Backend: Minor revisit to the backend codebase. (#3354)

app/controllers/api/v1/rooms_controller.rb

@@ -3,6 +3,7 @@
 module Api
   module V1
     class RoomsController < ApplicationController
+      skip_before_action :verify_authenticity_token # TODO: amir - Revisit this.
       before_action :find_room, only: :show
 
       # GET /api/v1/rooms.json
@@ -10,7 +11,7 @@ module Api
       # Does: Returns the Rooms that belong to the user currently logged in
       def index
         # Return the rooms that belong to current user
-        rooms = Room.where(user_id: current_user.id)
+        rooms = Room.where(user_id: current_user&.id)
 
         render json: {
           data: rooms,
@@ -19,23 +20,16 @@ module Api
       end
 
       def show
-        if @room
         render json: {
           data: @room,
           errors: []
         }, status: :ok
-        else
-          render json: {
-            data: [],
-            errors: []
-          }, status: :not_found
-        end
       end
 
       private
 
       def find_room
-        @room = Room.find_by(friendly_id: params[:friendly_id])
+        @room = Room.find_by!(friendly_id: params[:friendly_id])
       end
     end
   end

app/controllers/api/v1/users_controller.rb

@@ -3,12 +3,15 @@
 module Api
   module V1
     class UsersController < ApplicationController
+      skip_before_action :verify_authenticity_token # TODO: amir - Revisit this.
+
       # POST /api/v1/users.json
       # Expects: { user: { :name, :email, :password, :password_confirmation } }
       # Returns: { data: Array[serializable objects] , errors: Array[String] }
       # Does: Creates and saves a new user record in the database with the provided parameters.
 
       def create
+        # TODO: amir - ensure accessibility for unauthenticated requests only.
         user = User.new({ provider: 'greenlight' }.merge(user_params)) # TMP fix for presence validation of :provider
         if user.save
           render json: {

app/controllers/application_controller.rb

 # frozen_string_literal: true
 
 class ApplicationController < ActionController::Base
-  protect_from_forgery with: :null_session # TODO: amir - Enable CSRF with a new made strategy.
-
   before_action do
     # Unless the request format is explicitly json Rails will mitigate the responsability to CSR to handle it.
     render 'components/index' unless valid_api_request?
   end
 
-  # For requests omitting required params.
+  # For requests that raised an unkown exception.
+  # Note: The order of each rescue is important (The highest has the lowest priority).
+  rescue_from StandardError do |exception|
+    log_exception exception
+    render_json errors: [Rails.configuration.custom_error_msgs[:server_error]], status: :internal_server_error
+  end
+
   rescue_from ActionController::ParameterMissing do |exception|
     log_exception exception
     render json: {
@@ -17,11 +21,19 @@ class ApplicationController < ActionController::Base
     }, status: :bad_request
   end
 
+  rescue_from ActiveRecord::RecordNotFound do |exception|
+    log_exception exception
+    render json: {
+      data: [],
+      errors: [Rails.configuration.custom_error_msgs[:record_not_found]]
+    }, status: :not_found
+  end
+
   # TODO: amir - Better Error handling.
 
   def log_exception(exception)
     logger.error exception.message
-    logger.error exception.backtrace.join("\n")
+    logger.error exception.backtrace.join("\n") # TODO: amir - Revisit this.
   end
 
   # Returns the current signed in User (if any)
@@ -29,10 +41,17 @@ class ApplicationController < ActionController::Base
     @current_user ||= User.find_by(id: session[:user_id])
   end
 
+  def render_json(data: {}, errors: [], status: :ok)
+    render json: {
+      data:,
+      errors:
+    }, status:
+  end
+
   private
 
   # Ensures that requests to the API are explicit enough.
   def valid_api_request?
-    request.format == :json && request.headers['Accept'].include?('application/json')
+    request.format == :json && request.headers['Accept']&.include?('application/json')
   end
 end

app/services/big_blue_button_api.rb

@@ -7,6 +7,7 @@ class BigBlueButtonApi
 
   # Sets a BigBlueButtonApi object for interacting with the API.
   def bbb_server
+    # TODO: Amir - Protect the BBB secret.
     # TODO: Hadi - Add additional logic here...
     @bbb_server ||= BigBlueButton::BigBlueButtonApi.new(bbb_endpoint, bbb_secret, '1.8')
   end
@@ -14,10 +15,10 @@ class BigBlueButtonApi
   private
 
   def bbb_endpoint
-    ENV['BIGBLUEBUTTON_ENDPOINT']
+    ENV.fetch 'BIGBLUEBUTTON_ENDPOINT', 'https://test-install.blindsidenetworks.com/bigbluebutton/api'
   end
 
   def bbb_secret
-    ENV['BIGBLUEBUTTON_SECRET']
+    ENV.fetch 'BIGBLUEBUTTON_SECRET', '8cd8ef52e8e101574e400365b55e11a6'
   end
 end

config/application.rb

@@ -23,7 +23,10 @@ module Greenlight
 
     # Custom error messages for the Client side.
     config.custom_error_msgs = {
-      missing_params: 'Invalid or Missing parameters.' # TODO: amir - Add I18n.
+      # TODO: amir - Add I18n.
+      missing_params: 'Invalid or Missing parameters.',
+      record_not_found: 'Record Not Found',
+      server_error: 'Something Went Wrong'
     }
   end
 end

config/routes.rb

 # frozen_string_literal: true
 
 Rails.application.routes.draw do
-  root 'components#index'
+  root 'components#index', via: :all
 
   # All the Api endpoints must be under /api/v1 and must have an extension .json.
   namespace :api do

spec/services/big_blue_button_api_spec.rb

@@ -4,13 +4,13 @@ require 'rails_helper'
 require 'bigbluebutton_api'
 
 describe BigBlueButtonApi, type: :service do
+  let(:bbb_service) { described_class.new }
+
   before do
     ENV['BIGBLUEBUTTON_ENDPOINT'] = 'http://test.com/bigbluebutton/api'
     ENV['BIGBLUEBUTTON_SECRET'] = 'test'
   end
 
-  let(:bbb_service) { described_class.new }
-
   describe 'Instance of BigBlueButtonApi being created' do
     it 'Created an instance of BigBlueButtonApi' do
       expect(BigBlueButton::BigBlueButtonApi).to receive(:new).with(ENV['BIGBLUEBUTTON_ENDPOINT'], ENV['BIGBLUEBUTTON_SECRET'],