api_guard 0.1.1

data/lib/api_guard/models/concerns.rb

@@ -0,0 +1,25 @@
+module ApiGuard
+  module Models
+    module Concerns
+      extend ActiveSupport::Concern
+
+      class_methods do
+        def api_guard_associations(refresh_token: nil, blacklisted_token: nil)
+          return if ApiGuard.api_guard_associations[self.name]
+
+          ApiGuard.api_guard_associations[self.name] = {}
+          ApiGuard.api_guard_associations[self.name][:refresh_token] = refresh_token
+          ApiGuard.api_guard_associations[self.name][:blacklisted_token] = blacklisted_token
+        end
+
+        def refresh_token_association
+          ApiGuard.api_guard_associations.dig(self.name, :refresh_token)
+        end
+
+        def blacklisted_token_association
+          ApiGuard.api_guard_associations.dig(self.name, :blacklisted_token)
+        end
+      end
+    end
+  end
+end

data/lib/api_guard/modules.rb

@@ -0,0 +1,24 @@
+require "api_guard/resource_mapper"
+require "api_guard/jwt_auth/json_web_token"
+require "api_guard/jwt_auth/authentication"
+require "api_guard/jwt_auth/refresh_jwt_token"
+require "api_guard/jwt_auth/blacklist_token"
+require "api_guard/response_formatters/renderer"
+require "api_guard/models/concerns"
+
+module ApiGuard
+  module Modules
+    ActiveSupport.on_load(:action_controller) {
+      include ApiGuard::Resource
+      include ApiGuard::JwtAuth::JsonWebToken
+      include ApiGuard::JwtAuth::Authentication
+      include ApiGuard::JwtAuth::RefreshJwtToken
+      include ApiGuard::JwtAuth::BlacklistToken
+      include ApiGuard::ResponseFormatters::Renderer
+    }
+
+    ActiveSupport.on_load(:active_record) {
+      include ApiGuard::Models::Concerns
+    }
+  end
+end

data/lib/api_guard/resource_mapper.rb

@@ -0,0 +1,41 @@
+module ApiGuard
+  class ResourceMapper
+    attr_reader :resource_name, :resource_class, :resource_instance_name
+
+    def initialize(routes_for, class_name)
+      @resource_name = routes_for.singularize
+      @resource_class = class_name.constantize
+      @resource_instance_name = "@api_guard_#{routes_for}"
+    end
+  end
+
+  module Resource
+    def resource
+      instance_variable_get(mapped_resource_instance)
+    end
+
+    def resource=(new_resource)
+      instance_variable_set(mapped_resource_instance, new_resource)
+    end
+
+    def current_resource_mapping
+      request.env["api_guard.mapping"]
+    end
+
+    def resource_name
+      current_resource_mapping.resource_name
+    end
+
+    def resource_class
+      current_resource_mapping.resource_class
+    end
+
+    def mapped_resource_instance
+      current_resource_mapping.resource_instance_name
+    end
+
+    def init_resource(params)
+      self.resource = resource_class.new(params)
+    end
+  end
+end

data/lib/api_guard/response_formatters/renderer.rb

@@ -0,0 +1,19 @@
+module ApiGuard
+  module ResponseFormatters
+    module Renderer
+      def render_success(data: nil, message: nil)
+        resp_data = { status: 'success' }
+        resp_data[:message] = message if message
+
+        render json: resp_data, status: 200
+      end
+
+      def render_error(status, options = {})
+        data = { status: 'error' }
+        data[:error] = options[:object] ? options[:object].errors.full_messages[0] : options[:message]
+
+        render json: data, status: status
+      end
+    end
+  end
+end

data/lib/api_guard/route_mapper.rb

@@ -0,0 +1,81 @@
+# Referenced from devise gem:
+# https://github.com/plataformatec/devise/blob/master/lib/devise/rails/routes.rb
+#
+# Customizable API routes
+module ActionDispatch::Routing
+  class Mapper
+    def api_guard_routes(options = {})
+      routes_for = options.delete(:for).to_s || 'users'
+
+      controllers = default_controllers(options[:only], options[:except])
+      controller_options = options.delete(:controller)
+
+      options[:as] = options[:as] || routes_for.singularize
+      options[:path] = options[:path] || routes_for
+
+      api_guard_scope(routes_for) do |mapped_resource|
+        scope options do
+          generate_routes(mapped_resource, controller_options, controllers)
+        end
+      end
+    end
+
+    def api_guard_scope(routes_for)
+      mapped_resource = ApiGuard.mapped_resource[routes_for.to_sym].presence || ApiGuard.map_resource(routes_for, routes_for.classify)
+
+      constraint = lambda do |request|
+        request.env["api_guard.mapping"] = mapped_resource
+        true
+      end
+
+      constraints(constraint) do
+        yield(mapped_resource)
+      end
+    end
+
+    private
+
+    def default_controllers(only, except)
+      return only if only
+
+      controllers = %i[registration authentication tokens passwords]
+      except ? (controllers - except) : controllers
+    end
+
+    def generate_routes(mapped_resource, options, controllers)
+      options ||= {}
+
+      controllers -= %i[tokens] unless mapped_resource.resource_class.refresh_token_association
+
+      controllers.each do |controller|
+        send("#{controller.to_s}_routes", options[controller])
+      end
+    end
+
+    def authentication_routes(controller_name = nil)
+      controller_name = controller_name || 'api_guard/authentication'
+
+      post 'sign_in' => "#{controller_name}#create"
+      delete 'sign_out' => "#{controller_name}#destroy"
+    end
+
+    def registration_routes(controller_name = nil)
+      controller_name = controller_name || 'api_guard/registration'
+
+      post 'sign_up' => "#{controller_name}#create"
+      delete 'delete' => "#{controller_name}#destroy"
+    end
+
+    def passwords_routes(controller_name = nil)
+      controller_name = controller_name || 'api_guard/passwords'
+
+      patch 'passwords' => "#{controller_name}#update"
+    end
+
+    def tokens_routes(controller_name = nil)
+      controller_name = controller_name || 'api_guard/tokens'
+
+      post 'tokens' => "#{controller_name}#create"
+    end
+  end
+end

data/lib/api_guard/test/controller_helper.rb

@@ -0,0 +1,11 @@
+require 'api_guard/jwt_auth/json_web_token'
+require 'api_guard/jwt_auth/refresh_jwt_token'
+
+module ApiGuard
+  module Test
+    module ControllerHelper
+      include ApiGuard::JwtAuth::JsonWebToken
+      include ApiGuard::JwtAuth::RefreshJwtToken
+    end
+  end
+end

data/lib/api_guard/version.rb

@@ -0,0 +1,3 @@
+module ApiGuard
+  VERSION = '0.1.1'
+end

data/lib/generators/api_guard/controllers/USAGE

@@ -0,0 +1,11 @@
+Description:
+    Generates all API Guard controllers in app/controllers/
+
+Example:
+    rails generate api_guard:controllers users
+
+    This will create:
+        app/controllers/users/registration_controller.rb
+        app/controllers/users/authentication_controller.rb
+        app/controllers/users/tokens_controller.rb
+        app/controllers/users/passwords_controller.rb

data/lib/generators/api_guard/controllers/controllers_generator.rb

@@ -0,0 +1,23 @@
+module ApiGuard
+  class ControllersGenerator < Rails::Generators::Base
+    CONTROLLERS = %i[registration authentication tokens passwords]
+
+    desc 'Generates API Guard controllers in app/controllers/'
+    source_root File.expand_path('../templates', __FILE__)
+
+    argument :scope, required: true,
+             desc: "The scope to create controllers in, e.g. users, admins"
+
+    class_option :controllers, aliases: "-c", type: :array,
+                 desc: "Specify the controllers to generate (#{CONTROLLERS.join(', ')})"
+
+    def create_controllers
+      @controller_scope = scope.camelize
+      controllers = options[:controllers] || CONTROLLERS
+
+      controllers.each do |controller_name|
+        template "#{controller_name}_controller.rb", "app/controllers/#{scope}/#{controller_name}_controller.rb"
+      end
+    end
+  end
+end

data/lib/generators/api_guard/controllers/templates/authentication_controller.rb

@@ -0,0 +1,27 @@
+module <%= @controller_scope %>
+  class AuthenticationController < ApiGuard::AuthenticationController
+    # before_action :find_resource, only: [:create]
+    # before_action :authenticate_resource, only: [:destroy]
+
+    # def create
+    #   if resource.authenticate(params[:password])
+    #     create_token_and_set_header(resource, resource_name)
+    #     render_success(data: resource)
+    #   else
+    #     render_error(422, message: 'Invalid login credentials')
+    #   end
+    # end
+
+    # def destroy
+    #   blacklist_token
+    #   render_success(message: 'Signed out successfully')
+    # end
+
+    # private
+
+    # def find_resource
+    #   self.resource = resource_class.find_by(email: params[:email].downcase.strip) if params[:email].present?
+    #   render_error(422, message: 'Invalid login credentials') unless resource
+    # end
+  end
+end

data/lib/generators/api_guard/controllers/templates/passwords_controller.rb

@@ -0,0 +1,25 @@
+module <%= @controller_scope %>
+  class PasswordsController < ApiGuard::PasswordsController
+    # before_action :authenticate_resource, only: [:update]
+
+    # def update
+    #   invalidate_old_jwt_tokens(current_resource)
+    #
+    #   if current_resource.update_attributes(password_params)
+    #     blacklist_token
+    #     destroy_all_refresh_tokens(current_resource)
+    #
+    #     create_token_and_set_header(current_resource, resource_name)
+    #     render_success(data: current_resource)
+    #   else
+    #     render_error(422, object: current_resource)
+    #   end
+    # end
+
+    # private
+
+    # def password_params
+    #   params.require(resource_name.to_sym).permit(:password, :password_confirmation)
+    # end
+  end
+end

data/lib/generators/api_guard/controllers/templates/registration_controller.rb

@@ -0,0 +1,26 @@
+module <%= @controller_scope %>
+  class RegistrationController < ApiGuard::RegistrationController
+    # before_action :authenticate_resource, only: [:destroy]
+
+    # def create
+    #   init_resource(sign_up_params)
+    #   if resource.save
+    #     create_token_and_set_header(resource, resource_name)
+    #     render_success(data: resource, message: "#{resource_name.capitalize} created successfully")
+    #   else
+    #     render_error(422, object: resource)
+    #   end
+    # end
+
+    # def destroy
+    #   current_resource.destroy
+    #   render_success(message: "#{resource_name.capitalize} destroyed successfully")
+    # end
+
+    # private
+
+    # def sign_up_params
+    #   params.require(resource_name.to_sym).permit(:email, :password, :password_confirmation)
+    # end
+  end
+end

data/lib/generators/api_guard/controllers/templates/tokens_controller.rb

@@ -0,0 +1,25 @@
+module <%= @controller_scope %>
+  class TokensController < ApiGuard::TokensController
+    # before_action :authenticate_resource, only: [:create]
+    # before_action :find_refresh_token, only: [:create]
+
+    # def create
+    #   @refresh_token.destroy
+    #   create_token_and_set_header(current_resource, resource_name)
+    #   render_success(data: current_resource)
+    # end
+
+    # private
+
+    # def find_refresh_token
+    #   refresh_token_from_header = request.headers['Refresh-Token']
+    #
+    #   if refresh_token_from_header
+    #     @refresh_token = find_refresh_token_of(current_resource, refresh_token_from_header)
+    #     return render_error(401, message: 'Invalid refresh token') unless @refresh_token
+    #   else
+    #     render_error(401, message: 'Refresh token is missing in the request')
+    #   end
+    # end
+  end
+end

data/lib/generators/api_guard/initializer/USAGE

@@ -0,0 +1,8 @@
+Description:
+    Creates initializer for configuring API Guard
+
+Example:
+    rails generate api_guard:initializer
+
+    This will create:
+        config/initializers/api_guard.rb

data/lib/generators/api_guard/initializer/initializer_generator.rb

@@ -0,0 +1,11 @@
+module ApiGuard
+  class InitializerGenerator < Rails::Generators::Base
+    source_root File.expand_path('../templates', __FILE__)
+
+    desc 'Creates initializer for configuring API Guard'
+
+    def create_initializer
+      copy_file 'initializer.rb', 'config/initializers/api_guard.rb'
+    end
+  end
+end

data/lib/generators/api_guard/initializer/templates/initializer.rb

@@ -0,0 +1,13 @@
+ApiGuard.setup do |config|
+  # Validity of the JWT access token
+  # Default: 1 day
+  config.token_validity = 1.day
+
+  # Secret key for signing (encoding & decoding) the JWT access token
+  # Default: 'secret_key_base' from Rails secrets
+  config.token_signing_secret = Rails.application.secrets.secret_key_base
+
+  # Invalidate old tokens on changing the password
+  # Default: false
+  config.invalidate_old_tokens_on_password_change = false
+end

metadata

@@ -0,0 +1,217 @@
+--- !ruby/object:Gem::Specification
+name: api_guard
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Gokul Murali
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-02-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.1.5
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.1.5
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.13
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.13
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.11
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.11
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.7.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.7.2
+- !ruby/object:Gem::Dependency
+  name: factory_bot_rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.8'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.8.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.8'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.8.2
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.16.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.16.1
+description: JWT authentication solution for Rails APIs
+email:
+- m.gokul595@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/controllers/api_guard/application_controller.rb
+- app/controllers/api_guard/authentication_controller.rb
+- app/controllers/api_guard/passwords_controller.rb
+- app/controllers/api_guard/registration_controller.rb
+- app/controllers/api_guard/tokens_controller.rb
+- app/models/api_guard/application_record.rb
+- app/views/layouts/api_guard/application.html.erb
+- config/routes.rb
+- lib/api_guard.rb
+- lib/api_guard/engine.rb
+- lib/api_guard/jwt_auth/authentication.rb
+- lib/api_guard/jwt_auth/blacklist_token.rb
+- lib/api_guard/jwt_auth/json_web_token.rb
+- lib/api_guard/jwt_auth/refresh_jwt_token.rb
+- lib/api_guard/models/concerns.rb
+- lib/api_guard/modules.rb
+- lib/api_guard/resource_mapper.rb
+- lib/api_guard/response_formatters/renderer.rb
+- lib/api_guard/route_mapper.rb
+- lib/api_guard/test/controller_helper.rb
+- lib/api_guard/version.rb
+- lib/generators/api_guard/controllers/USAGE
+- lib/generators/api_guard/controllers/controllers_generator.rb
+- lib/generators/api_guard/controllers/templates/authentication_controller.rb
+- lib/generators/api_guard/controllers/templates/passwords_controller.rb
+- lib/generators/api_guard/controllers/templates/registration_controller.rb
+- lib/generators/api_guard/controllers/templates/tokens_controller.rb
+- lib/generators/api_guard/initializer/USAGE
+- lib/generators/api_guard/initializer/initializer_generator.rb
+- lib/generators/api_guard/initializer/templates/initializer.rb
+homepage: https://github.com/Gokul595/api_guard
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.14
+signing_key: 
+specification_version: 4
+summary: Rails API authentication made easy
+test_files: []