Merge pull request #10 from hst-rds/api

Add basic study API

app/controllers/api/studies_controller.rb

@@ -0,0 +1,39 @@
+class Api::StudiesController < ApiController
+ def index
+ render json: Trial.all
+ end
+
+ def show
+ @trial = Trial.find_by(system_id: params[:id])
+
+ render json: @trial
+ end
+
+ def update
+ @trial = Trial.find_by(system_id: params[:id])
+
+ if @trial.update(trial_params)
+ head 200
+ else
+ render json: { error: @trial.errors }, status: 400
+ end
+ end
+
+ private
+
+ def trial_params
+ params.permit(
+ :brief_title,
+ :contact_override,
+ :contact_override_first_name,
+ :contact_override_last_name,
+ :irb_number,
+ :overall_status,
+ :pi_id,
+ :pi_name,
+ :recruiting,
+ :simple_description,
+ :visible
+ )
+ end
+end

app/controllers/api_controller.rb

@@ -0,0 +1,15 @@
+class ApiController < ActionController::API
+ before_action :restrict_to_authorized_tokens
+
+ private
+
+ def restrict_to_authorized_tokens
+ unless ApiKey.exists?(token: authorization_token)
+ head 401 and return
+ end
+ end
+
+ def authorization_token
+ request.headers["Authorization"].to_s.split(" ").last
+ end
+end

app/models/api_key.rb

@@ -0,0 +1,7 @@
+class ApiKey < ApplicationRecord
+ validates :name, presence: true
+
+ after_initialize do |api_key|
+ api_key.token = SecureRandom.base58(32)
+ end
+end

config/routes.rb

@@ -43,6 +43,10 @@
  get 'spotlight', controller: 'home', action: 'spotlight', as: :welcome
  get 'embed', controller: 'search', action: 'embed', as: :embed
 
+ namespace :api do
+ resources :studies, only: [:index, :show, :update]
+ end
+
  root 'home#index'
 
  # Example of regular route:

db/migrate/20210108230551_create_api_keys.rb

@@ -0,0 +1,10 @@
+class CreateApiKeys < ActiveRecord::Migration[5.2]
+ def change
+ create_table :api_keys do |t|
+ t.string :name
+ t.string :token
+
+ t.timestamps
+ end
+ end
+end

spec/controllers/api/studies_controller_spec.rb

@@ -0,0 +1,52 @@
+require "rails_helper"
+
+describe Api::StudiesController do
+ context "unauthenticated requests" do
+ it "are rejected" do
+ get :show, params: { id: "NCT123" }
+ expect(response).to have_http_status(401)
+ end
+ end
+
+ context "authenticated requests" do
+ before do
+ api_key = ApiKey.create!(name: "blah")
+ request.headers["Authorization"] = "bearer #{api_key.token}"
+ end
+
+ it "can read studies" do
+ study = Trial.create!(system_id: "NCT123")
+
+ get :show, params: { id: study.system_id }
+
+ expect(response).to have_http_status(200)
+ end
+
+ it "can update studies" do
+ study = Trial.create!(system_id: "NCT345")
+ attributes_to_update = {
+ contact_override: "blah@example.com",
+ contact_override_first_name: "Testy",
+ contact_override_last_name: "McTesterson",
+ irb_number: "1234567890",
+ pi_id: "somepi@example.com",
+ pi_name: "Some PI, M.D.",
+ recruiting: true,
+ simple_description: "This is a short description",
+ brief_title: "This is a brief title",
+ visible: true
+ }
+
+ patch :update, params: attributes_to_update.merge(id: "NCT345")
+
+ expect(response).to have_http_status(200)
+
+ study.reload
+
+ attributes_to_update.each do |attribute, value|
+ expect(study[attribute]).to eq(value)
+ end
+ end
+ end
+end
+

spec/models/api_key_spec.rb

@@ -0,0 +1,12 @@
+require 'rails_helper'
+
+describe ApiKey do
+ it "should generate a token when created" do
+ expect(subject.token.length).to eq(32)
+ end
+
+ it "should require a name" do
+ subject.save
+ expect(subject.errors).to have_key(:name)
+ end
+end