api_guard_grape 0.5.1 → 0.5.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8fa6b87a02bcff0944fd185a949d84c63776d678928ca896fd66ea8b1ad4992a
-  data.tar.gz: 29f4c5f87ca08a83ed96ec88f1b186ff9e76e0759b6748e1a603534e2ab16bd4
+  metadata.gz: 5cbdbe6a99ddb95a194ca2d457a00c632dcd8e70731b6e8bcebf02388c32a7ed
+  data.tar.gz: ded2f1d9537467657b493269e3a06093b2208f871a356f056aaf1179cd8e6e85
 SHA512:
-  metadata.gz: 9981e401bbd55f0514320a1bf94aeba015f98c38c2b5a2d14cc10a745a487a52ccb134a4ce9043817fdc84c4974340a6bea9e682740c1ece82172ac9654cfae5
-  data.tar.gz: 03efd2036116ee5e4fd46b08e7ee08635a702b08e2d5ff9d2d7c36745ede88a89df8197b0db5a39a36b99a63a831d08c283b59e45cca68acc114587024fb8bf8
+  metadata.gz: 37e5bb2e16a4d3733b630577c070be248fc9d24aa70209434fd0709b2c6efa60b32e3a90b76d08d4d7f127e3a2e0ef48b7ff4832bfd66a1f89f1120a911020ab
+  data.tar.gz: 97c8f918a4de68e43c42b207aeb964a8cd5b7c2ff12658533a61db86921b7b2cdd0e6fcd8f4467faa9e21a9706c527a05afe1f3fe440b4b962c00b99892f3d4e

data/README.md

@@ -1,8 +1,8 @@
 # API Guard
 
-[![Version](https://img.shields.io/gem/v/api_guard.svg?color=green)](https://rubygems.org/gems/api_guard_grape)
-[![Build Status](https://github.com/prateeksinghbundela/api_guard_grape/workflows/build/badge.svg?branch=master)](https://github.com/prateeksinghbundela/api_guard_grape/actions?query=workflow%3Abuild)
-[![Maintainability](https://api.codeclimate.com/v1/badges/ced3e74a26a66ed915cb/maintainability)](https://codeclimate.com/github/prateeksinghbundela/api_guard_grape/maintainability)
+[![Version](https://img.shields.io/gem/v/api_guard.svg?color=green)](https://rubygems.org/gems/api_guard)
+[![Build Status](https://github.com/Gokul595/api_guard/workflows/build/badge.svg?branch=master)](https://github.com/Gokul595/api_guard/actions?query=workflow%3Abuild)
+[![Maintainability](https://api.codeclimate.com/v1/badges/ced3e74a26a66ed915cb/maintainability)](https://codeclimate.com/github/Gokul595/api_guard/maintainability)
 
 
 [JSON Web Token (JWT)](https://jwt.io/) based authentication solution with token refreshing & blacklisting for APIs 
@@ -38,8 +38,8 @@ for cryptographic signing.
     * [Override finding resource](#override-finding-resource)
     * [Customizing / translating response messages using I18n](#customizing--translating-response-messages-using-i18n)
 * [Testing](#testing)
-* [Wiki](https://github.com/prateeksinghbundela/api_guard_grape/wiki)
-    * [Using API Guard with Devise](https://github.com/prateeksinghbundela/api_guard_grape/wiki/Using-API-Guard-with-Devise)
+* [Wiki](https://github.com/Gokul595/api_guard/wiki)
+    * [Using API Guard with Devise](https://github.com/Gokul595/api_guard/wiki/Using-API-Guard-with-Devise)
 * [Contributing](#contributing)
 * [License](#license)
 
@@ -48,7 +48,7 @@ for cryptographic signing.
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'api_guard_grape'
+gem 'api_guard'
 ```
 
 And then execute in your terminal:
@@ -58,7 +58,7 @@ $ bundle install
 
 Or install it yourself as:
 ```bash
-$ gem install api_guard_grape
+$ gem install api_guard
 ```
 
 ## Getting Started
@@ -82,7 +82,7 @@ $ rails db:migrate
 Add [has_secure_password](https://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password) 
 in `User` model for password authentication. 
 
-> Refer [this Wiki](https://github.com/prateeksinghbundela/api_guard_grape/wiki/Using-API-Guard-with-Devise#authentication) for configuring API Guard authentication to work with Devise instead of using `has_secure_password`.
+> Refer [this Wiki](https://github.com/Gokul595/api_guard/wiki/Using-API-Guard-with-Devise#authentication) for configuring API Guard authentication to work with Devise instead of using `has_secure_password`.
 
 ```ruby
 class User < ApplicationRecord
@@ -114,7 +114,7 @@ api_guard_routes for: 'users'
 
 This will generate default routes such as sign up, sign in, sign out, token refresh, password change for User.
 
-> Refer [this Wiki](https://github.com/prateeksinghbundela/api_guard_grape/wiki/Using-API-Guard-with-Devise#routes) for configuring API Guard routes to work with Devise.
+> Refer [this Wiki](https://github.com/Gokul595/api_guard/wiki/Using-API-Guard-with-Devise#routes) for configuring API Guard routes to work with Devise.
 
 ### Registration
 
@@ -633,7 +633,7 @@ en:
 ```
 
 You can find the complete list of available keys in this file:
-https://github.com/prateeksinghbundela/api_guard_grape/blob/master/config/locales/en.yml
+https://github.com/Gokul595/api_guard/blob/master/config/locales/en.yml
 
 ## Testing
 
@@ -680,7 +680,7 @@ Then, you can set the access token and refresh token in appropriate request head
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/prateeksinghbundela/api_guard_grape. 
+Bug reports and pull requests are welcome on GitHub at https://github.com/Gokul595/api_guard. 
 This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to 
 the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
 

data/lib/api_guard/jwt_auth/blacklist_token.rb

@@ -4,28 +4,28 @@ module ApiGuard
   module JwtAuth
     # Common module for token blacklisting functionality
     module BlacklistToken
-      def blacklisted_token_association(resource)
+      def self.blacklisted_token_association(resource)
         resource.class.blacklisted_token_association
       end
 
-      def token_blacklisting_enabled?(resource)
+      def self.token_blacklisting_enabled?(resource)
         blacklisted_token_association(resource).present?
       end
 
-      def blacklisted_tokens_for(resource)
+      def self.blacklisted_tokens_for(resource)
         blacklisted_token_association = blacklisted_token_association(resource)
         resource.send(blacklisted_token_association)
       end
 
       # Returns whether the JWT token is blacklisted or not
-      def blacklisted?(resource)
+      def self.blacklisted?(resource)
         return false unless token_blacklisting_enabled?(resource)
 
         blacklisted_tokens_for(resource).exists?(token: @token)
       end
 
       # Blacklist the current JWT token from future access
-      def blacklist_token
+      def self.blacklist_token
         return unless token_blacklisting_enabled?(current_resource)
 
         blacklisted_tokens_for(current_resource).create(token: @token, expire_at: Time.at(@decoded_token[:exp]).utc)

data/lib/api_guard/jwt_auth/json_web_token.rb

@@ -1,30 +1,31 @@
 # frozen_string_literal: true
 
 require 'jwt'
-
+require 'api_guard/jwt_auth/refresh_jwt_token'
 module ApiGuard
   module JwtAuth
     # Common module for JWT operations
     module JsonWebToken
-      def current_time
+
+      def self.current_time
         @current_time ||= Time.now.utc
       end
 
-      def token_expire_at
+      def self.token_expire_at
         @token_expire_at ||= (current_time + ApiGuard.token_validity).to_i
       end
 
-      def token_issued_at
+      def self.token_issued_at
         @token_issued_at ||= current_time.to_i
       end
 
       # Encode the payload with the secret key and return the JWT token
-      def encode(payload)
+      def self.encode(payload)
         JWT.encode(payload, ApiGuard.token_signing_secret)
       end
 
       # Decode the JWT token and return the payload
-      def decode(token, verify = true)
+      def self.decode(token, verify = true)
         HashWithIndifferentAccess.new(
           JWT.decode(token, ApiGuard.token_signing_secret, verify, verify_iat: true)[0]
         )
@@ -34,7 +35,7 @@ module ApiGuard
       # Also, create refresh token if enabled for the resource.
       #
       # This creates expired JWT token if the argument 'expired_token' is true which can be used for testing.
-      def jwt_and_refresh_token(resource, resource_name, expired_token = false)
+      def self.jwt_and_refresh_token(resource, resource_name, expired_token = false)
         payload = {
           "#{resource_name}_id": resource.id,
           exp: expired_token ? token_issued_at : token_expire_at,
@@ -43,18 +44,17 @@ module ApiGuard
 
         # Add custom data in the JWT token payload
         payload.merge!(resource.jwt_token_payload) if resource.respond_to?(:jwt_token_payload)
-
-        [encode(payload), new_refresh_token(resource)]
+        [self.encode(payload), self.new_refresh_token(resource)]
       end
 
       # Create tokens and set response headers
-      def create_token_and_set_header(resource, resource_name)
+      def self.create_token_and_set_header(resource, resource_name)
         access_token, refresh_token = jwt_and_refresh_token(resource, resource_name)
         set_token_headers(access_token, refresh_token)
       end
 
       # Set token details in response headers
-      def set_token_headers(token, refresh_token = nil)
+      def self.set_token_headers(token, refresh_token = nil)
         response.headers['Access-Token'] = token
         response.headers['Refresh-Token'] = refresh_token if refresh_token
         response.headers['Expire-At'] = token_expire_at.to_s
@@ -62,11 +62,169 @@ module ApiGuard
 
       # Set token issued at to current timestamp
       # to restrict access to old access(JWT) tokens
-      def invalidate_old_jwt_tokens(resource)
+      def self.invalidate_old_jwt_tokens(resource)
         return unless ApiGuard.invalidate_old_tokens_on_password_change
 
         resource.token_issued_at = Time.at(token_issued_at).utc
       end
+
+    #refresh token code=======================================
+
+      def self.refresh_token_association(resource)
+        resource.class.refresh_token_association
+      end
+
+      def self.refresh_token_enabled?(resource)
+        refresh_token_association(resource).present?
+      end
+
+      def self.refresh_tokens_for(resource)
+        refresh_token_association = refresh_token_association(resource)
+        resource.send(refresh_token_association)
+      end
+
+      def self.find_refresh_token_of(resource, refresh_token)
+        refresh_tokens_for(resource).find_by_token(refresh_token)
+      end
+
+      # Generate and return unique refresh token for the resource
+      def self.uniq_refresh_token(resource)
+        loop do
+          random_token = SecureRandom.urlsafe_base64
+          return random_token unless refresh_tokens_for(resource).exists?(token: random_token)
+        end
+      end
+
+      # Create a new refresh_token for the current resource
+      def self.new_refresh_token(resource)
+        return unless refresh_token_enabled?(resource)
+
+        refresh_tokens_for(resource).create(token: uniq_refresh_token(resource)).token
+      end
+
+      def self.destroy_all_refresh_tokens(resource)
+        return unless refresh_token_enabled?(resource)
+
+        refresh_tokens_for(resource).destroy_all
+      end
+
+    # blacklisted ======================================================
+      def self.blacklisted_token_association(resource)
+        resource.class.blacklisted_token_association
+      end
+
+      def self.token_blacklisting_enabled?(resource)
+        blacklisted_token_association(resource).present?
+      end
+
+      def self.blacklisted_tokens_for(resource)
+        blacklisted_token_association = blacklisted_token_association(resource)
+        resource.send(blacklisted_token_association)
+      end
+
+      # Returns whether the JWT token is blacklisted or not
+      def self.blacklisted?(resource)
+        return false unless token_blacklisting_enabled?(resource)
+
+        blacklisted_tokens_for(resource).exists?(token: @token)
+      end
+
+      # Blacklist the current JWT token from future access
+      def self.blacklist_token
+
+        return unless token_blacklisting_enabled?(current_resource)
+        blacklisted_tokens_for(current_resource).create(token: @token, expire_at: Time.at(@decoded_token[:exp]).utc)
+      end 
+
+
+      def self.method_missing(name, *args)
+        method_name = name.to_s
+
+        if method_name.start_with?('authenticate_and_set_')
+          resource_name = method_name.split('authenticate_and_set_')[1]
+          authenticate_and_set_resource(resource_name)
+        else
+          super
+        end
+      end
+
+      def self.respond_to_missing?(method_name, include_private = false)
+        method_name.to_s.start_with?('authenticate_and_set_') || super
+      end
+
+      # Authenticate the JWT token and set resource
+      def self.authenticate_and_set_resource(resource_name)
+        @resource_name = resource_name
+
+        @token = request.headers['Authorization']&.split('Bearer ')&.last
+        return render_error(401, message: I18n.t('api_guard.access_token.missing')) unless @token
+
+        authenticate_token
+
+        # Render error response only if no resource found and no previous render happened
+        render_error(401, message: I18n.t('api_guard.access_token.invalid')) if !current_resource && !performed?
+      rescue JWT::DecodeError => e
+        if e.message == 'Signature has expired'
+          render_error(401, message: I18n.t('api_guard.access_token.expired'))
+        else
+          render_error(401, message: I18n.t('api_guard.access_token.invalid'))
+        end
+      end
+
+      # Decode the JWT token
+      # and don't verify token expiry for refresh token API request
+      def self.decode_token
+        # TODO: Set token refresh controller dynamic
+        verify_token = (controller_name != 'tokens' || action_name != 'create')
+        @decoded_token = decode(@token, verify_token)
+      end
+
+      # Returns whether the JWT token is issued after the last password change
+      # Returns true if password hasn't changed by the user
+      def self.valid_issued_at?(resource)
+        return true unless ApiGuard.invalidate_old_tokens_on_password_change
+
+        !resource.token_issued_at || @decoded_token[:iat] >= resource.token_issued_at.to_i
+      end
+
+      # Defines "current_{{resource_name}}" method and "@current_{{resource_name}}" instance variable
+      # that returns "resource" value
+      def self.define_current_resource_accessors(resource)
+        define_singleton_method("current_#{@resource_name}") do
+          instance_variable_get("@current_#{@resource_name}") ||
+            instance_variable_set("@current_#{@resource_name}", resource)
+        end
+      end
+
+      # Authenticate the resource with the '{{resource_name}}_id' in the decoded JWT token
+      # and also, check for valid issued at time and not blacklisted
+      #
+      # Also, set "current_{{resource_name}}" method and "@current_{{resource_name}}" instance variable
+      # for accessing the authenticated resource
+      def self.authenticate_token
+        return unless decode_token
+
+        resource = find_resource_from_token(@resource_name.classify.constantize)
+
+        if resource && valid_issued_at?(resource) && !blacklisted?(resource)
+          define_current_resource_accessors(resource)
+        else
+          render_error(401, message: I18n.t('api_guard.access_token.invalid'))
+        end
+      end
+
+      def self.find_resource_from_token(resource_class)
+        resource_id = @decoded_token[:"#{@resource_name}_id"]
+        return if resource_id.blank?
+
+        resource_class.find_by(id: resource_id)
+      end
+
+      def self.current_resource
+        return unless respond_to?("current_#{@resource_name}")
+
+        public_send("current_#{@resource_name}")
+      end
     end
   end
 end

data/lib/api_guard/jwt_auth/refresh_jwt_token.rb

@@ -4,25 +4,25 @@ module ApiGuard
   module JwtAuth
     # Common module for refresh token functionality
     module RefreshJwtToken
-      def refresh_token_association(resource)
+      def self.refresh_token_association(resource)
         resource.class.refresh_token_association
       end
 
-      def refresh_token_enabled?(resource)
+      def self.refresh_token_enabled?(resource)
         refresh_token_association(resource).present?
       end
 
-      def refresh_tokens_for(resource)
+      def self.refresh_tokens_for(resource)
         refresh_token_association = refresh_token_association(resource)
         resource.send(refresh_token_association)
       end
 
-      def find_refresh_token_of(resource, refresh_token)
+      def self.find_refresh_token_of(resource, refresh_token)
         refresh_tokens_for(resource).find_by_token(refresh_token)
       end
 
       # Generate and return unique refresh token for the resource
-      def uniq_refresh_token(resource)
+      def self.uniq_refresh_token(resource)
         loop do
           random_token = SecureRandom.urlsafe_base64
           return random_token unless refresh_tokens_for(resource).exists?(token: random_token)
@@ -30,17 +30,108 @@ module ApiGuard
       end
 
       # Create a new refresh_token for the current resource
-      def new_refresh_token(resource)
+      def self.new_refresh_token(resource)
         return unless refresh_token_enabled?(resource)
 
         refresh_tokens_for(resource).create(token: uniq_refresh_token(resource)).token
       end
 
-      def destroy_all_refresh_tokens(resource)
+      def self.destroy_all_refresh_tokens(resource)
         return unless refresh_token_enabled?(resource)
 
         refresh_tokens_for(resource).destroy_all
       end
+
+      # authenticat-----------
+
+      def self.method_missing(name, *args)
+        method_name = name.to_s
+
+        if method_name.start_with?('authenticate_and_set_')
+          resource_name = method_name.split('authenticate_and_set_')[1]
+          authenticate_and_set_resource(resource_name)
+        else
+          super
+        end
+      end
+
+      def self.respond_to_missing?(method_name, include_private = false)
+        method_name.to_s.start_with?('authenticate_and_set_') || super
+      end
+
+      # Authenticate the JWT token and set resource
+      def self.authenticate_and_set_resource(resource_name)
+        @resource_name = resource_name
+
+        @token = request.headers['Authorization']&.split('Bearer ')&.last
+        return render_error(401, message: I18n.t('api_guard.access_token.missing')) unless @token
+
+        authenticate_token
+
+        # Render error response only if no resource found and no previous render happened
+        render_error(401, message: I18n.t('api_guard.access_token.invalid')) if !current_resource && !performed?
+      rescue JWT::DecodeError => e
+        if e.message == 'Signature has expired'
+          render_error(401, message: I18n.t('api_guard.access_token.expired'))
+        else
+          render_error(401, message: I18n.t('api_guard.access_token.invalid'))
+        end
+      end
+
+      # Decode the JWT token
+      # and don't verify token expiry for refresh token API request
+      def self.decode_token
+        # TODO: Set token refresh controller dynamic
+        verify_token = (controller_name != 'tokens' || action_name != 'create')
+        @decoded_token = decode(@token, verify_token)
+      end
+
+      # Returns whether the JWT token is issued after the last password change
+      # Returns true if password hasn't changed by the user
+      def self.valid_issued_at?(resource)
+        return true unless ApiGuard.invalidate_old_tokens_on_password_change
+
+        !resource.token_issued_at || @decoded_token[:iat] >= resource.token_issued_at.to_i
+      end
+
+      # Defines "current_{{resource_name}}" method and "@current_{{resource_name}}" instance variable
+      # that returns "resource" value
+      def self.define_current_resource_accessors(resource)
+        define_singleton_method("current_#{@resource_name}") do
+          instance_variable_get("@current_#{@resource_name}") ||
+            instance_variable_set("@current_#{@resource_name}", resource)
+        end
+      end
+
+      # Authenticate the resource with the '{{resource_name}}_id' in the decoded JWT token
+      # and also, check for valid issued at time and not blacklisted
+      #
+      # Also, set "current_{{resource_name}}" method and "@current_{{resource_name}}" instance variable
+      # for accessing the authenticated resource
+      def self.authenticate_token
+        return unless decode_token
+
+        resource = find_resource_from_token(@resource_name.classify.constantize)
+
+        if resource && valid_issued_at?(resource) && !blacklisted?(resource)
+          define_current_resource_accessors(resource)
+        else
+          render_error(401, message: I18n.t('api_guard.access_token.invalid'))
+        end
+      end
+
+      def self.find_resource_from_token(resource_class)
+        resource_id = @decoded_token[:"#{@resource_name}_id"]
+        return if resource_id.blank?
+
+        resource_class.find_by(id: resource_id)
+      end
+
+      def self.current_resource
+        return unless respond_to?("current_#{@resource_name}")
+
+        public_send("current_#{@resource_name}")
+      end
     end
   end
 end

data/lib/api_guard/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ApiGuard
-  VERSION = '0.5.1'
+  VERSION = '0.5.6'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: api_guard_grape
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 0.5.6
 platform: ruby
 authors:
 - Prateek Singh
@@ -176,7 +176,7 @@ files:
 - lib/generators/api_guard/initializer/USAGE
 - lib/generators/api_guard/initializer/initializer_generator.rb
 - lib/generators/api_guard/initializer/templates/initializer.rb
-homepage: https://github.com/prateeksinghbundela/api_guard
+homepage: https://github.com/prateeksinghbundela/api_guard_grape
 licenses:
 - MIT
 metadata: {}
@@ -195,7 +195,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Rails API authentication made easy