api_warden 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 0282ed518cd01a9417d7691212753f1fe7508cca
+  data.tar.gz: bf85675a76299613094ad4c9651e2ea82dc9524d
+SHA512:
+  metadata.gz: c9676158663b2b151b3ba98f631671bea10e91a64c9654a4b977e119fd7c8097ab847a741eaf30100ba4bc6fe03498c52e6a1d0ece499a2e1b61b31ba1219479
+  data.tar.gz: 4a01e7bcb7505a6abe4eb573d53ad01e197d55547aa11c5f5acc5a3615543e2b4ae04125363a17d58907fa16afbd5e9beed854be99e01701a5abb2258c258c92

data/.gitignore

@@ -0,0 +1,11 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.2.5
+before_install: gem install bundler -v 1.16.0

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at 327110424@163.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,11 @@
+source "https://rubygems.org"
+
+git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+
+gemspec
+
+gem "rails", "4.2.10"
+
+group :test do
+  gem 'rspec-rails', '~> 3.6'
+end

data/Gemfile.lock

@@ -0,0 +1,148 @@
+PATH
+  remote: .
+  specs:
+    api_warden (0.1.0)
+      connection_pool (~> 2.2, >= 2.2.0)
+      redis (~> 3.2, >= 3.2.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionmailer (4.2.10)
+      actionpack (= 4.2.10)
+      actionview (= 4.2.10)
+      activejob (= 4.2.10)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+    actionpack (4.2.10)
+      actionview (= 4.2.10)
+      activesupport (= 4.2.10)
+      rack (~> 1.6)
+      rack-test (~> 0.6.2)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (4.2.10)
+      activesupport (= 4.2.10)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    activejob (4.2.10)
+      activesupport (= 4.2.10)
+      globalid (>= 0.3.0)
+    activemodel (4.2.10)
+      activesupport (= 4.2.10)
+      builder (~> 3.1)
+    activerecord (4.2.10)
+      activemodel (= 4.2.10)
+      activesupport (= 4.2.10)
+      arel (~> 6.0)
+    activesupport (4.2.10)
+      i18n (~> 0.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.3, >= 0.3.4)
+      tzinfo (~> 1.1)
+    arel (6.0.4)
+    builder (3.2.3)
+    concurrent-ruby (1.0.5)
+    connection_pool (2.2.1)
+    crass (1.0.3)
+    diff-lcs (1.3)
+    erubis (2.7.0)
+    fakeredis (0.6.0)
+      redis (~> 3.2)
+    globalid (0.4.1)
+      activesupport (>= 4.2.0)
+    i18n (0.9.1)
+      concurrent-ruby (~> 1.0)
+    loofah (2.1.1)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.7.0)
+      mini_mime (>= 0.1.1)
+    mini_mime (1.0.0)
+    mini_portile2 (2.3.0)
+    minitest (5.10.3)
+    nokogiri (1.8.1)
+      mini_portile2 (~> 2.3.0)
+    rack (1.6.8)
+    rack-test (0.6.3)
+      rack (>= 1.0)
+    rails (4.2.10)
+      actionmailer (= 4.2.10)
+      actionpack (= 4.2.10)
+      actionview (= 4.2.10)
+      activejob (= 4.2.10)
+      activemodel (= 4.2.10)
+      activerecord (= 4.2.10)
+      activesupport (= 4.2.10)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.2.10)
+      sprockets-rails
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.9)
+      activesupport (>= 4.2.0, < 5.0)
+      nokogiri (~> 1.6)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.0.3)
+      loofah (~> 2.0)
+    railties (4.2.10)
+      actionpack (= 4.2.10)
+      activesupport (= 4.2.10)
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rake (10.4.2)
+    redis (3.3.5)
+    redis-namespace (1.6.0)
+      redis (>= 3.0.4)
+    rspec (3.6.0)
+      rspec-core (~> 3.6.0)
+      rspec-expectations (~> 3.6.0)
+      rspec-mocks (~> 3.6.0)
+    rspec-core (3.6.0)
+      rspec-support (~> 3.6.0)
+    rspec-expectations (3.6.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.6.0)
+    rspec-json_expectations (2.1.0)
+    rspec-mocks (3.6.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.6.0)
+    rspec-rails (3.6.1)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec-core (~> 3.6.0)
+      rspec-expectations (~> 3.6.0)
+      rspec-mocks (~> 3.6.0)
+      rspec-support (~> 3.6.0)
+    rspec-support (3.6.0)
+    sprockets (3.7.1)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.1)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    thor (0.20.0)
+    thread_safe (0.3.6)
+    tzinfo (1.2.4)
+      thread_safe (~> 0.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  api_warden!
+  bundler (~> 1.16)
+  fakeredis
+  rails (= 4.2.10)
+  rake (~> 10.0)
+  redis-namespace (~> 1.5, >= 1.5.2)
+  rspec (~> 3.0)
+  rspec-json_expectations
+  rspec-rails (~> 3.6)
+
+BUNDLED WITH
+   1.16.0

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Mingxiang Xue
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,56 @@
+# ApiWarden
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/api_warden`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'api_warden'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install api_warden
+
+## Usage
+
+Create a file config/initializers/api_warden.rb.
+
+Add the below codes:
+```
+ApiWarden.configure do |config|
+  config.redis = {
+    host: 'localhost',
+    port: 8877,
+    size: 8
+  }
+end
+
+ApiWarden.ward_by('users')
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/api_warden. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the ApiWarden project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/api_warden/blob/master/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/api_warden.gemspec

@@ -0,0 +1,30 @@
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'api_warden/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'api_warden'
+  spec.version       = ApiWarden::VERSION
+  spec.authors       = ['Mingxiang Xue']
+  spec.email         = ['327110424@163.com']
+
+  spec.summary       = 'Use access token to protect your API in rails.'
+  spec.description   = 'Use access token to protect your API in rails.'
+  spec.homepage      = 'https://github.com/UzxMx/api_warden'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency 'redis', '~> 3.2', '>= 3.2.1'
+  spec.add_dependency 'connection_pool', '~> 2.2', '>= 2.2.0'
+
+  spec.add_development_dependency 'redis-namespace', '~> 1.5', '>= 1.5.2'
+  spec.add_development_dependency 'fakeredis'
+  spec.add_development_dependency 'bundler', '~> 1.16'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'rspec-json_expectations'
+end

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "api_warden"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/api_warden.rb

@@ -0,0 +1,100 @@
+# frozen_string_literal: true
+
+require 'rails'
+require 'connection_pool'
+
+module ApiWarden
+  autoload :Authentication, 'api_warden/authentication'
+  autoload :Helpers, 'api_warden/helpers'
+  autoload :RedisConnection, 'api_warden/redis_connection'
+  autoload :Scope, 'api_warden/scope'
+  autoload :Version, 'api_warden/version'
+
+  SCOPES = Hash.new
+
+  # Configuration for ApiWarden, use like:
+  #
+  #   ApiWarden.configure do |config|
+  #     config.redis = { :namespace => 'myapp', :size => 1, :url => 'redis://myhost:8877/0' }
+  #   end
+  def self.configure
+    yield self
+  end
+
+  # Add a scope to ward. Some methods related with the scope will be generated and mixed into
+  # ActionController::Base.
+  #
+  # ==== Examples
+  #
+  #   ApiWarden.ward_by('users')
+  #   ApiWarden.ward_by('users', expire_time_for_access_token: 2.days.seconds)
+  #   ApiWarden.ward_by('users', value_for_access_token: proc { |access_token, *args| ... })
+  #
+  # @param scope [String]
+  # @param options [Hash] see Scope#initialize
+  def self.ward_by(scope, options = {})
+    name = validate_scope_name(scope)
+    raise "Scope #{name} already defined" if find_scope(name)
+
+    scope = Scope.new(name, options)
+    SCOPES[name] = scope
+    Helpers.define_helpers(scope)
+  end
+
+  # @return [Boolean] true if removed successfully, false otherwise.
+  def self.remove_ward_by(scope)
+    if scope = find_scope(scope)
+      Helpers.remove_helpers(scope)
+      SCOPES.delete(scope.name)
+      true
+    else
+      false
+    end
+  end
+
+  def self.find_scope(name)
+    name = validate_scope_name(name)
+    SCOPES[name]
+  end
+
+  def self.redis
+    raise ArgumentError, 'requires a block' unless block_given?
+    redis_pool.with do |conn|
+      retryable = true
+      begin
+        yield conn
+      rescue Redis::CommandError => ex
+        # Failover can cause the server to become a slave, need
+        # to disconnect and reopen the socket to get back to the master.
+        (conn.disconnect!; retryable = false; retry) if retryable && ex.message =~ /READONLY/
+        raise
+      end
+    end
+  end
+
+  def self.redis_pool
+    @redis ||= RedisConnection.create
+  end
+
+  def self.redis=(hash)
+    @redis = if hash.is_a?(ConnectionPool)
+      hash
+    elsif hash
+      RedisConnection.create(hash)
+    end
+  end
+
+  # Generate a friendly string randomly to be used as token.
+  # By default, length is 20 characters.
+  def self.friendly_token(length = 20)
+    # To calculate real characters, we must perform this operation.
+    # See SecureRandom.urlsafe_base64
+    rlength = (length * 3) / 4
+    SecureRandom.urlsafe_base64(rlength).tr('lIO0', 'sxyz')
+  end
+
+  private
+    def self.validate_scope_name(scope)
+      scope.to_s.singularize.downcase
+    end 
+end

data/lib/api_warden/authentication.rb

@@ -0,0 +1,126 @@
+# frozen_string_literal: true
+
+module ApiWarden
+  class Authentication
+    autoload :Params, 'api_warden/authentication/params'
+    autoload :HeaderParams, 'api_warden/authentication/header_params'
+
+    attr_reader :scope, :request, :params
+
+    def initialize(scope, request)
+      @scope = scope
+      @request = request
+      @params = scope.params_class.new(self)
+    end
+
+    def authenticated?
+      ensure_authenticated
+      @authenticated
+    end
+
+    def refreshable?
+      ensure_refreshable
+      @refreshable
+    end
+
+    def id
+      ensure_authenticated_or_refreshable
+      @id
+    end
+
+    def value_for_access_token
+      ensure_authenticated
+      @value_for_access_token
+    end
+
+    def value_for_refresh_token
+      ensure_refreshable
+      @value_for_refresh_token
+    end
+
+    # @return self
+    def authenticate
+      authenticate!
+    rescue AuthenticationError => e
+      self
+    end
+
+    # This method will only authenticate once, and cache the result.
+    #
+    # @return self
+    def authenticate!
+      return unless @authenticated.nil?
+
+      id, access_token = @params.retrieve_id, @params.retrieve_access_token
+      key = @scope.key_for_access_token(id, access_token)
+
+      if access_token && !access_token.empty?
+        ApiWarden.redis { |conn| @value_for_access_token = conn.get(key) }
+      end
+
+      unless @value_for_access_token
+        @authenticated = false
+        raise AuthenticationError        
+      end
+
+      @authenticated = true
+      @id = id
+      @access_token = access_token
+      self
+    end
+
+    def validate_refresh_token
+      validate_refresh_token!
+    rescue AuthenticationError => e
+    end
+
+    def validate_refresh_token!
+      return unless @refreshable.nil?
+
+      id, refresh_token = @params.retrieve_id, @params.retrieve_refresh_token
+      key = @scope.key_for_refresh_token(id, refresh_token)
+
+      if refresh_token && !refresh_token.empty?
+        ApiWarden.redis do |conn|
+          @value_for_refresh_token = conn.get(key)
+          conn.del(key)
+        end
+      end
+
+      unless @value_for_refresh_token
+        @refreshable = false
+        raise AuthenticationError
+      end
+
+      @refreshable = true
+      @id = id
+      self      
+    end
+
+    # TODO remove refresh token as well
+    def sign_out
+      key = @scope.key_for_access_token(@id, @access_token)
+
+      ApiWarden.redis { |conn| conn.del(key) }
+    end
+
+    private
+      def ensure_authenticated
+        return unless @authenticated.nil?
+        authenticate
+      end
+
+      def ensure_refreshable
+        return unless @refreshable.nil?
+        validate_refresh_token
+      end
+
+      def ensure_authenticated_or_refreshable
+        ensure_authenticated
+        ensure_refreshable unless @authenticated
+      end
+
+    class AuthenticationError < Exception
+    end
+  end
+end

data/lib/api_warden/authentication/header_params.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module ApiWarden
+  class Authentication
+    class HeaderParams < Params
+
+      def headers
+        request.headers
+      end
+
+      def retrieve_id
+        @id ||= headers["X-#{scope.name.camelize}-Id"]
+      end
+
+      def retrieve_access_token
+        @access_token ||= headers["X-#{scope.name.camelize}-Access-Token"]
+      end
+
+      def retrieve_refresh_token
+        @refresh_token ||= headers["X-#{scope.name.camelize}-Refresh-Token"]
+      end
+    end
+  end
+end

data/lib/api_warden/authentication/params.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module ApiWarden
+  class Authentication
+    class Params
+      attr_reader :authentication
+
+      def initialize(authentication)
+        @authentication = authentication
+      end
+
+      def scope
+        authentication.scope
+      end
+
+      def request
+        authentication.request
+      end
+
+      def retrieve_id
+        raise NotImplementedError
+      end
+
+      def retrieve_access_token
+        raise NotImplementedError
+      end
+
+      def retrieve_refresh_token
+        raise NotImplementedError
+      end
+    end
+  end
+end

data/lib/api_warden/helpers.rb

@@ -0,0 +1,105 @@
+# frozen_string_literal: true
+
+module ApiWarden
+  module Helpers
+    autoload :Accessable, 'api_warden/helpers/accessable'
+    autoload :Refreshable, 'api_warden/helpers/refreshable'
+
+    def self.define_helpers(scope)
+      name = scope.name
+
+      class_eval <<-METHODS, __FILE__, __LINE__ + 1
+        def ward_by_#{name}
+          ward_by("#{name}")
+        end
+
+        def ward_by_#{name}!
+          ward_by!("#{name}")
+        end
+
+        def current_#{name}_authentication
+          current_authentication_for("#{name}")
+        end
+
+        def current_#{name}_id
+          current_#{name}_authentication.id
+        end
+
+        def current_#{name}_value_for_access_token
+          current_#{name}_authentication.value_for_access_token
+        end        
+
+        def #{name}_signed_in?
+          current_#{name}_authentication.authenticated?
+        end
+
+        def generate_access_token_for_#{name}(id, *args)
+          generate_access_token_for("#{name}", id, *args)
+        end
+      METHODS
+
+      if scope.load_owner.respond_to?(:call)
+        class_eval <<-METHODS, __FILE__, __LINE__ + 1
+          def current_#{name}
+            unless @current_#{name}
+              scope = ApiWarden.find_scope("#{name}")
+              @current_#{name} = scope.load_owner.call(
+                current_#{name}_id, 
+                current_#{name}_value_for_access_token, 
+                current_#{name}_authentication
+              )
+            end
+            @current_#{name}
+          end
+        METHODS
+      end
+
+      unless scope.disable_refresh_token?
+        class_eval <<-METHODS, __FILE__, __LINE__ + 1
+          def generate_refresh_token_for_#{name}(id, *args)
+            generate_refresh_token_for("#{name}", id, *args)
+          end
+
+          def generate_tokens_for_#{name}(id, *args)
+            [generate_access_token_for_#{name}(id, *args), generate_refresh_token_for_#{name}(id, *args)]
+          end
+
+          def validate_refresh_token_for_#{name}!
+            validate_refresh_token_for!("#{name}")
+          end          
+        METHODS
+      end
+
+      ActiveSupport.on_load(:action_controller) do
+        include ApiWarden::Helpers, Accessable
+        include Refreshable unless scope.disable_refresh_token?
+
+        if respond_to?(:helper_method)
+          helper_method "current_#{name}_authentication", "current_#{name}_id", "current_#{name}_value_for_access_token", "#{name}_signed_in?"
+
+          if scope.load_owner.respond_to?(:call)
+            helper_method "current_#{name}"
+          end
+        end
+      end
+    end
+
+    def self.remove_helpers(scope)
+      name = scope.name
+
+      ["ward_by_#{name}",
+       "ward_by_#{name}!",
+       "current_#{name}_authentication",
+       "current_#{name}_id",
+       "current_#{name}_value_for_access_token",
+       "#{name}_signed_in?",
+       "generate_access_token_for_#{name}"].each { |s| undef_method s }
+
+      unless scope.disable_refresh_token?
+        ["generate_refresh_token_for_#{name}",
+         "generate_tokens_for_#{name}",
+         "validate_refresh_token_for_#{name}!"].each { |s| undef_method s }
+      end
+    end
+  end
+end

data/lib/api_warden/helpers/accessable.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+module ApiWarden
+  module Helpers
+    module Accessable
+      # @return [Boolean] whether or not authenticated
+      def ward_by(scope)
+        current_authentication_for(scope).authenticated?
+      end
+
+      # If not authenticated, an unauthorized response is rendered.
+      #
+      # @return [Boolean] whether or not authenticated
+      def ward_by!(scope)
+        scope = validate_scope(scope)
+        
+        authentication = current_authentication_for(scope)
+        unless authentication.authenticated?
+          if (block = scope.on_authenticate_failed) && block.respond_to?(:call)
+            instance_exec(authentication, &block)
+          else
+            render json: { err_msg: 'Unauthorized' }, status: 401
+          end
+          false
+        else
+          true
+        end
+      end
+
+      def current_authentication_for(scope)
+        scope = validate_scope(scope)
+
+        ivar_authentication = "@current_#{scope.name}_authentication"
+        unless authentication = instance_variable_get(ivar_authentication)
+          authentication = Authentication.new(scope, request)
+          instance_variable_set(ivar_authentication, authentication)
+        else
+          authentication
+        end
+      end
+
+      def generate_access_token_for(scope, id, *args)
+        scope = validate_scope(scope)
+
+        access_token = ApiWarden.friendly_token(20)
+
+        ApiWarden.redis do |conn|
+          conn.set(scope.key_for_access_token(id, access_token), 
+            scope.value_for_access_token(access_token, *args), 
+            ex: scope.expire_time_for_access_token
+          )
+        end
+
+        access_token
+      end
+
+      private
+        def validate_scope(scope)
+          scope.is_a?(String) ? ApiWarden.find_scope(scope) : scope
+        end          
+    end
+  end
+end

data/lib/api_warden/helpers/refreshable.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module ApiWarden
+  module Helpers
+    module Refreshable
+      def generate_refresh_token_for(scope, id, *args)
+        scope = validate_scope(scope)
+
+        refresh_token = ApiWarden.friendly_token(30)
+
+        ApiWarden.redis do |conn|
+          conn.set(scope.key_for_refresh_token(id, refresh_token), 
+            scope.value_for_refresh_token(refresh_token, *args), 
+            ex: scope.expire_time_for_refresh_token
+          )
+        end
+
+        refresh_token
+      end
+
+      # If not refreshable, a forbidden response is rendered.
+      #
+      # @return [Boolean] whether or not refreshable
+      def validate_refresh_token_for!(scope)
+        scope = validate_scope(scope)
+
+        authentication = current_authentication_for(scope)
+        unless authentication.refreshable?
+          if (block = scope.on_refresh_failed) && block.respond_to?(:call)
+            instance_exec(authentication, &block)
+          else
+            render json: { err_msg: 'Forbidden' }, status: 403
+          end
+          false
+        else
+          true
+        end
+      end
+
+      private
+        def validate_scope(scope)
+          scope.is_a?(String) ? ApiWarden.find_scope(scope) : scope
+        end      
+    end
+  end
+end

data/lib/api_warden/redis_connection.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+require 'connection_pool'
+require 'redis'
+
+module ApiWarden
+  class RedisConnection
+    class << self
+
+      def create(options = {})
+        options[:url] ||= determine_redis_provider
+        size = options[:size] || 5
+        pool_timeout = options[:pool_timeout] || 1
+        ConnectionPool.new(:timeout => pool_timeout, :size => size) do
+          build_client(options)
+        end
+      end
+
+      private
+
+      def build_client(options)
+        namespace = options[:namespace]
+
+        client = Redis.new client_opts(options)
+        if namespace
+          begin
+            require 'redis/namespace'
+            Redis::Namespace.new(namespace, :redis => client)
+          rescue LoadError
+            puts "Your Redis configuration uses the namespace '#{namespace}' but the redis-namespace gem is not included in the Gemfile." \
+                                 "Add the gem to your Gemfile to continue using a namespace. Otherwise, remove the namespace parameter."
+            exit(-127)
+          end
+        else
+          client
+        end
+      end
+
+      def client_opts(options)
+        opts = options.dup
+        if opts[:namespace]
+          opts.delete(:namespace)
+        end
+
+        if opts[:network_timeout]
+          opts[:timeout] = opts[:network_timeout]
+          opts.delete(:network_timeout)
+        end
+
+        opts[:driver] ||= 'ruby'
+
+        # redis-rb will silently retry an operation.
+        # This can lead to duplicate jobs if Sidekiq::Client's LPUSH
+        # is performed twice but I believe this is much, much rarer
+        # than the reconnect silently fixing a problem; we keep it
+        # on by default.
+        opts[:reconnect_attempts] ||= 1
+
+        opts
+      end
+
+      def determine_redis_provider
+        ENV[ENV['REDIS_PROVIDER'] || 'REDIS_URL']
+      end
+
+    end
+  end
+end

data/lib/api_warden/scope.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+module ApiWarden
+  class Scope
+    EXPIRE_TIME_FOR_ACCESS_TOKEN = 7.days.seconds
+    EXPIRE_TIME_FOR_REFRESH_TOKEN = 14.days.seconds
+
+    attr_reader :name, :options
+
+    # ==== Options
+    #
+    #  * params_class: [ApiWarden::Authentication::Params]
+    #      the class from which to retrieve authentication related params. Default is 
+    #      ApiWarden::Authentication::HeaderParams.
+    #
+    #  * load_owner: [Proc]
+    #      the block to be called to load the owner for the scope, so that you can call current_#{scope}
+    #      to access the owner. Id, value for the access token and the authentication will be passed as arguments.
+    #
+    #        ApiWarden.ward_by(:users, load_owner: proc { |id, value, auth| User.find(id) })
+    #
+    #  * disable_refresh_token: [Boolean]
+    #      whether or not to disable using refresh token to refresh access token. Default is false.
+    #
+    #  * expire_time_for_access_token: [Fixnum]
+    #      the expire time for access token in seconds. Default is EXPIRE_TIME_FOR_ACCESS_TOKEN.
+    #
+    #  * value_for_access_token: [Proc]
+    #      the block will be called to obtain the value for the access token key. The block will be
+    #      passed with access_token, and other args you specified when calling generate_tokens_for.
+    #      By default the access token will be used as the value.
+    #
+    #  * on_authenticate_failed: [Proc]
+    #      the block to be called when authentication failed. An authentication will be passed as an argument.
+    #
+    #  * expire_time_for_refresh_token: [Fixnum]
+    #      the expire time for refresh token in seconds, default is EXPIRE_TIME_FOR_REFRESH_TOKEN.
+    #
+    #  * value_for_refresh_token: [Proc]
+    #      the block will be called to obtain the value for the refresh token key. The block will be
+    #      passed with refresh_token, and other args you specified when calling generate_tokens_for.
+    #      By default the refresh token will be used as the value.
+    #
+    #  * on_refresh_failed: [Proc]
+    #      the block to be called when refreshing failed. An authentication will be passed as an argument.
+    def initialize(name, options = {})
+      @name = name
+
+      options[:params_class] ||= ApiWarden::Authentication::HeaderParams
+      options[:disable_refresh_token] ||= false
+      options[:expire_time_for_access_token] ||= EXPIRE_TIME_FOR_ACCESS_TOKEN
+      options[:expire_time_for_refresh_token] ||= EXPIRE_TIME_FOR_REFRESH_TOKEN
+
+      @options = options
+    end
+
+    def key_for_access_token(id, access_token)
+      "#{@name}_#{id}_access_token_#{access_token}"
+    end
+
+    def value_for_access_token(access_token, *args)
+      if options[:value_for_access_token].respond_to?(:call)
+        options[:value_for_access_token].call(access_token, *args)
+      else
+        access_token
+      end
+    end
+
+    def key_for_refresh_token(id, refresh_token)
+      "#{@name}_#{id}_refresh_token_#{refresh_token}"
+    end
+
+    def value_for_refresh_token(refresh_token, *args)
+      if options[:value_for_refresh_token].respond_to?(:call)
+        options[:value_for_refresh_token].call(refresh_token, *args)
+      else
+        refresh_token
+      end
+    end
+
+    private
+      def method_missing(method_name, *args)
+        key = (method_name[-1] == "?" ? method_name[0..-2] : method_name).to_sym
+        options[key]
+      end
+  end
+end

data/lib/api_warden/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module ApiWarden
+  VERSION = "0.1.0"
+end

metadata

@@ -0,0 +1,196 @@
+--- !ruby/object:Gem::Specification
+name: api_warden
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Mingxiang Xue
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-01-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: redis
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.2.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.2.1
+- !ruby/object:Gem::Dependency
+  name: connection_pool
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+- !ruby/object:Gem::Dependency
+  name: redis-namespace
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.2
+- !ruby/object:Gem::Dependency
+  name: fakeredis
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-json_expectations
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Use access token to protect your API in rails.
+email:
+- 327110424@163.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- api_warden.gemspec
+- bin/console
+- bin/setup
+- lib/api_warden.rb
+- lib/api_warden/authentication.rb
+- lib/api_warden/authentication/header_params.rb
+- lib/api_warden/authentication/params.rb
+- lib/api_warden/helpers.rb
+- lib/api_warden/helpers/accessable.rb
+- lib/api_warden/helpers/refreshable.rb
+- lib/api_warden/redis_connection.rb
+- lib/api_warden/scope.rb
+- lib/api_warden/version.rb
+homepage: https://github.com/UzxMx/api_warden
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.14
+signing_key: 
+specification_version: 4
+summary: Use access token to protect your API in rails.
+test_files: []