Cookpad Parsed Corpus: a dataset of linguistically annotated recipes (Linguistic Annotation Workshop 2020)
Python
21
star
53

denv

Loads environment variables to `ENV` from `.env` file
Ruby
19
star
54

guard_against_physical_delete

guard_against_physical_delete is monkey patch for ActiveRecord. This patch prevent deleting record physically.
Ruby
19
star
55

2018-newgrads-engineer-portfolio

クックパッド 2018 年度新卒採用選考エントリーシート提出方法と、その時に利用するファイル一式です。
19
star
56

OkReport

Android library to submit reports without leaving the app.
Kotlin
18
star
57

cp8_cli

Cookpad Global CLI
Ruby
18
star
58

cookpad-internship-2019-summer

Swift
18
star
59

armg

Add MySQL geometry type to Active Record.
Ruby
18
star
60

StringsPatcher

An android lib for updating string resources on the fly
Kotlin
14
star
61

sisito

It is sisimai collected data frontend.
Ruby
14
star
62

rgossip2

Basic implementation of a gossip protocol. This is a porting of Java implementation. see http://code.google.com/p/gossip-protocol-java/
Ruby
13
star
63

Phakchi

Pact consumer client library in Swift
Swift
13
star
64

ecamo

SSL image proxy with JWT authentication
Rust
12
star
65

janiConverter

Online transcoder: from movie file to jani-format. Supports VAST integration
Ruby
12
star
66

session_store_relocator

Supports Rails session store relocation with duplicate write session data to multiple stores
Ruby
11
star
67

cookpad-internship-2017-summer

Jupyter Notebook
11
star
68

reuse_query_results

reuse mysql query results
Ruby
11
star
69

onesky-gradle-plugin

Kotlin
11
star
70

techconf2017-network

Ruby
10
star
71

aws-falcon-data-forwarder

CrowdStrike Falcon log forwarder from falcon S3 bucket to your S3 bucket
Go
10
star
72

cookpad-internship-2018-summer

Ruby
10
star
73

raven-transports-fluentd

Send error logs to sentry via fluentd
Ruby
10
star
74

prism

Streaming loader for Amazon Redshift Spectrum
Java
10
star
75

2016-internship-engineer-portfolio

クックパッド 2016 インターンの応募方法と、その時に利用するファイル一式です。
9
star
76

2017-internship-engineer-portfolio

クックパッド サマーインターンシップ 2017 への応募方法についての説明です。
9
star
77

minerva

Serverless Log Search Architecture for Security Monitoring based on Amazon Athena
Go
8
star
78

oicy-taste

design information of condiment dispenser "OiCy Taste"
C++
8
star
79

swift-user-defaults

A series of Swift friendly utilities for Foundation's UserDefaults class.
Swift
8
star
80

spring-internship-2021-lecture-code

TypeScript
7
star
81

dango

A service for managing i18n
Elixir
6
star
82

garage-doorkeeper

Garage extension to integrate doorkeeper gem
Ruby
5
star
83

griffin-interceptors

Ruby
5
star
84

cookpad_departure_defaults

Ruby
5
star
85

cookpad-internship-2020-summer-ios

Swift
4
star
86

android-studio-templates

Provides a set of templates for scaffolding architectural repetitive tasks.
Kotlin
4
star
87

cookpad-performance

Some performance tools we use across our Rails applications
Ruby
4
star
88

cookpad-internship-2020-summer-web

Ruby
4
star
89

barbeque_client

barbeque client for Ruby
Ruby
4
star
90

wait-side-car

Wait essential side-car containers to be available.
Go
4
star
91

rsolr_cookpad

A Ruby client for Apache Solr (saving weights of the repository by cutting down disused branches and tags)
Ruby
3
star
92

cookpad-internship-2021-summer-ios

Swift
3
star
93

package-scanner-android

WIP
Java
3
star
94

mirin

Redirection Service
Haskell
3
star
95

cookpad_mysql_defaults

Cookpad's MySQL defaults
Ruby
3
star
96

cookpad-internship-1day-ruby

Ruby
3
star
97

SocialConnect

OAuth library for Android: retrieves OAuth tokens from multiple social networks.
Kotlin
3
star
98

github-app-installation-token-action

A GitHub Action that can be used to generate scoped credentials for use within your workflow using an App integration.
JavaScript
3
star
99

bitrise-step-github-app-installation-token

Go
2
star
100

rubyists-on-rails

Passenger Announcement for Rubyists on Rails.
2
star