[Feature] Enable contributing over api

ansible/generate_config.sh

@@ -49,9 +49,10 @@ traefik:
 rails:
   environment: production
   hundred_eyes_project_name: 100eyes
+  hundred_eyes_api_token:
   threema:
-    api_identity: 
-    api_secret: 
+    api_identity:
+    api_secret:
     private_key: # your threema private key *without* `private:` prefix
   telegram_bot:
     api_key: 

ansible/roles/installation/tasks/main.yml

@@ -24,6 +24,7 @@
     DOCKER_IMAGE_TAG: "{{ docker_image_tag }}"
     RAILS_ENV: "{{ rails.environment }}"
     HUNDRED_EYES_PROJECT_NAME: "{{ rails.hundred_eyes_project_name }}"
+    HUNDRED_EYES_API_TOKEN: "{{ rails.hundred_eyes_api_token | default('') }}"
     TELEGRAM_BOT_API_KEY: "{{ rails.telegram_bot.api_key | default('') }}"
     TELEGRAM_BOT_USERNAME: "{{ rails.telegram_bot.username | default('') }}"
     POSTGRES_HOST: "{{ postgres_host }}"

app/components/chat_messages_group/chat_messages_group.html.erb

@@ -12,10 +12,12 @@
       <% end %>
 
       <div class="ChatMessagesGroup-actions">
-        <a href="<%= conversation_link %>">
-          <%= c 'icon', icon: 'reply-arrow', styles: [:inline] %>
-          <%= I18n.t('components.chat_messages_group.reply') %>
-        </a>
+        <% unless Setting.api_token.present? %>
+          <a href="<%= conversation_link %>">
+            <%= c 'icon', icon: 'reply-arrow', styles: [:inline] %>
+            <%= I18n.t('components.chat_messages_group.reply') %>
+          </a>
+        <% end %>
         <a href="<%= add_message_link %>">
           <%= c 'icon', icon: 'add', styles: [:inline] %>
           <%= I18n.t('components.chat_messages_group.add_message') %>

app/components/contributor_quick_edit_form/contributor_quick_edit_form.html.erb

@@ -9,6 +9,10 @@
         <%= c 'textarea', field.input_defaults %>
       <% end %>
 
+      <%= c 'field', object: contributor, attr: :phone do |field| %>
+        <%= c 'input', field.input_defaults %>
+      <% end %>
+
       <%= c 'submit_button', label: I18n.t('save') %>
     <% end %>
   <% end %>

app/components/contributors_index/contributors_index.html.erb

@@ -7,13 +7,15 @@
       <p><%= t('.subheading') %></p>
     </div>
 
-    <%= c 'copy_button',
-      label: t('.actions.copy_invite'),
-      styles: [:colorNavBar, :customIcon],
-      url: invites_url,
-      key: 'url',
-      custom_icon: 'onboarding-ticket'
-    %>
+    <% unless api_only_instance?  %>
+      <%= c 'copy_button',
+        label: t('.actions.copy_invite'),
+        styles: [:colorNavBar, :customIcon],
+        url: invites_url,
+        key: 'url',
+        custom_icon: 'onboarding-ticket'
+      %>
+    <% end %>
 
     <% header.tab_bar do %>
       <%= c('tab_bar', items: [

app/components/contributors_index/contributors_index.rb

@@ -33,5 +33,10 @@ def inactive_contributors_count
     def unsubscribed_contributors_count
       tag_list.present? && state == :unsubscribed ? filter_count : unsubscribed_count
     end
+
+    def api_only_instance?
+      configured_messengers_hash = Setting.channels.except('email')
+      Setting.api_token.present? && configured_messengers_hash.values.all?(false)
+    end
   end
 end

app/components/onboarding_channels_checkboxes/onboarding_channels_checkboxes.html.erb

@@ -6,7 +6,7 @@
     <%= t '.help_text' %>
   </p>
   <ul class="OnboardingChannelsCheckboxes-list">
-    <% Setting.channels.each do |key, value| %>
+    <% configured_channels.each do |key, value| %>
       <li class="OnboardingChannelsCheckboxes-listItem">
         <%= c 'checkbox', id: "setting[channels][#{key}]", checked: value %>
         <label for=<%= "setting[channels][#{key}]" %>><%= key.to_s.camelize %>

app/components/onboarding_channels_checkboxes/onboarding_channels_checkboxes.rb

@@ -1,5 +1,11 @@
 # frozen_string_literal: true
 
 module OnboardingChannelsCheckboxes
-  class OnboardingChannelsCheckboxes < ApplicationComponent; end
+  class OnboardingChannelsCheckboxes < ApplicationComponent
+    private
+
+    def configured_channels
+      Setting.channels.select { |_key, value| value }
+    end
+  end
 end

app/components/profile_contributors_section/profile_contributors_section.html.erb

@@ -8,12 +8,14 @@
      %>
   <%= c 'flex' do %>
     <%= c 'contributors_status_bar', organization: organization %>
-    <%= c 'copy_button',
-      class: 'Button--secondary ProfileContributorsSection-copyInviteButton',
-      label: I18n.t('profile.contributors_section.copy_invite'),
-      url: invites_url,
-      key: 'url',
-      custom_icon: 'plus-sign'
-    %>
+    <% unless api_only_instance? %>
+      <%= c 'copy_button',
+        class: 'Button--secondary ProfileContributorsSection-copyInviteButton',
+        label: I18n.t('profile.contributors_section.copy_invite'),
+        url: invites_url,
+        key: 'url',
+        custom_icon: 'plus-sign'
+      %>
+    <% end %>
   <% end %>
 <% end %>

app/components/profile_contributors_section/profile_contributors_section.rb

@@ -9,5 +9,12 @@ def initialize(organization:)
     end
 
     attr_reader :organization
+
+    private
+
+    def api_only_instance?
+      configured_messengers_hash = Setting.channels.except('email')
+      Setting.api_token.present? && configured_messengers_hash.values.all?(false)
+    end
   end
 end

app/components/request_form/request_form.html.erb

@@ -22,19 +22,21 @@
               label: t('.insert_placeholder_button'),
               data: { action: 'click->request-form#insertPlaceholderAtCursor' }
             %>
-            <%= c 'button',
-              style: :secondary,
-              class: 'RequestForm-insertPlaceholderButton',
-              type: 'button',
-              data: { action: 'request-form#insertImage' } do %>
-              <%= field.file_field(:request,
-                                   :files,
-                                   data: { request_form_target: 'imageInput' },
-                                   multiple: true,
-                                   accept: 'image/*'
+            <% unless Setting.api_token.present? %>
+              <%= c 'button',
+                style: :secondary,
+                class: 'RequestForm-insertPlaceholderButton',
+                type: 'button',
+                data: { action: 'request-form#insertImage' } do %>
+                <%= field.file_field(:request,
+                                    :files,
+                                    data: { request_form_target: 'imageInput' },
+                                    multiple: true,
+                                    accept: 'image/*'
 
-              ) %>
-              <%= t('.attach_image_to_message') %>
+                ) %>
+                <%= t('.attach_image_to_message') %>
+              <% end %>
             <% end %>
           <% end %>
           <%= c 'textarea', field.input_defaults.merge(

app/controllers/api_controller.rb

@@ -0,0 +1,150 @@
+# frozen_string_literal: true
+
+class ApiController < ApplicationController
+  include ApiJsonResponses
+
+  skip_before_action :require_login, :verify_authenticity_token
+  before_action :contributor
+  before_action :authorize_api_access, except: :direct_message
+  before_action :authenciate_user, only: :direct_message
+  rescue_from JWT::DecodeError, with: :render_unauthorized
+
+  def show
+    if contributor
+      render_json_show_contributor
+    else
+      render_not_found
+    end
+  end
+
+  def create
+    if contributor
+      render_json_created_contributor
+      return
+    end
+    contributor = Contributor.new(onboard_params.merge(data_processing_consented_at: Time.current, external_id: external_id))
+
+    if contributor.save
+      render_json_created_contributor
+    else
+      render json: { status: 'error', message: contributor.errors.full_messages.join(' ') }, status: :unprocessable_entity
+    end
+  end
+
+  def update
+    if contributor
+      if contributor.update(phone: update_contributor_params[:phone_number])
+        render_json_updated_contributor
+      else
+        render json: { status: 'error', message: contributor.errors.full_messages.join(' ') }, status: :unprocessable_entity
+      end
+    else
+      render_not_found
+    end
+  end
+
+  def current_request
+    if contributor
+      current_request = contributor.active_request
+      render json: {
+        status: 'ok',
+        data: {
+          id: current_request.id,
+          personalized_text: current_request.personalized_text(contributor),
+          contributor_replies_count: contributor.replies.where(request_id: current_request.id).count
+        }
+      }, status: :ok
+    else
+      render_not_found
+    end
+  end
+
+  def messages
+    if contributor
+      params = {
+        request: contributor.active_request,
+        text: messages_params[:text],
+        sender: contributor
+      }
+      raw_data = {
+        io: StringIO.new(JSON.generate(messages_params)),
+        filename: 'api.json',
+        content_type: 'application/json'
+      }
+      message = MessageGenerator.generate_message(params: params, raw_data: raw_data)
+
+      if message.save!
+        render_created_message(message)
+      else
+        render_creation_failed
+      end
+    else
+      render_not_found
+    end
+  end
+
+  def direct_message
+    if contributor
+      params = {
+        request: contributor.active_request,
+        text: direct_message_params[:text],
+        sender: current_user,
+        recipient: contributor
+      }
+      raw_data = {
+        io: StringIO.new(JSON.generate(direct_message_params)),
+        filename: 'api.json',
+        content_type: 'application/json'
+      }
+      message = MessageGenerator.generate_message(params: params, raw_data: raw_data)
+
+      if message.save!
+        render_created_message(message)
+      else
+        render_creation_failed
+      end
+    else
+      render_not_found
+    end
+  end
+
+  private
+
+  attr_reader :current_user
+
+  def contributor
+    @contributor ||= Contributor.find_by(external_id: external_id)
+  end
+
+  def authorize_api_access
+    authenticate_or_request_with_http_token do |token, _options|
+      ActiveSupport::SecurityUtils.secure_compare(token, Setting.api_token)
+    end
+  end
+
+  def authenciate_user
+    decoded_token = JWT.decode(direct_message_params[:jwt], Setting.api_token, true, { algorithm: 'HS256' }).first.with_indifferent_access
+    @current_user = User.find_by(email: decoded_token[:email], encrypted_password: decoded_token[:encrypted_password])
+    render_not_found unless @current_user
+  end
+
+  def external_id
+    request.headers['X-100eyes-External-Id']
+  end
+
+  def onboard_params
+    params.permit(:first_name, :external_channel)
+  end
+
+  def update_contributor_params
+    params.permit(:phone_number)
+  end
+
+  def messages_params
+    params.permit(:text)
+  end
+
+  def direct_message_params
+    params.permit(:text, :jwt)
+  end
+end

app/controllers/charts_controller.rb

@@ -32,7 +32,7 @@ def joined_inbound(group_keys)
 
   def joined_outbound(group_keys)
     grouped_requests = group_messages(Request.unscoped, group_keys).count
-    grouped_messages = group_messages(Message.unscoped.where(sender_type: [User.name, nil], broadcasted: false),
+    grouped_messages = group_messages(Message.unscoped.direct_messages,
                                       group_keys).count
     grouped_requests.merge(grouped_messages) { |_key, oldval, newval| oldval + newval }
   end