Jacquelyn Cheng - MediaRanker Revisited

.gitignore

@@ -13,5 +13,18 @@
 !/log/.keep
 !/tmp/.keep
 
+# Ignore uploaded files in development
+/storage/*
+!/storage/.keep
+
+/node_modules
+/yarn-error.log
+
+/public/assets
+.byebug_history
+/coverage
+.DS_Store
+.env
+
 # Ignore Byebug command history file.
 .byebug_history

Gemfile

@@ -20,6 +20,10 @@ gem 'coffee-rails', '~> 4.2'
 # See https://github.com/rails/execjs#readme for more supported runtimes
 # gem 'therubyracer', platforms: :ruby
 
+gem 'omniauth'
+gem 'omniauth-github'
+gem 'omniauth-google-oauth2'
+
 # Use jquery as the JavaScript library
 gem 'jquery-rails'
 # Turbolinks makes navigating your web application faster. Read more: https://github.com/turbolinks/turbolinks
@@ -62,6 +66,7 @@ group :development do
   # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
   gem 'spring'
   gem 'spring-watcher-listen', '~> 2.0.0'
+  gem 'dotenv-rails'
 end
 
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem

Gemfile.lock

@@ -70,11 +70,18 @@ GEM
     concurrent-ruby (1.0.5)
     crass (1.0.4)
     debug_inspector (0.0.3)
+    dotenv (2.5.0)
+    dotenv-rails (2.5.0)
+      dotenv (= 2.5.0)
+      railties (>= 3.2, < 6.0)
     erubi (1.7.1)
     execjs (2.7.0)
+    faraday (0.15.3)
+      multipart-post (>= 1.2, < 3)
     ffi (1.9.25)
     globalid (0.4.1)
       activesupport (>= 4.2.0)
+    hashie (3.5.7)
     i18n (1.1.0)
       concurrent-ruby (~> 1.0)
     jbuilder (2.7.0)
@@ -84,6 +91,7 @@ GEM
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
+    jwt (2.1.0)
     listen (3.0.8)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -113,9 +121,30 @@ GEM
       minitest (~> 5.0)
       rails (>= 4.1)
     multi_json (1.13.1)
+    multi_xml (0.6.0)
+    multipart-post (2.0.0)
     nio4r (2.3.1)
     nokogiri (1.8.4)
       mini_portile2 (~> 2.3.0)
+    oauth2 (1.4.1)
+      faraday (>= 0.8, < 0.16.0)
+      jwt (>= 1.0, < 3.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    omniauth (1.8.1)
+      hashie (>= 3.4.6, < 3.6.0)
+      rack (>= 1.6.2, < 3)
+    omniauth-github (1.3.0)
+      omniauth (~> 1.5)
+      omniauth-oauth2 (>= 1.4.0, < 2.0)
+    omniauth-google-oauth2 (0.5.3)
+      jwt (>= 1.5)
+      omniauth (>= 1.1.1)
+      omniauth-oauth2 (>= 1.5)
+    omniauth-oauth2 (1.5.0)
+      oauth2 (~> 1.1)
+      omniauth (~> 1.2)
     pg (0.21.0)
     popper_js (1.14.3)
     pry (0.11.3)
@@ -207,13 +236,17 @@ DEPENDENCIES
   bootstrap (~> 4.1.3)
   byebug
   coffee-rails (~> 4.2)
+  dotenv-rails
   jbuilder (~> 2.5)
   jquery-rails
   listen (~> 3.0.5)
   minitest-rails
   minitest-reporters
   minitest-skip
   minitest-spec-rails
+  omniauth
+  omniauth-github
+  omniauth-google-oauth2
   pg (~> 0.18)
   pry-rails
   puma (~> 3.0)

app/assets/stylesheets/application.scss

@@ -85,7 +85,7 @@ a:hover {
 }
 
 .app-header__user-nav-container .nav-item {
-  margin-left: 2rem;
+  margin-left: 1rem;
 }
 
 .list-group-item {

app/controllers/application_controller.rb

@@ -1,13 +1,21 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
 
-  before_action :find_user
+  before_action :find_user, :require_login
 
   def render_404
     # DPR: this will actually render a 404 page in production
     raise ActionController::RoutingError.new('Not Found')
   end
 
+  def require_login
+    unless find_user
+      flash[:status] = :failure
+      flash[:result_text] = "You must be logged in to view this section"
+      redirect_to root_path
+    end
+  end
+
 private
   def find_user
     if session[:user_id]

app/controllers/sessions_controller.rb

@@ -1,34 +1,38 @@
 class SessionsController < ApplicationController
-  def login_form
-  end
+  skip_before_action :require_login, only: [:create]
+
+  def create
+    auth_hash = request.env['omniauth.auth']
+
+    user = User.find_by(uid: auth_hash[:uid], provider: auth_hash[:provider])
 
-  def login
-    username = params[:username]
-    if username and user = User.find_by(username: username)
+    if user
       session[:user_id] = user.id
       flash[:status] = :success
       flash[:result_text] = "Successfully logged in as existing user #{user.username}"
     else
-      user = User.new(username: username)
+      user = User.build_from_github(auth_hash) if auth_hash[:provider] == 'github'
+      user = User.build_from_google(auth_hash) if auth_hash[:provider] == 'google_oauth2'
+
       if user.save
         session[:user_id] = user.id
         flash[:status] = :success
-        flash[:result_text] = "Successfully created new user #{user.username} with ID #{user.id}"
+        flash[:result_text] = "Successfully created new user #{user.username}"
       else
         flash.now[:status] = :failure
         flash.now[:result_text] = "Could not log in"
         flash.now[:messages] = user.errors.messages
-        render "login_form", status: :bad_request
-        return
       end
     end
+
     redirect_to root_path
   end
 
-  def logout
+  def destroy
     session[:user_id] = nil
     flash[:status] = :success
     flash[:result_text] = "Successfully logged out"
+
     redirect_to root_path
   end
 end

app/controllers/works_controller.rb

@@ -2,6 +2,8 @@ class WorksController < ApplicationController
   # We should always be able to tell what category
   # of work we're dealing with
   before_action :category_from_work, except: [:root, :index, :new, :create]
+  before_action :check_owner, only: [:edit, :update, :destroy]
+  skip_before_action :require_login, only: [:root]
 
   def root
     @albums = Work.best_albums
@@ -50,7 +52,7 @@ def update
       flash.now[:status] = :failure
       flash.now[:result_text] = "Could not update #{@media_category.singularize}"
       flash.now[:messages] = @work.errors.messages
-      render :edit, status: :not_found
+      render :edit, status: :bad_request
     end
   end
 
@@ -74,6 +76,7 @@ def upvote
       end
     else
       flash[:result_text] = "You must log in to do that"
+      redirect_to root_path
     end
 
     # Refresh the page to show either the updated vote count
@@ -83,12 +86,20 @@ def upvote
 
 private
   def media_params
-    params.require(:work).permit(:title, :category, :creator, :description, :publication_year)
+    params.require(:work).permit(:title, :category, :creator, :description, :publication_year, :user_id)
   end
 
   def category_from_work
     @work = Work.find_by(id: params[:id])
     render_404 unless @work
     @media_category = @work.category.downcase.pluralize
   end
+
+  def check_owner
+    unless @work.user.id == @login_user.id
+      flash[:status] = :failure
+      flash[:result_text] = "You can only edit works you added to the site"
+      redirect_to works_path
+    end
+  end
 end

app/models/user.rb

@@ -1,6 +1,31 @@
 class User < ApplicationRecord
-  has_many :votes
+  has_many :votes, dependent: :destroy
+  has_many :works, dependent: :destroy
   has_many :ranked_works, through: :votes, source: :work
 
   validates :username, uniqueness: true, presence: true
+  validates :uid, presence: true
+  validates :provider, presence: true
+
+  def self.build_from_github(auth_hash)
+    user = User.new
+
+    user.provider = 'github'
+    user.uid = auth_hash[:uid]
+    user.username = auth_hash[:info][:nickname]
+    user.name = auth_hash[:info][:name]
+
+    return user
+  end
+
+  def self.build_from_google(auth_hash)
+    user = User.new
+
+    user.provider = 'google_oauth2'
+    user.uid = auth_hash[:uid]
+    user.username = auth_hash[:info][:email]
+    user.name = auth_hash[:info][:name]
+
+    return user
+  end
 end

app/models/work.rb

@@ -1,5 +1,6 @@
 class Work < ApplicationRecord
   CATEGORIES = %w(album book movie)
+  belongs_to :user
   has_many :votes, dependent: :destroy
   has_many :ranking_users, through: :votes, source: :user
 

app/views/layouts/application.html.erb

@@ -36,16 +36,19 @@
         <% if @login_user %>
 
         <li class="nav-item app-header__nav_item">
-          <%= link_to "Logged in as #{@login_user.username}", user_path(@login_user), class: "btn btn-primary" %>
+          <%= link_to "View profile", user_path(@login_user), class: "btn btn-primary" %>
         </li>
         <li class="nav-item app-header__nav_item">
-          <%= link_to "Log Out", logout_path, method: :post, class: "btn btn-primary" %>
+          <%= link_to "Log out", logout_path, method: "delete", class: "btn btn-primary" %>
         </li>
 
         <% else %>
 
         <li class="nav-item app-header__nav_item">
-          <%= link_to "Log In", login_path, class: "btn btn-primary" %>
+          <%= link_to "Sign in with Github", "/auth/github", class: "btn btn-primary" %>
+        </li>
+        <li class="nav-item app-header__nav_item">
+          <%= link_to "Sign in with Google", "/auth/google_oauth2", class: "btn btn-primary" %>
         </li>
         <% end %>
 

app/views/works/_form.html.erb

@@ -25,6 +25,8 @@
       <%= f.text_area :description, class: "form-control" %>
     </div>
 
+    <%= f.hidden_field :user_id, value: @login_user.id %>
+
     <div class="form-group">
       <%= f.submit class: "btn btn-primary" %>
     </div>

config/initializers/omniauth.rb

@@ -0,0 +1,7 @@
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :github, ENV["GITHUB_CLIENT_ID"], ENV["GITHUB_CLIENT_SECRET"], scope: "user:email"
+end
+
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET'], { scope: 'userinfo.email, userinfo.profile', redirect_uri: 'http://localhost:3000/auth/google_oauth2/callback' }
+end

config/routes.rb

@@ -1,9 +1,14 @@
 Rails.application.routes.draw do
   # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
   root 'works#root'
-  get '/login', to: 'sessions#login_form', as: 'login'
-  post '/login', to: 'sessions#login'
-  post '/logout', to: 'sessions#logout', as: 'logout'
+
+  # ROUTES PRIOR TO OAUTH USE:
+  # get '/login', to: 'sessions#login_form', as: 'login'
+  # post '/login', to: 'sessions#login'
+  # post '/logout', to: 'sessions#logout', as: 'logout'
+
+  get '/auth/:provider/callback', to: 'sessions#create', as: 'auth_callback'
+  delete '/logout', to: 'sessions#destroy', as: 'logout'
 
   resources :works
   post '/works/:id/upvote', to: 'works#upvote', as: 'upvote'

db/media_seeds.csv

@@ -1,25 +1,25 @@
-category,title,creator,publication_year,description
-album,Blue Breaker,Dr. Sarai Langosh,1949,Et et expedita non aut quo.
-book,Joe Treat,Blaise Lesch,1968,Voluptatem adipisci qui velit.
-album,Kreb-Full-o Been,Ms. Trevion Buckridge,2016,Vero consectetur delectus consequatur id aut accusantium unde excepturi.
-album,Wake-up Pie,Timmy Streich I,1919,Voluptatem consequatur qui consectetur nisi officiis culpa.
-album,Major Cup,Jayde Bartoletti,1944,Quis recusandae cum est facere consequatur minima magni et.
-book,Summer Select,Ms. Gwendolyn Ortiz,1946,Et molestiae eos nam odit aut sed.
-album,Holiday Choice,Alexandria Lehner,1940,Excepturi voluptas ut voluptatum.
-book,Postmodern Blend,Meredith Brekke,1970,Dolorem fugit accusantium qui.
-book,Green Forrester,Raquel Hirthe,1933,Omnis qui quia odio.
-album,Winter Mug,Tia Weissnat II,1990,Laboriosam autem iusto quae sed voluptate et.
-book,Red Pie,Davon Kub,1961,Id dolorem qui laborum quia.
-album,Major Equinox,Queen Satterfield,1997,Fugit perferendis est quam sunt porro vel rerum.
-book,Melty Breaker,Montana Dickinson Sr.,1991,Perferendis harum fuga corporis.
-book,Winter Pie,Mr. Syble Kuhn,1970,Incidunt molestias deserunt laudantium.
-album,Goodbye Utopia,Orion Spencer,1962,Praesentium enim pariatur voluptatem sed quod dolorum.
-album,Green Select,Berneice Jenkins,1957,Hic repudiandae molestiae id nulla aliquid maiores necessitatibus.
-book,Blacktop Enlightenment,Seamus D'Amore,1928,Ea id cumque et pariatur magni nemo dolorem.
-album,Express Extract,Dorothy Jast I,1969,Dolores dolorum aut ea aperiam et voluptatem.
-album,Winter Been,Mackenzie Wilkinson,1932,Culpa repudiandae et at sint et amet fugiat et.
-book,Heart Mug,Orpha Douglas,2009,Qui voluptas alias quia.
-album,Blue Treat,Eliseo Gorczany,1979,Sit est quis veniam saepe.
-book,Hello Town,Laury Walter,2005,Est sed ut asperiores sed fugiat.
-album,Blacktop Choice,Casey Feil,2008,Temporibus ex maxime labore quam et natus quia ipsum.
-book,Huggy Star,Nigel Lesch DVM,1962,Voluptatem ea aspernatur nesciunt ipsa quis error corporis placeat.
+category,title,creator,publication_year,description,user_id
+album,Blue Breaker,Dr. Sarai Langosh,1949,Et et expedita non aut quo.,1
+book,Joe Treat,Blaise Lesch,1968,Voluptatem adipisci qui velit.,1
+album,Kreb-Full-o Been,Ms. Trevion Buckridge,2016,Vero consectetur delectus consequatur id aut accusantium unde excepturi.,1
+album,Wake-up Pie,Timmy Streich I,1919,Voluptatem consequatur qui consectetur nisi officiis culpa.,1
+album,Major Cup,Jayde Bartoletti,1944,Quis recusandae cum est facere consequatur minima magni et.,1
+book,Summer Select,Ms. Gwendolyn Ortiz,1946,Et molestiae eos nam odit aut sed.,1
+album,Holiday Choice,Alexandria Lehner,1940,Excepturi voluptas ut voluptatum.,1
+book,Postmodern Blend,Meredith Brekke,1970,Dolorem fugit accusantium qui.,1
+book,Green Forrester,Raquel Hirthe,1933,Omnis qui quia odio.,1
+album,Winter Mug,Tia Weissnat II,1990,Laboriosam autem iusto quae sed voluptate et.,1
+book,Red Pie,Davon Kub,1961,Id dolorem qui laborum quia.,1
+album,Major Equinox,Queen Satterfield,1997,Fugit perferendis est quam sunt porro vel rerum.,1
+book,Melty Breaker,Montana Dickinson Sr.,1991,Perferendis harum fuga corporis.,1
+book,Winter Pie,Mr. Syble Kuhn,1970,Incidunt molestias deserunt laudantium.,1
+album,Goodbye Utopia,Orion Spencer,1962,Praesentium enim pariatur voluptatem sed quod dolorum.,1
+album,Green Select,Berneice Jenkins,1957,Hic repudiandae molestiae id nulla aliquid maiores necessitatibus.,1
+book,Blacktop Enlightenment,Seamus D'Amore,1928,Ea id cumque et pariatur magni nemo dolorem.,1
+album,Express Extract,Dorothy Jast I,1969,Dolores dolorum aut ea aperiam et voluptatem.,1
+album,Winter Been,Mackenzie Wilkinson,1932,Culpa repudiandae et at sint et amet fugiat et.,1
+book,Heart Mug,Orpha Douglas,2009,Qui voluptas alias quia.,1
+album,Blue Treat,Eliseo Gorczany,1979,Sit est quis veniam saepe.,1
+book,Hello Town,Laury Walter,2005,Est sed ut asperiores sed fugiat.,1
+album,Blacktop Choice,Casey Feil,2008,Temporibus ex maxime labore quam et natus quia ipsum.,1
+book,Huggy Star,Nigel Lesch DVM,1962,Voluptatem ea aspernatur nesciunt ipsa quis error corporis placeat.,1

db/migrate/20181016211249_add_oauth_to_user.rb

@@ -0,0 +1,7 @@
+class AddOauthToUser < ActiveRecord::Migration[5.2]
+  def change
+    add_column :users, :uid, :integer, null: false
+    add_column :users, :provider, :string, null: false
+    add_column :users, :name, :string
+  end
+end