auth_rails 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7b6047449dbddff4af60565f7c096eae14f8800b47bd129dceb3ea7f90fb42f7
-  data.tar.gz: 80776e48b7c557c9ab11ec1e9b05ae06e31bc15cca56a4143bfbf46254d2a109
+  metadata.gz: c69df81c88cacdf202e2c49cf329423ded23e509fc2dc67fd60d07fda1fbe12e
+  data.tar.gz: abbad690e4211d181950af7bf542e2df367b79c0c79c049f32c5192188106f4f
 SHA512:
-  metadata.gz: 03502ea907678c9ca3122701789e82a145f9c3a143d415153bbde798ad7b5a375cc464ba1e1bf4d8a583d42b298501c00fcf00aadbc7b2be221b8b2044a149fe
-  data.tar.gz: f90cfeab74aa249aebbe6a33deec189901e90c74bfdc0092d42b18a468a3e3eee3fe806611b24accf61a4c1ffc9fc0d1034b4a35cc4bb460fa94b5008790366f
+  metadata.gz: b97b6c42ed2386b526ce58bbc9e8fd2982e7b60357adebfb0c547f3b3cbf6d07f6cbca8e4cf13871a42f69935ae09daf2dc7528563dd024dcc95dc95e8611f5a
+  data.tar.gz: 758425cb02330e2efd68fedc8730e4b8879136098f0ecfb1d9543812e8220fdbc51f8ec1eaa15c19a09d17e29788c4968969121e08c9a6cf922a2ea4b60e005e

data/README.md

@@ -6,8 +6,43 @@ Simple authentication for rails.
 gem 'auth_rails'
 ```
 
+# CLI
+
+- init `auth_rails`
+
+```sh
+rails g auth_rails
+```
+
+- init `auth_rails` with strategy
+
+```sh
+rails g auth_rails --strategy allowed_token
+```
+
+- create migration for `allowed_token` strategy
+
+```sh
+rails g auth_rails:migration --strategy allowed_token
+```
+
+- if your model is not User
+
+```sh
+rails g auth_rails:migration --strategy allowed_token --model CustomUser
+```
+
 # Configuration
 
+- User model must have `has_secure_password`
+
+```rb
+# app/models/user.rb
+class User < ApplicationRecord
+  has_secure_password
+end
+```
+
 ```rb
 # config/initializers/auth_rails.rb
 
@@ -84,6 +119,8 @@ end
 
 class User < ApplicationRecord
   include AuthRails::Concerns::AllowedTokenStrategy
+
+  has_secure_password
 end
 ```
 
@@ -128,6 +165,54 @@ module Api
 end
 ```
 
+- In case your identifier is not email
+
+```rb
+Rails.application.config.to_prepare do
+  AuthRails.configure do |config|
+    config.resource_class = User # required
+    config.identifier_name = :username # must be string or symbol, default is email
+  end
+end
+```
+
+- If you have a custom method to validate password
+
+```rb
+Rails.application.config.to_prepare do
+  AuthRails.configure do |config|
+    config.resource_class = User # required
+    config.identifier_name = :username # must be string or symbol, default is email
+    config.authenticate = ->(resource, password) { resource.password == password } # must be a proc, validate password
+  end
+end
+```
+
+- Sometimes, you have a complex logic to get the user
+
+```rb
+Rails.application.config.to_prepare do
+  AuthRails.configure do |config|
+    config.resource_class = User # required
+    config.identifier_name = :username # this one is sub in jwt
+    config.dig_params = ->(params) { params[:identifier] } # must be a proc, how to get identifier from params
+
+    # how to get user from identifier
+    # identifier default is params[<identifier_name>]
+    # or extract from dig_params
+    config.retrieve_resource = lambda { |identifier|
+      User.where(email: identifier)
+          .or(User.where(username: identifier))
+          .first
+    }
+  end
+end
+```
+
+# Strategy list
+
+- allowed_token
+
 # License
 
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/app/controllers/auth_rails/api/auth_controller.rb

@@ -4,9 +4,9 @@ module AuthRails
   module Api
     class AuthController < ApiController
       def create
-        resource = AuthRails.resource_class.find_by(email: params[:email])
+        resource = AuthRails.retrieve_resource(params: params)
 
-        raise AuthRails.error_class, :unauthenticated if resource.blank? || !resource.authenticate(params[:password])
+        raise AuthRails.error_class, :unauthenticated if resource.blank? || !AuthRails.authenticate(resource: resource, password: params[:password])
 
         respond_to_create(generate_token(resource))
       end
@@ -22,6 +22,11 @@ module AuthRails
 
         raise AuthRails.error_class, :unauthenticated if resource.blank?
 
+        resource.allowed_tokens.find_by(
+          jti: decoded_payload[:jti],
+          aud: decoded_payload[:aud]
+        )&.destroy!
+
         respond_to_refresh(generate_token(resource))
       end
 
@@ -38,7 +43,7 @@ module AuthRails
 
       def payload(resource)
         {
-          sub: resource.email
+          sub: resource.send(AuthRails.identifier_name)
         }
       end
 

data/app/controllers/concerns/auth_rails/authentication.rb

@@ -10,7 +10,7 @@ module AuthRails
         secret_key: Configuration::Jwt::AccessToken.secret_key
       )
 
-      CurrentAuth.user = AuthRails.resource_class.find_by(email: payload[:sub])
+      CurrentAuth.user = AuthRails.resource_class.find_by(AuthRails.identifier_name => payload[:sub])
 
       raise AuthRails.error_class, :unauthenticated unless CurrentAuth.user
     end

data/auth_rails.gemspec

@@ -28,6 +28,7 @@ Gem::Specification.new do |spec|
             .git
             .circleci
             appveyor
+            examples/
             Gemfile
             .rubocop.yml
             .vscode/settings.json
@@ -40,5 +41,5 @@ Gem::Specification.new do |spec|
 
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'jwt'
+  spec.add_runtime_dependency 'jwt', '>= 2.7'
 end

data/lib/auth_rails/class_methods.rb

@@ -14,6 +14,10 @@ module AuthRails
       @resource_class ||= Config.resource_class
     end
 
+    def identifier_name
+      @identifier_name ||= Config.identifier_name.to_sym || :email
+    end
+
     def error_class
       @error_class ||= Config.error_class || Error
     end
@@ -21,5 +25,45 @@ module AuthRails
     def jwt_strategy
       @jwt_strategy ||= Configuration::Jwt.strategy || Strategies::BaseStrategy
     end
+
+    def authenticate(resource:, password:)
+      if Config.authenticate.present?
+        raise_if_not_proc(Config.authenticate, 'Config.authenticate')
+
+        Config.authenticate.call(resource, password)
+      else
+        raise 'Don\'t know how to authenticate resource with password' unless resource.respond_to?(:authenticate)
+
+        resource.authenticate(password)
+      end
+    end
+
+    def dig_params(params:)
+      if Config.dig_params.present?
+        raise_if_not_proc(Config.dig_params, 'Config.dig_params')
+
+        Config.dig_params.call(params)
+      else
+        params[AuthRails.identifier_name]
+      end
+    end
+
+    def retrieve_resource(params:)
+      identifier = dig_params(params: params)
+
+      if Config.retrieve_resource.present?
+        raise_if_not_proc(Config.retrieve_resource, 'Config.retrieve_resource')
+
+        return Config.retrieve_resource.call(identifier)
+      end
+
+      AuthRails.resource_class.find_by(AuthRails.identifier_name => identifier)
+    end
+
+    private
+
+    def raise_if_not_proc(source, name)
+      raise "#{name} must be a Proc" unless source.is_a?(Proc)
+    end
   end
 end

data/lib/auth_rails/config.rb

@@ -3,8 +3,12 @@
 module AuthRails
   class Config
     class << self
-      attr_accessor :error_class,
-                    :resource_class
+      attr_accessor :dig_params,
+                    :error_class,
+                    :authenticate,
+                    :resource_class,
+                    :identifier_name,
+                    :retrieve_resource
 
       def jwt
         yield Configuration::Jwt

data/lib/auth_rails/strategies/allowed_token_strategy.rb

@@ -11,7 +11,7 @@ module AuthRails
                    .joins(:allowed_tokens)
                    .where(allowed_tokens: symbolized_payload.slice(:jti, :aud))
                    .where('allowed_tokens.exp > ?', Time.current)
-                   .find_by(email: symbolized_payload[:sub])
+                   .find_by(AuthRails.identifier_name => symbolized_payload[:sub])
         end
 
         def gen_token(resource:, payload:, exp: nil, secret_key: nil, algorithm: nil)

data/lib/auth_rails/strategies/base_strategy.rb

@@ -8,7 +8,7 @@ module AuthRails
           symbolized_payload = payload.symbolize_keys
 
           AuthRails.resource_class
-                   .find_by(email: symbolized_payload[:sub])
+                   .find_by(AuthRails.identifier_name => symbolized_payload[:sub])
         end
 
         def gen_token(payload:, exp: nil, secret_key: nil, algorithm: nil, jti: nil, **)

data/lib/auth_rails/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module AuthRails
-  VERSION = '1.0.0'
+  VERSION = '1.1.0'
 end

data/lib/auth_rails.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'jwt'
+
 require_relative 'auth_rails/config'
 require_relative 'auth_rails/version'
 require_relative 'auth_rails/class_methods'

data/lib/generators/auth_rails/migration_generator.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module AuthRails
+  class MigrationGenerator < Rails::Generators::Base
+    include Rails::Generators::Migration
+
+    source_root File.expand_path('templates', __dir__)
+
+    class_option :strategy,
+                 aliases: '-strat',
+                 type: :string,
+                 desc: 'Strategy to use, default is AuthRails::Strategies::BaseStrategy',
+                 default: 'base'
+
+    class_option :model,
+                 aliases: '-m',
+                 type: :string,
+                 desc: 'Model for strategy to associate with',
+                 default: 'user'
+
+    def create_migration_files
+      @model = (options[:model] || 'user').underscore.to_sym
+
+      case options[:strategy]
+      when 'allowed_token'
+        migration_template(
+          'allowed_tokens.tt',
+          'db/migrate/create_allowed_tokens.rb',
+          migration_version: migration_version
+        )
+      end
+    end
+
+    class << self
+      def next_migration_number(dirname)
+        next_migration_number = current_migration_number(dirname) + 1
+        ActiveRecord::Migration.next_migration_number(next_migration_number)
+      end
+    end
+
+    private
+
+    def versioned_migrations?
+      Rails::VERSION::MAJOR >= 5
+    end
+
+    def migration_version
+      return unless versioned_migrations?
+
+      "[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]"
+    end
+  end
+end

data/lib/generators/auth_rails/templates/allowed_tokens.tt

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class CreateAllowedTokens < ActiveRecord::Migration<%= migration_version %>
+  def change
+    create_table :allowed_tokens do |t|
+      t.string :jti, null: false
+      t.string :aud
+      t.datetime :exp, null: false
+
+      t.timestamps
+
+      t.references :<%= @model %>, foreign_key: { on_delete: :cascade }, null: false
+
+      t.index %i[jti aud]
+    end
+  end
+end

data/lib/generators/auth_rails_generator.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+class AuthRailsGenerator < Rails::Generators::Base
+  source_root File.expand_path('templates', __dir__)
+
+  class_option :strategy,
+               aliases: '-strat',
+               type: :string,
+               desc: 'Strategy to use, default is AuthRails::Strategies::BaseStrategy',
+               default: 'base'
+
+  class_option :model,
+               aliases: '-m',
+               type: :string,
+               desc: 'Model for strategy to associate with',
+               default: 'user'
+
+  def generate_auth_rails
+    @model = (options[:model] || 'user').camelcase
+    @is_allowed_token = options[:strategy] == 'allowed_token'
+
+    template(
+      'auth_rails.tt',
+      'config/initializers/auth_rails.rb'
+    )
+  end
+
+  def create_allowed_tokens_strategy
+    return if options[:strategy].blank? || options[:strategy] != 'allowed_token'
+
+    invoke(
+      'auth_rails:migration',
+      [],
+      strategy: 'allowed_token',
+      model: (options[:model] || 'user').camelcase
+    )
+  end
+end

data/lib/generators/templates/auth_rails.tt

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+AuthRails.configure do |config|
+  config.jwt do |jwt|
+    jwt.access_token do |access_token|
+      access_token.exp = 1.hour.since
+      access_token.secret_key = ENV.fetch('JWT_SECRET', '')
+    end
+
+    <%= @is_allowed_token ? '' : '# ' %>jwt.strategy = AuthRails::Strategies::AllowedTokenStrategy
+
+    # if you wanna use refresh token
+    # uncomment those lines below
+    # jwt.refresh_token do |refresh_token|
+    #   refresh_token.http_only = true
+    #   refresh_token.exp = 1.year.since
+    #   refresh_token.algorithm = 'HS256'
+    #   refresh_token.cookie_key = :ref_tok
+    #   refresh_token.secret_key = ENV.fetch('JWT_SECRET', '')
+    # end
+  end
+end
+
+Rails.application.config.to_prepare do
+  AuthRails.configure do |config|
+    config.resource_class = <%= @model %>
+
+    # if you wanna use custom error classes
+    # uncomment code below
+    # config.error_class = AuthError
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: auth_rails
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Alpha
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-12-25 00:00:00.000000000 Z
+date: 2024-01-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.7'
 description: Simple authentication for Rails
 email:
 - alphanolucifer@gmail.com
@@ -47,6 +47,10 @@ files:
 - lib/auth_rails/strategies/allowed_token_strategy.rb
 - lib/auth_rails/strategies/base_strategy.rb
 - lib/auth_rails/version.rb
+- lib/generators/auth_rails/migration_generator.rb
+- lib/generators/auth_rails/templates/allowed_tokens.tt
+- lib/generators/auth_rails_generator.rb
+- lib/generators/templates/auth_rails.tt
 homepage: https://github.com/zgid123/auth_rails
 licenses:
 - MIT