System-End/hackatime
1
0
Fork 0
mirror of https://github.com/System-End/hackatime.git synced 2026-04-19 16:38:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
hackatime/spec/requests/api/internal/internal_spec.rb
Tom (Deployor) 8d0215ff0f
feat: added actual api docs (rswag) + ci enforcement (#846) 
* feat: add API documentation and CI checks

- Add Rswag for automated API documentation generation
- Add Swagger specs for all endpoints
- Add CI step to enforce that swagger.yaml stays in sync with code
- Add static test keys in seeds.rb for easier testing
- Update AGENTS.md and README.md to support this

* Merge branch 'main' of https://github.com/deployor/hackatime

* Merge branch 'main' into main

* Deprecations! Yay! :)

* It was wan addicent i swear linter! Dont hurt me

* Apply suggestions from code review

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Copilot..... we love you! Also this project is open and so are api docs meant to be if another AI reads ts!

* Merge branch 'main' of https://github.com/deployor/hackatime

* Merge branch 'main' into main

* Merge branch 'main' into main

* Update app/controllers/api/admin/v1/admin_controller.rb

If you say so

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update spec/requests/api/v1/my_spec.rb

I guessss?

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Failed my own CI wow.... EMBARRASSINGGGG

* Merge branch 'main' into main

* Merge branch 'main' into main

* clarify wording on internal/revoke

* Merge branch 'main' into main

* update swagger docs
2026-01-27 01:05:49 -05:00

105 lines
3.5 KiB
Ruby
Raw Blame History

require 'swagger_helper'
RSpec.describe 'Api::Internal', type: :request do
path '/api/internal/revoke' do
post('Revoke access') do
tags 'Internal'
description 'Internal endpoint to revoke access tokens. Use with caution. Requires HKA_REVOCATION_KEY environment variable authentication. This is used for Revoker to allow security researchers to revoke compromised tokens.'
security [ InternalToken: [] ]
consumes 'application/json'
produces 'application/json'
parameter name: :payload, in: :body, schema: {
type: :object,
properties: {
token: { type: :string }
},
required: [ 'token' ]
}
response(200, 'successful') do
let(:Authorization) { "Bearer test_revocation_key" }
let(:payload) { { token: 'some_token' } }
before do
allow(ENV).to receive(:[]).and_call_original
allow(ENV).to receive(:[]).with("HKA_REVOCATION_KEY").and_return("test_revocation_key")
allow(ActiveSupport::SecurityUtils).to receive(:secure_compare).with("test_revocation_key", "test_revocation_key").and_return(true)
end
schema type: :object,
properties: {
success: { type: :boolean },
owner_email: { type: :string, nullable: true },
key_name: { type: :string, nullable: true }
}
run_test!
end
response(400, 'bad request') do
let(:Authorization) { "Bearer test_revocation_key" }
let(:payload) { { token: nil } }
before do
allow(ENV).to receive(:[]).and_call_original
allow(ENV).to receive(:[]).with("HKA_REVOCATION_KEY").and_return("test_revocation_key")
allow(ActiveSupport::SecurityUtils).to receive(:secure_compare).with("test_revocation_key", "test_revocation_key").and_return(true)
end
run_test!
end
end
end
path '/api/internal/can_i_have_a_magic_link_for/{id}' do
post('Create magic link') do
tags 'Internal'
description 'Internal endpoint to generate magic login links for users via Slack UID and Email.'
security [ InternalToken: [] ]
consumes 'application/json'
produces 'application/json'
parameter name: :id, in: :path, type: :string, description: 'Slack UID'
parameter name: :payload, in: :body, schema: {
type: :object,
properties: {
email: { type: :string, format: :email },
continue_param: { type: :string },
return_data: { type: :object }
},
required: [ 'email' ]
}
response(200, 'successful') do
let(:Authorization) { "Bearer dev-api-key-12345" }
let(:id) { 'U123456' }
let(:payload) { { email: 'test@example.com' } }
before do
allow(ENV).to receive(:[]).and_call_original
allow(ENV).to receive(:[]).with("INTERNAL_API_KEYS").and_return("dev-api-key-12345")
end
schema type: :object,
properties: {
magic_link: { type: :string },
existing: { type: :boolean }
}
run_test!
end
response(400, 'bad request') do
let(:Authorization) { "Bearer dev-api-key-12345" }
let(:id) { 'U123456' }
let(:payload) { { email: '' } }
before do
allow(ENV).to receive(:[]).and_call_original
allow(ENV).to receive(:[]).with("INTERNAL_API_KEYS").and_return("dev-api-key-12345")
end
run_test!
end
end
end
end
Reference in a new issue View git blame Copy permalink