How can I restrict the API calls in rails? - ruby-on-rails

I am the admin and multiple people are working on the project. New routes are being created everyday(basically APIs). I want a central record of all the routes(controllers and respective actions). I want a route to work only if it is listed in that record(yml file).
I have heard that it is possible to manage the resources by creating a yml file, though being new to rails I am not sure how to do it.
Suggestions would be highly appreciated.
I think I need to be more explicit about the query I have.
Agreed that we need to list all the GET,POST PUT AND DELETE requests in route in order to redirect a call.
What I am looking for is another YML file which will have the contollers and respective actions listed. The actions listed here should only be allowed to be routed and not others present in the route.rb.
Example :
I have the following route:
GET "fetch_ids" => "get_id#select"
Now if "get_id#select" is listed in my YML only then a route would be allowed.
How can I set this up?

It already works like that. No matter if you create a controller or an action, the controller and the action will be accessible only if they are somehow listed in the routes.rb file.
You can have 10 controllers, but just one in the routes.rb. The other 9 will not be reachable.
To list all the routes simply run
$ rake routes

To have a list of all routes that available, please try this Rack app (part of config/routes.rb)
match "/secret_routes" => proc { |env| [ 200, {'Content-Type' => 'text/plain'}, [Application.routes.routes.collect{|i| i.path.spec.to_s}.join("\n")] ] }

Related

Rails - Add a route prefix to a specific directory

I have a messy rails 3 application that's come from a different developer and I need to refactor it.
What I want to do is move the contents of "app" into a subfolder called "classic".
app/classic
And then have all URL's with a classic prefix such as
localhost:3000/classic/wills/new
Route to controllers inside of the "app/classic" folder.
And then every regular url that does not contain the classic prefix - route in the standard way to app/
Is it possible to do this? The only thing I've discovered so far is that I can add a scope inside of my routes file.
scope(:path => '/classic')
But all that does is require a prefix for every URL. I'm really not sure how to go about this!
This is a route namespace. Take a look at this section in Rails Routing from the Outside In: http://guides.rubyonrails.org/routing.html#controller-namespaces-and-routing
namespace :classic do
# your routes here
end
This will do 3 things -
the path to the controller files need to be under /app/controllers/classic/
the name of the controllers need to change to Classic::ControllerName
the url is now /classic/controller/action
This sounds like what you want, but you can modify this to get just the parts you want if you don't want all 3.
In route.rb file:
#Of course, you have to configure the right http method.
get 'wills/new' => 'wills#new', as: 'to_classic_wills_new'
Hope this helps!

Prepend path prefix to all rails routes

I have a setup where nginx serves a rails application inside a specific subfolder
eg. http://myserver/railsapp/ and everything inside gets proxied to rails, if the first subfolder is different, it servers static files from another folder.
I haven't been able to find how to specify this behaviour in rails in an intelligent way. I mean, what I want is to specify an option like Rails.server_prefix = /railsapp so that all the routes get prepended automagically, both on the incoming requests and on the generated links.
You probably want to use the router's scope method with the :path argument:
Rails.application.routes do
scope(:path => '/railsapp') do
# the rest of your routes go here
end
end
See the docs for more info.

rubymine generate routes.rb

I am new to Ruby on Rails and have some problems.
For the development I use RubyMine IDE, I manage to create models, controllers and views, but I have problems with the routing. By default, routes.rb file contains only this method Apis::Application.routes.draw do with an empty body.
For example, I create a controller TestController, then the index method and in routes.rb I add this instruction resources :test. So far, it works fine. But if I add another method, let's say method1 (and the view) I can't reach it in a browser http://localhost:3000/test/method1.
What else should I add in routes.rb file?
Is there any way to make the routing automatically from the IDE, with less editing the routes file?
resources :test
is a resourceful route which provides a mapping between HTTP verbs and URLs to controller actions. By convention, each action also maps to particular CRUD operations in a database
you can uncomment in your routes to enable the controller action mapping.
match ':controller(/:action(/:id(.:format)))'
or use -
match "/test/method1" => "test#method1"
Detailed routes info # http://guides.rubyonrails.org/routing.html

Rails redirect 301

I have some touble with redirect 301 in my new app. I have to redirect some old urls into the new one.
I entred in my routes file this
match "/traslochi_puglia/index.htm", :to => redirect("/preventivo/90-traslochi-in-puglia")
and it works fine, but I can't understand why this
match "/trasloco_casa_abitazione.htm", :to => redirect("/3-trasloco-casa")
does not work. All the old urls with this pattern "/some_path/page.htm" works fine but not "page.htm". Any hint?
Thanks
If you want us to troubleshoot the specific issue you've outlined in your question, we need to see your entire routes.rb file. Without this information, my first guess is this:
The typical route pattern is /controller/action or /controller/:id/action or some combination thereof. With the pattern you've shown above, and assuming you have no named routes in your routes.rb file, then the route you've provided would point to a controller, but not an action. Therefore your app wouldn't know what action to execute, unless you've specifically created a route called /3-trasloco-casa which looks to me more like a URL to a specific resource, than an action on a controller.
Getting to the source of routing issues can most easily be done with a combination of running rake routes at the command line (which shows you the list of route patterns your app will recognize), and then going further by troubleshooting with route recognition, as outlined in this answer to this question:
Recognize routes in rails console Session

How to configure routes.rb to route any action

I'm tired of creating a new line in my routes.rb every time I add a new method in my controller. Is there a way in routes.rb to tell rails to accept any defined action in a given controller? I'm pretty sure I've done this before but can't remember how. I still need to explicitly specify the controller, however, because many other people use this routes file.
Thanks!
This is from the default generated config/routes.rb file
# This is a legacy wild controller route that's not recommended for RESTful applications.
# Note: This route will make all actions in every controller accessible via GET requests.
# match ':controller(/:action(/:id(.:format)))'

Resources