api_guard 0.5.1 → 0.5.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +5 -3
- data/lib/api_guard/jwt_auth/authentication.rb +17 -7
- data/lib/api_guard/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bc003426a48f2bf1a83d3b1653438efa43522f465a4cf98b4ac0b030f691cbfd
|
|
4
|
+
data.tar.gz: 771a016a40a938684ea61accde401e7eed3dc8c201688f51bb0444cd241901d7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 16a0a967961773fcfdab3744fcfd228198484eb550b7b6abeb19e4daa1d2a42d7ecf2730709c4ab7f518bdb0fe1781973255b24da60c67a88b71198cb76913d1
|
|
7
|
+
data.tar.gz: e609d92695acc9d424739450b87c6a7cd4725d200e3b3bdf745e465e2c090fe9af7bb15820bb02d9964cc0af420f7faa34fede752484b41dcfe9aaf7bc53114c
|
data/README.md
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# API Guard
|
|
2
2
|
|
|
3
3
|
[](https://rubygems.org/gems/api_guard)
|
|
4
|
-
[](https://github.com/Gokul595/api_guard/actions?query=workflow%3Abuild)
|
|
4
|
+
[](https://github.com/Gokul595/api_guard/actions?query=workflow%3Abuild-master)
|
|
5
5
|
[](https://codeclimate.com/github/Gokul595/api_guard/maintainability)
|
|
6
6
|
|
|
7
7
|
|
|
@@ -202,6 +202,8 @@ To authenticate the API request just add this before_action in the controller:
|
|
|
202
202
|
before_action :authenticate_and_set_user
|
|
203
203
|
```
|
|
204
204
|
|
|
205
|
+
>**Note:** It is possible to authenticate with more than one resource, e.g. `authenticate_and_set_user_or_admin` will permit tokens issued for users or admins.
|
|
206
|
+
|
|
205
207
|
Send the access token got in sign in API in the Authorization header in the API request as below.
|
|
206
208
|
Also, make sure you add "Bearer" before the access token in the header value.
|
|
207
209
|
|
|
@@ -451,11 +453,11 @@ api_guard_associations refresh_token: 'refresh_tokens', blacklisted_token: 'blac
|
|
|
451
453
|
|
|
452
454
|
### Token blacklisting
|
|
453
455
|
|
|
454
|
-
To include token blacklisting in your application you need to create a table to store the
|
|
456
|
+
To include token blacklisting in your application you need to create a table to store the blacklisted tokens. This will be
|
|
455
457
|
used to blacklist a JWT access token from future use. The access token will be blacklisted on successful sign out of the
|
|
456
458
|
resource.
|
|
457
459
|
|
|
458
|
-
Use below command to create a model `
|
|
460
|
+
Use below command to create a model `BlacklistedToken` with columns to store the token and the user reference
|
|
459
461
|
|
|
460
462
|
```bash
|
|
461
463
|
$ rails generate model blacklisted_token token:string user:references expire_at:datetime
|
|
@@ -9,8 +9,8 @@ module ApiGuard
|
|
|
9
9
|
method_name = name.to_s
|
|
10
10
|
|
|
11
11
|
if method_name.start_with?('authenticate_and_set_')
|
|
12
|
-
|
|
13
|
-
|
|
12
|
+
resource_names = method_name.split('authenticate_and_set_')[1].split('_or_')
|
|
13
|
+
authenticate_and_set_resources(resource_names)
|
|
14
14
|
else
|
|
15
15
|
super
|
|
16
16
|
end
|
|
@@ -20,9 +20,9 @@ module ApiGuard
|
|
|
20
20
|
method_name.to_s.start_with?('authenticate_and_set_') || super
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
-
# Authenticate the JWT token and set
|
|
24
|
-
def
|
|
25
|
-
@
|
|
23
|
+
# Authenticate the JWT token and set resources
|
|
24
|
+
def authenticate_and_set_resources(resource_names)
|
|
25
|
+
@resource_names = resource_names
|
|
26
26
|
|
|
27
27
|
@token = request.headers['Authorization']&.split('Bearer ')&.last
|
|
28
28
|
return render_error(401, message: I18n.t('api_guard.access_token.missing')) unless @token
|
|
@@ -72,15 +72,25 @@ module ApiGuard
|
|
|
72
72
|
def authenticate_token
|
|
73
73
|
return unless decode_token
|
|
74
74
|
|
|
75
|
+
@resource_name = set_resource_name_from_token(@resource_names)
|
|
76
|
+
return if @resource_name.nil?
|
|
77
|
+
|
|
75
78
|
resource = find_resource_from_token(@resource_name.classify.constantize)
|
|
76
79
|
|
|
77
80
|
if resource && valid_issued_at?(resource) && !blacklisted?(resource)
|
|
78
81
|
define_current_resource_accessors(resource)
|
|
79
|
-
else
|
|
80
|
-
render_error(401, message: I18n.t('api_guard.access_token.invalid'))
|
|
81
82
|
end
|
|
82
83
|
end
|
|
83
84
|
|
|
85
|
+
def set_resource_name_from_token(resource_names)
|
|
86
|
+
resource_names.each do |name|
|
|
87
|
+
resource_id = @decoded_token[:"#{name}_id"]
|
|
88
|
+
return name if resource_id.present?
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
return nil
|
|
92
|
+
end
|
|
93
|
+
|
|
84
94
|
def find_resource_from_token(resource_class)
|
|
85
95
|
resource_id = @decoded_token[:"#{@resource_name}_id"]
|
|
86
96
|
return if resource_id.blank?
|
data/lib/api_guard/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: api_guard
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gokul Murali
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-01-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jwt
|