api_guard 0.5.1 → 0.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +5 -3
- data/lib/api_guard/jwt_auth/authentication.rb +17 -7
- data/lib/api_guard/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bc003426a48f2bf1a83d3b1653438efa43522f465a4cf98b4ac0b030f691cbfd
|
|
4
|
+
data.tar.gz: 771a016a40a938684ea61accde401e7eed3dc8c201688f51bb0444cd241901d7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 16a0a967961773fcfdab3744fcfd228198484eb550b7b6abeb19e4daa1d2a42d7ecf2730709c4ab7f518bdb0fe1781973255b24da60c67a88b71198cb76913d1
|
|
7
|
+
data.tar.gz: e609d92695acc9d424739450b87c6a7cd4725d200e3b3bdf745e465e2c090fe9af7bb15820bb02d9964cc0af420f7faa34fede752484b41dcfe9aaf7bc53114c
|
data/README.md
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# API Guard
|
|
2
2
|
|
|
3
3
|
[](https://rubygems.org/gems/api_guard)
|
|
4
|
-
[](https://github.com/Gokul595/api_guard/actions?query=workflow%3Abuild)
|
|
4
|
+
[](https://github.com/Gokul595/api_guard/actions?query=workflow%3Abuild-master)
|
|
5
5
|
[](https://codeclimate.com/github/Gokul595/api_guard/maintainability)
|
|
6
6
|
|
|
7
7
|
|
|
@@ -202,6 +202,8 @@ To authenticate the API request just add this before_action in the controller:
|
|
|
202
202
|
before_action :authenticate_and_set_user
|
|
203
203
|
```
|
|
204
204
|
|
|
205
|
+
>**Note:** It is possible to authenticate with more than one resource, e.g. `authenticate_and_set_user_or_admin` will permit tokens issued for users or admins.
|
|
206
|
+
|
|
205
207
|
Send the access token got in sign in API in the Authorization header in the API request as below.
|
|
206
208
|
Also, make sure you add "Bearer" before the access token in the header value.
|
|
207
209
|
|
|
@@ -451,11 +453,11 @@ api_guard_associations refresh_token: 'refresh_tokens', blacklisted_token: 'blac
|
|
|
451
453
|
|
|
452
454
|
### Token blacklisting
|
|
453
455
|
|
|
454
|
-
To include token blacklisting in your application you need to create a table to store the
|
|
456
|
+
To include token blacklisting in your application you need to create a table to store the blacklisted tokens. This will be
|
|
455
457
|
used to blacklist a JWT access token from future use. The access token will be blacklisted on successful sign out of the
|
|
456
458
|
resource.
|
|
457
459
|
|
|
458
|
-
Use below command to create a model `
|
|
460
|
+
Use below command to create a model `BlacklistedToken` with columns to store the token and the user reference
|
|
459
461
|
|
|
460
462
|
```bash
|
|
461
463
|
$ rails generate model blacklisted_token token:string user:references expire_at:datetime
|
|
@@ -9,8 +9,8 @@ module ApiGuard
|
|
|
9
9
|
method_name = name.to_s
|
|
10
10
|
|
|
11
11
|
if method_name.start_with?('authenticate_and_set_')
|
|
12
|
-
|
|
13
|
-
|
|
12
|
+
resource_names = method_name.split('authenticate_and_set_')[1].split('_or_')
|
|
13
|
+
authenticate_and_set_resources(resource_names)
|
|
14
14
|
else
|
|
15
15
|
super
|
|
16
16
|
end
|
|
@@ -20,9 +20,9 @@ module ApiGuard
|
|
|
20
20
|
method_name.to_s.start_with?('authenticate_and_set_') || super
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
-
# Authenticate the JWT token and set
|
|
24
|
-
def
|
|
25
|
-
@
|
|
23
|
+
# Authenticate the JWT token and set resources
|
|
24
|
+
def authenticate_and_set_resources(resource_names)
|
|
25
|
+
@resource_names = resource_names
|
|
26
26
|
|
|
27
27
|
@token = request.headers['Authorization']&.split('Bearer ')&.last
|
|
28
28
|
return render_error(401, message: I18n.t('api_guard.access_token.missing')) unless @token
|
|
@@ -72,15 +72,25 @@ module ApiGuard
|
|
|
72
72
|
def authenticate_token
|
|
73
73
|
return unless decode_token
|
|
74
74
|
|
|
75
|
+
@resource_name = set_resource_name_from_token(@resource_names)
|
|
76
|
+
return if @resource_name.nil?
|
|
77
|
+
|
|
75
78
|
resource = find_resource_from_token(@resource_name.classify.constantize)
|
|
76
79
|
|
|
77
80
|
if resource && valid_issued_at?(resource) && !blacklisted?(resource)
|
|
78
81
|
define_current_resource_accessors(resource)
|
|
79
|
-
else
|
|
80
|
-
render_error(401, message: I18n.t('api_guard.access_token.invalid'))
|
|
81
82
|
end
|
|
82
83
|
end
|
|
83
84
|
|
|
85
|
+
def set_resource_name_from_token(resource_names)
|
|
86
|
+
resource_names.each do |name|
|
|
87
|
+
resource_id = @decoded_token[:"#{name}_id"]
|
|
88
|
+
return name if resource_id.present?
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
return nil
|
|
92
|
+
end
|
|
93
|
+
|
|
84
94
|
def find_resource_from_token(resource_class)
|
|
85
95
|
resource_id = @decoded_token[:"#{@resource_name}_id"]
|
|
86
96
|
return if resource_id.blank?
|
data/lib/api_guard/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: api_guard
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gokul Murali
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-01-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jwt
|