mirror of
https://github.com/maybe-finance/maybe.git
synced 2025-07-25 08:09:38 +02:00
b803ddac96
* OAuth * Add API test routes and update Doorkeeper token handling for test environment - Introduced API namespace with test routes for controller testing in the test environment. - Updated Doorkeeper configuration to allow fallback to plain tokens in the test environment for easier testing. - Modified schema to change resource_owner_id type from bigint to string. * Implement API key authentication and enhance access control - Replaced Doorkeeper OAuth authentication with a custom method supporting both OAuth and API keys in the BaseController. - Added methods for API key authentication, including validation and logging. - Introduced scope-based authorization for API keys in the TestController. - Updated routes to include API key management endpoints. - Enhanced logging for API access to include authentication method details. - Added tests for API key functionality, including validation, scope checks, and access control enforcement. * Add API key rate limiting and usage tracking - Implemented rate limiting for API key authentication in BaseController. - Added methods to check rate limits, render appropriate responses, and include rate limit headers in responses. - Updated routes to include a new usage resource for tracking API usage. - Enhanced tests to verify rate limit functionality, including exceeding limits and per-key tracking. - Cleaned up Redis data in tests to ensure isolation between test cases. * Add Jbuilder for JSON rendering and refactor AccountsController - Added Jbuilder gem for improved JSON response handling. - Refactored index action in AccountsController to utilize Jbuilder for rendering JSON. - Removed manual serialization of accounts and streamlined response structure. - Implemented a before_action in BaseController to enforce JSON format for all API requests. * Add transactions resource to API routes - Added routes for transactions, allowing index, show, create, update, and destroy actions. - This enhancement supports comprehensive transaction management within the API. * Enhance API authentication and onboarding handling - Updated BaseController to skip onboarding requirements for API endpoints and added manual token verification for OAuth authentication. - Improved error handling and logging for invalid access tokens. - Introduced a method to set up the current context for API requests, ensuring compatibility with session-like behavior. - Excluded API paths from onboarding redirects in the Onboardable concern. - Updated database schema to change resource_owner_id type from bigint to string for OAuth access grants. * Fix rubocop offenses - Fix indentation and spacing issues - Convert single quotes to double quotes - Add spaces inside array brackets - Fix comment alignment - Add missing trailing newlines - Correct else/end alignment 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Fix API test failures and improve test reliability - Fix ApiRateLimiterTest by removing mock users method and using fixtures - Fix UsageControllerTest by removing mock users method and using fixtures - Fix BaseControllerTest by using different users for multiple API keys - Use unique display_key values with SecureRandom to avoid conflicts - Fix double render issue in UsageController by returning after authorize_scope\! - Specify controller name in routes for usage resource - Remove trailing whitespace and empty lines per Rubocop All tests now pass and linting is clean. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Add API transactions controller warning to brakeman ignore The account_id parameter in the API transactions controller is properly validated on line 79: family.accounts.find(transaction_params[:account_id]) This ensures users can only create transactions in accounts belonging to their family, making this a false positive. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Signed-off-by: Josh Pigford <josh@joshpigford.com> Co-authored-by: Claude <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| 20240201183314_enable_uuid.rb | ||
| 20240201184038_create_families.rb | ||
| 20240201184212_create_users.rb | ||
| 20240202015428_create_accounts.rb | ||
| 20240202191425_create_account_loans.rb | ||
| 20240202191746_add_accountable_to_account.rb | ||
| 20240202192214_create_account_depositories.rb | ||
| 20240202192231_create_account_credits.rb | ||
| 20240202192238_create_account_investments.rb | ||
| 20240202192312_create_account_properties.rb | ||
| 20240202192319_create_account_vehicles.rb | ||
| 20240202192327_create_account_other_assets.rb | ||
| 20240202192333_create_account_other_liabilities.rb | ||
| 20240202230325_create_invite_codes.rb | ||
| 20240203030754_remove_type_from_accounts.rb | ||
| 20240203050018_add_token_index_to_invite_codes.rb | ||
| 20240206031739_replace_money_field.rb | ||
| 20240209153232_add_currency_to_families.rb | ||
| 20240209174912_redo_money_storage.rb | ||
| 20240209200519_create_currencies.rb | ||
| 20240209200924_create_exchange_rates.rb | ||
| 20240210155058_create_good_jobs.rb | ||
| 20240212150110_create_account_balances.rb | ||
| 20240215201527_create_valuations.rb | ||
| 20240221004818_remove_valuation_type.rb | ||
| 20240222144849_add_status_to_account.rb | ||
| 20240223162105_create_transactions.rb | ||
| 20240227142457_rename_account_balance.rb | ||
| 20240302145715_add_classification_to_accounts.rb | ||
| 20240306193345_add_is_active_to_account.rb | ||
| 20240307082827_create_transaction_categories.rb | ||
| 20240308121431_remove_currency_table.rb | ||
| 20240308214956_add_notes_and_excluded_to_transaction.rb | ||
| 20240309180636_add_sync_status_fields_to_account.rb | ||
| 20240313141813_update_unique_indexes_for_account_balance_and_exchange_rate.rb | ||
| 20240313203622_remove_converted_balance_from_account.rb | ||
| 20240319154732_create_account_cryptos.rb | ||
| 20240325064211_add_uniq_index_to_users_email.rb | ||
| 20240401213443_add_last_sync_date_to_accounts.rb | ||
| 20240403192649_add_last_login_at_to_users.rb | ||
| 20240404112829_change_transaction_category_delete_behavior.rb | ||
| 20240410183531_create_settings.rb | ||
| 20240411102931_add_last_seen_upgrade_to_user.rb | ||
| 20240425000110_add_role_to_users.rb | ||
| 20240426162500_create_active_storage_tables.active_storage.rb | ||
| 20240426191312_add_transaction_merchants.rb | ||
| 20240430111641_add_active_to_users.rb | ||
| 20240502205006_create_imports.rb | ||
| 20240520074309_add_admin_role_to_current_users.rb | ||
| 20240522133147_create_tags.rb | ||
| 20240522151453_create_taggings.rb | ||
| 20240524203959_change_account_error_columns_default.rb | ||
| 20240612164751_create_institutions.rb | ||
| 20240612164944_add_institution_to_accounts.rb | ||
| 20240614120946_create_transfers.rb | ||
| 20240614121110_add_transfer_fields_to_transaction.rb | ||
| 20240619125949_rename_accountable_tables.rb | ||
| 20240620114307_rename_categories_table.rb | ||
| 20240620122201_rename_merchants_table.rb | ||
| 20240620125026_rename_transfer_table.rb | ||
| 20240620221801_rename_valuation_table.rb | ||
| 20240621212528_rename_transactions_table.rb | ||
| 20240624160611_create_account_entries.rb | ||
| 20240624161153_migrate_entryables.rb | ||
| 20240624164119_remove_old_columns_from_entryables.rb | ||
| 20240628104551_move_transfers_association_from_transactions_to_entries.rb | ||
| 20240706151026_rename_rate_fields.rb | ||
| 20240707130331_create_account_syncs.rb | ||
| 20240709113713_create_good_job_execution_error_backtrace.rb | ||
| 20240709113714_create_good_job_process_lock_ids.rb | ||
| 20240709113715_create_good_job_process_lock_indexes.rb | ||
| 20240709152243_create_good_job_execution_duration.rb | ||
| 20240710182529_create_securities.rb | ||
| 20240710182728_create_security_prices.rb | ||
| 20240710184048_create_account_trades.rb | ||
| 20240710184249_create_account_holdings.rb | ||
| 20240717113535_remove_default_from_account_balance.rb | ||
| 20240725163339_add_last_synced_at_to_family.rb | ||
| 20240731191344_change_primary_identifier_for_security.rb | ||
| 20240807153618_add_currency_field_to_trade.rb | ||
| 20240813170608_fix_invalid_accountable_data.rb | ||
| 20240815125404_create_issues.rb | ||
| 20240815190722_remove_warnings_from_sync.rb | ||
| 20240816071555_add_col_sep_to_imports.rb | ||
| 20240817144454_rename_import_raw_csv_str_to_raw_file_str.rb | ||
| 20240822174006_create_addresses.rb | ||
| 20240822180845_add_property_attributes.rb | ||
| 20240823125526_add_details_to_vehicle.rb | ||
| 20240911143158_add_last_synced_at_institution.rb | ||
| 20240921170426_change_import_owner.rb | ||
| 20240925112218_add_import_types.rb | ||
| 20241001181256_add_locale_preference.rb | ||
| 20241003163448_create_sessions.rb | ||
| 20241007211438_add_billing_to_families.rb | ||
| 20241008122449_add_debt_account_views.rb | ||
| 20241009132959_add_notes_to_entry.rb | ||
| 20241009214601_add_super_admin_to_users.rb | ||
| 20241017162347_create_impersonation_sessions.rb | ||
| 20241017162536_create_impersonation_session_logs.rb | ||
| 20241017204250_add_accounts_indexes.rb | ||
| 20241018201653_add_account_mode.rb | ||
| 20241022170439_create_stock_exchanges.rb | ||
| 20241022192319_fix_user_role_column_type.rb | ||
| 20241022221544_add_onboarding_fields.rb | ||
| 20241023195438_add_stock_exchange_reference.rb | ||
| 20241024142537_add_subscription_timestamp_to_session.rb | ||
| 20241025174650_add_mic_to_securities.rb | ||
| 20241025182612_add_search_vector_to_securities.rb | ||
| 20241029125406_add_reference_to_security_prices.rb | ||
| 20241029184115_remove_prices_missing_issue.rb | ||
| 20241029234028_remove_search_vector.rb | ||
| 20241030121302_fix_not_null_stock_exchange_data.rb | ||
| 20241030151105_remove_account_mode.rb | ||
| 20241030222235_create_invitations.rb | ||
| 20241106193743_add_plaid_domain.rb | ||
| 20241108150422_add_unique_email_index_to_invitations.rb | ||
| 20241114164118_add_products_to_plaid_item.rb | ||
| 20241122183828_change_loan_interest_rate_precision.rb.rb | ||
| 20241126211249_add_logo_url_to_security.rb | ||
| 20241204235400_add_balance_components.rb | ||
| 20241207002408_add_family_timezone.rb | ||
| 20241212141453_add_merchant_logo.rb | ||
| 20241217141716_add_enrichment_setting.rb | ||
| 20241218132503_add_enriched_name_field.rb | ||
| 20241219151540_add_region_to_plaid_item.rb | ||
| 20241219174803_add_parent_category.rb | ||
| 20241227142333_add_error_trace_to_syncs.rb | ||
| 20241231140709_reverse_transfer_relations.rb | ||
| 20250108182147_create_budgets.rb | ||
| 20250108200055_create_budget_categories.rb | ||
| 20250110012347_category_classification.rb | ||
| 20250120210449_align_transfer_cascade_behavior.rb | ||
| 20250124224316_create_rejected_transfers.rb | ||
| 20250128203303_store_transaction_filters_in_session.rb | ||
| 20250130191533_add_email_confirmation_to_users.rb | ||
| 20250130214500_remove_email_confirmation_sent_at_from_users.rb | ||
| 20250131171943_remove_email_confirmation_token_from_users.rb | ||
| 20250206003115_remove_import_status_enum.rb | ||
| 20250206141452_add_institution_details_to_plaid_items.rb | ||
| 20250206151825_add_mfa_fields_to_users.rb | ||
| 20250206204404_add_constraints_to_account_holdings.rb | ||
| 20250207011850_add_exchange_operating_mic_to_securities.rb | ||
| 20250207014022_add_number_format_to_imports.rb | ||
| 20250207194638_adjust_securities_indexes.rb | ||
| 20250211161238_make_ticker_not_null.rb | ||
| 20250212163624_add_status_to_plaid_items.rb | ||
| 20250212213301_add_user_sidebar_preference.rb | ||
| 20250220153958_update_imports_for_operating_mic_v2.rb | ||
| 20250220200735_add_default_lucide_icon_to_categories.rb | ||
| 20250303141007_add_optional_account_for_import.rb | ||
| 20250304140435_add_default_period_to_users.rb | ||
| 20250304200956_add_signage_type_to_imports.rb | ||
| 20250315191233_remove_ticker_from_security_prices.rb | ||
| 20250316103753_remove_issues.rb | ||
| 20250316122019_security_price_unique_index.rb | ||
| 20250318212559_remove_good_job.rb | ||
| 20250319145426_remove_self_host_upgrades.rb | ||
| 20250319212839_create_ai_chats.rb | ||
| 20250405210514_add_initial_balance_field.rb | ||
| 20250410144939_add_theme_to_users.rb | ||
| 20250411140604_add_parent_syncs.rb | ||
| 20250413141446_table_renames.rb | ||
| 20250416235317_add_rules_engine.rb | ||
| 20250416235420_add_data_enrichments.rb | ||
| 20250416235758_merchant_and_category_enrichment.rb | ||
| 20250429021255_add_name_to_rules.rb | ||
| 20250501172430_add_user_goals.rb | ||
| 20250502164951_create_subscriptions.rb | ||
| 20250509182903_dynamic_last_synced.rb | ||
| 20250512171654_update_sync_timestamps.rb | ||
| 20250513122703_add_uniqueness_to_subscriptions.rb | ||
| 20250514214242_add_metadata_to_session.rb | ||
| 20250516180846_remove_stock_exchanges.rb | ||
| 20250518181619_add_auto_sync_preference_to_family.rb | ||
| 20250521112347_add_security_resolver_fields.rb | ||
| 20250522201031_stronger_unique_index_on_security.rb | ||
| 20250523131455_add_raw_payloads_to_plaid_accounts.rb | ||
| 20250605031616_add_index_to_sync_status.rb | ||
| 20250610181219_add_sync_timestamps_to_family.rb | ||
| 20250612150749_create_doorkeeper_tables.rb | ||
| 20250612154522_fix_doorkeeper_resource_owner_id_for_uuid.rb | ||
| 20250613002027_create_api_keys.rb | ||
| 20250613100842_add_display_key_to_api_keys.rb | ||
| 20250613101036_remove_key_from_api_keys.rb | ||
| 20250613101051_remove_key_index_from_api_keys.rb | ||
| 20250613152743_fix_doorkeeper_access_grants_resource_owner_id_for_uuid.rb | ||