api_warden 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +74 -20
- data/lib/api_warden/authentication.rb +28 -3
- data/lib/api_warden/helpers/accessable.rb +3 -0
- data/lib/api_warden/scope.rb +3 -0
- data/lib/api_warden/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8b41e9b94e6932031e8b6dd5dee860e6f085ba13
|
4
|
+
data.tar.gz: 2ab96024d26761aab7e9dea22bff800dadf7b961
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3e72487c65e8ca5eb194125ce795e52761b327fcda8e92ac4b29036549d5a546b741d5a4008cedb16b90e2aa6e053b5dc4f762512d623ef582df2e85c7370301
|
7
|
+
data.tar.gz: 5a4263cba41c1983d48542899bc12a9fc29c94c0af3e580c713d28492baa443907f260770591dd6fecb4296cab7c46d4a346976c6c0d61b83357e7f65f4c1f73
|
data/README.md
CHANGED
@@ -1,30 +1,19 @@
|
|
1
1
|
# ApiWarden
|
2
2
|
|
3
|
-
|
3
|
+
This is a gem that you can use to protect your API in rails. By default it uses access token to authenticate the requests, and uses refresh token to get new access token when access token expires.
|
4
4
|
|
5
|
-
|
5
|
+
## Examples
|
6
6
|
|
7
|
-
|
7
|
+
https://github.com/UzxMx/api_warden_examples
|
8
8
|
|
9
|
-
|
9
|
+
## Usage
|
10
10
|
|
11
|
-
|
11
|
+
* Add the gem to your application's Gemfile. And execute `bundle install`
|
12
|
+
```
|
12
13
|
gem 'api_warden'
|
13
14
|
```
|
14
15
|
|
15
|
-
And
|
16
|
-
|
17
|
-
$ bundle
|
18
|
-
|
19
|
-
Or install it yourself as:
|
20
|
-
|
21
|
-
$ gem install api_warden
|
22
|
-
|
23
|
-
## Usage
|
24
|
-
|
25
|
-
Create a file config/initializers/api_warden.rb.
|
26
|
-
|
27
|
-
Add the below codes:
|
16
|
+
* Create a file config/initializers/api_warden.rb. And add the below codes.
|
28
17
|
```
|
29
18
|
ApiWarden.configure do |config|
|
30
19
|
config.redis = {
|
@@ -37,6 +26,71 @@ end
|
|
37
26
|
ApiWarden.ward_by('users')
|
38
27
|
```
|
39
28
|
|
29
|
+
* Create app/controllers/base_controller.rb. And add the below codes.
|
30
|
+
```
|
31
|
+
class BaseController < ActionController::Base
|
32
|
+
before_action :ward_by_user!
|
33
|
+
end
|
34
|
+
```
|
35
|
+
|
36
|
+
* Create app/controllers/users_controller.rb. And add the below codes.
|
37
|
+
```
|
38
|
+
class UsersController < BaseController
|
39
|
+
skip_before_action :ward_by_user!, only: [:sign_in]
|
40
|
+
|
41
|
+
def sign_in
|
42
|
+
# If the request is allowed to sign in a user, then continue to execute, otherwise return directly.
|
43
|
+
access_token, refresh_token = generate_tokens_for_user(user_id)
|
44
|
+
render json: {
|
45
|
+
user_id: user_id,
|
46
|
+
access_token: access_token,
|
47
|
+
refresh_token: refresh_token
|
48
|
+
}
|
49
|
+
end
|
50
|
+
end
|
51
|
+
```
|
52
|
+
|
53
|
+
* In client side, you need to add below http headers to access the server protected resources.
|
54
|
+
```
|
55
|
+
X-User-Id: <the user id rendered in sign in api>
|
56
|
+
X-User-Access-Token: <the access token rendered in sign in api>
|
57
|
+
```
|
58
|
+
|
59
|
+
* If the access token expires, you need to use the refresh token to get a new pair of access and refresh token. Modify the users_controller.rb.
|
60
|
+
```
|
61
|
+
class UsersController < BaseController
|
62
|
+
skip_before_action :ward_by_user!, only: [:sign_in, :refresh_token]
|
63
|
+
|
64
|
+
def sign_in
|
65
|
+
# If the request is allowed to sign in a user, then continue to execute, otherwise return directly.
|
66
|
+
access_token, refresh_token = generate_tokens_for_user(user_id)
|
67
|
+
render json: {
|
68
|
+
user_id: user_id,
|
69
|
+
access_token: access_token,
|
70
|
+
refresh_token: refresh_token
|
71
|
+
}
|
72
|
+
end
|
73
|
+
|
74
|
+
def refresh_token
|
75
|
+
if validate_refresh_token_for_user!
|
76
|
+
user_id = current_user_authentication.id
|
77
|
+
access_token, refresh_token = generate_tokens_for_user(user_id)
|
78
|
+
render json: {
|
79
|
+
user_id: user_id,
|
80
|
+
access_token: access_token,
|
81
|
+
refresh_token: refresh_token
|
82
|
+
}
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
86
|
+
```
|
87
|
+
|
88
|
+
* In client side, when requesting the refresh token api, you need to add below http headers.
|
89
|
+
```
|
90
|
+
X-User-Id: <the user id rendered in sign in api>
|
91
|
+
X-User-Refresh-Token: <the refresh token rendered in sign in api>
|
92
|
+
```
|
93
|
+
|
40
94
|
## Development
|
41
95
|
|
42
96
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
@@ -45,7 +99,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
45
99
|
|
46
100
|
## Contributing
|
47
101
|
|
48
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/
|
102
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/UzxMx/api_warden. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
49
103
|
|
50
104
|
## License
|
51
105
|
|
@@ -53,4 +107,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
|
|
53
107
|
|
54
108
|
## Code of Conduct
|
55
109
|
|
56
|
-
Everyone interacting in the ApiWarden project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/
|
110
|
+
Everyone interacting in the ApiWarden project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/UzxMx/api_warden/blob/master/CODE_OF_CONDUCT.md).
|
@@ -5,7 +5,7 @@ module ApiWarden
|
|
5
5
|
autoload :Params, 'api_warden/authentication/params'
|
6
6
|
autoload :HeaderParams, 'api_warden/authentication/header_params'
|
7
7
|
|
8
|
-
attr_reader :scope, :request, :params
|
8
|
+
attr_reader :scope, :request, :params, :key_for_access_token
|
9
9
|
|
10
10
|
def initialize(scope, request)
|
11
11
|
@scope = scope
|
@@ -52,10 +52,10 @@ module ApiWarden
|
|
52
52
|
return unless @authenticated.nil?
|
53
53
|
|
54
54
|
id, access_token = @params.retrieve_id, @params.retrieve_access_token
|
55
|
-
|
55
|
+
@key_for_access_token = @scope.key_for_access_token(id, access_token)
|
56
56
|
|
57
57
|
if access_token && !access_token.empty?
|
58
|
-
ApiWarden.redis { |conn| @value_for_access_token = conn.get(
|
58
|
+
ApiWarden.redis { |conn| @value_for_access_token = conn.get(@key_for_access_token) }
|
59
59
|
end
|
60
60
|
|
61
61
|
unless @value_for_access_token
|
@@ -104,6 +104,22 @@ module ApiWarden
|
|
104
104
|
ApiWarden.redis { |conn| conn.del(key) }
|
105
105
|
end
|
106
106
|
|
107
|
+
# @return [Fixnum] the time to live for access token in seconds
|
108
|
+
def ttl_for_access_token
|
109
|
+
raise_if_authentication_failed!
|
110
|
+
|
111
|
+
ttl_for_key(@key_for_access_token)
|
112
|
+
end
|
113
|
+
|
114
|
+
# Set the ttl for access token.
|
115
|
+
def ttl_for_access_token=(seconds)
|
116
|
+
raise_if_authentication_failed!
|
117
|
+
|
118
|
+
key = @key_for_access_token
|
119
|
+
value = @value_for_access_token
|
120
|
+
ApiWarden.redis { |conn| conn.set(key, value, ex: seconds) }
|
121
|
+
end
|
122
|
+
|
107
123
|
private
|
108
124
|
def ensure_authenticated
|
109
125
|
return unless @authenticated.nil?
|
@@ -120,6 +136,15 @@ module ApiWarden
|
|
120
136
|
ensure_refreshable unless @authenticated
|
121
137
|
end
|
122
138
|
|
139
|
+
def raise_if_authentication_failed!
|
140
|
+
ensure_authenticated
|
141
|
+
raise 'The authentication is not valid.' if @authenticated == false
|
142
|
+
end
|
143
|
+
|
144
|
+
def ttl_for_key(key)
|
145
|
+
ApiWarden.redis { |conn| conn.ttl(key) }
|
146
|
+
end
|
147
|
+
|
123
148
|
class AuthenticationError < Exception
|
124
149
|
end
|
125
150
|
end
|
data/lib/api_warden/scope.rb
CHANGED
@@ -33,6 +33,9 @@ module ApiWarden
|
|
33
33
|
# * on_authenticate_failed: [Proc]
|
34
34
|
# the block to be called when authentication failed. An authentication will be passed as an argument.
|
35
35
|
#
|
36
|
+
# * on_authenticate_success: [Proc]
|
37
|
+
# the block to be called when authentication succeeds. An authentication will be passed as an argument.
|
38
|
+
#
|
36
39
|
# * expire_time_for_refresh_token: [Fixnum]
|
37
40
|
# the expire time for refresh token in seconds, default is EXPIRE_TIME_FOR_REFRESH_TOKEN.
|
38
41
|
#
|
data/lib/api_warden/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: api_warden
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mingxiang Xue
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-01-
|
11
|
+
date: 2018-01-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: redis
|