auth_rails 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 7b6047449dbddff4af60565f7c096eae14f8800b47bd129dceb3ea7f90fb42f7
+  data.tar.gz: 80776e48b7c557c9ab11ec1e9b05ae06e31bc15cca56a4143bfbf46254d2a109
+SHA512:
+  metadata.gz: 03502ea907678c9ca3122701789e82a145f9c3a143d415153bbde798ad7b5a375cc464ba1e1bf4d8a583d42b298501c00fcf00aadbc7b2be221b8b2044a149fe
+  data.tar.gz: f90cfeab74aa249aebbe6a33deec189901e90c74bfdc0092d42b18a468a3e3eee3fe806611b24accf61a4c1ffc9fc0d1034b4a35cc4bb460fa94b5008790366f

data/README.md

@@ -0,0 +1,133 @@
+Simple authentication for rails.
+
+# Installation
+
+```sh
+gem 'auth_rails'
+```
+
+# Configuration
+
+```rb
+# config/initializers/auth_rails.rb
+
+AuthRails.configure do |config|
+  config.jwt do |jwt|
+    jwt.strategy = AuthRails::Strategies::AllowedTokenStrategy # default is AuthRails::Strategies::BaseStrategy
+
+    jwt.access_token do |access_token|
+      access_token.exp = 1.hour.since # optional
+      access_token.algorithm = 'HS256' # optional, default is HS256
+      access_token.secret_key = ENV.fetch('JWT_SECRET', 'secret_key') # optional
+    end
+
+    jwt.refresh_token do |refresh_token|
+      refresh_token.http_only = true # optional
+      refresh_token.exp = 1.year.since # optional
+      refresh_token.algorithm = 'HS256' # optional, must provide if project supports refresh token
+      refresh_token.cookie_key = :project_ref_tok # optional
+      refresh_token.secret_key = ENV.fetch('JWT_SECRET', 'secret_key') # optional
+    end
+  end
+end
+
+Rails.application.config.to_prepare do
+  AuthRails.configure do |config|
+    config.resource_class = User # required
+    config.error_class = ProjectError # optional
+  end
+end
+```
+
+# Usage
+
+```rb
+# config/routes.rb
+
+Rails.application.routes.draw do
+  namespace :api do
+    resource :auth, path: 'auth', controller: 'auth', only: %i[create] do
+      collection do
+        get :refresh
+      end
+    end
+  end
+end
+```
+
+```rb
+# app/controllers/application_controller.rb
+
+class ApplicationController < ActionController::API
+  # to include helpers for authenticating using access_token
+  include AuthRails::Authentication
+
+  # this action will assign user to CurrentAuth.user if valid token
+  # else raise error: AuthRails::Error or custom error in configuration
+  before_action :authenticate_user!
+end
+```
+
+```rb
+# app/controllers/api/auth_controller.rb
+
+module Api
+  class AuthController < AuthRails::Api::AuthController
+  end
+end
+```
+
+- If you want to support refresh token
+
+```rb
+# app/models/user.rb
+
+class User < ApplicationRecord
+  include AuthRails::Concerns::AllowedTokenStrategy
+end
+```
+
+# Customize
+
+- Custom Strategy
+
+```rb
+class CustomStrategy < AuthRails::Strategies::BaseStrategy
+  class << self
+    # this is for getting user/resource using payload from access_token
+    def retrieve_resource(payload:)
+      super
+    end
+
+    # this is for generating refresh token
+    # if you do not support refresh token, can ignore this one
+    def gen_token(resource:, payload:, exp: nil, secret_key: nil, algorithm: nil)
+      super
+    end
+  end
+end
+```
+
+- Custom response for controller
+
+```rb
+module Api
+  class AuthController < AuthRails::Api::AuthController
+    private
+
+    def respond_to_create(data)
+      render json: {
+        profile: CurrentAuth.user,
+        tokens: {
+          auth_token: data[:access_token],
+          refresh_token: data[:refresh_token]
+        }
+      }
+    end
+  end
+end
+```
+
+# License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new
+
+task default: :rubocop

data/app/controllers/auth_rails/api/auth_controller.rb

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+module AuthRails
+  module Api
+    class AuthController < ApiController
+      def create
+        resource = AuthRails.resource_class.find_by(email: params[:email])
+
+        raise AuthRails.error_class, :unauthenticated if resource.blank? || !resource.authenticate(params[:password])
+
+        respond_to_create(generate_token(resource))
+      end
+
+      def refresh
+        decoded_payload = Services::JwtService.verify_token(
+          token: lookup_refresh_token,
+          algorithm: Configuration::Jwt::RefreshToken.algorithm,
+          secret_key: Configuration::Jwt::RefreshToken.secret_key
+        )
+
+        resource = AuthRails.jwt_strategy.retrieve_resource(payload: decoded_payload)
+
+        raise AuthRails.error_class, :unauthenticated if resource.blank?
+
+        respond_to_refresh(generate_token(resource))
+      end
+
+      private
+
+      def respond_to_create(data)
+        render json: {
+          **data,
+          user: CurrentAuth.user
+        }
+      end
+
+      alias respond_to_refresh respond_to_create
+
+      def payload(resource)
+        {
+          sub: resource.email
+        }
+      end
+
+      def basic_payload
+        {
+          aud: request.host
+        }
+      end
+
+      def generate_token(resource)
+        CurrentAuth.user = resource
+        token_payload = basic_payload.merge(payload(resource))
+
+        result = {
+          access_token: Services::JwtService.gen_token(
+            payload: token_payload,
+            secret_key: Configuration::Jwt::AccessToken.secret_key
+          )
+        }
+
+        if Configuration::Jwt::RefreshToken.algorithm.present?
+          result[:refresh_token] = AuthRails.jwt_strategy.gen_token(
+            resource: resource,
+            payload: token_payload,
+            exp: Configuration::Jwt::RefreshToken.exp.to_i,
+            algorithm: Configuration::Jwt::RefreshToken.algorithm,
+            secret_key: Configuration::Jwt::RefreshToken.secret_key
+          )
+
+          cookie_http_only(result[:refresh_token])
+        end
+
+        result
+      end
+
+      def cookie_http_only(refresh_token)
+        return if Configuration::Jwt::RefreshToken.http_only.blank?
+
+        cookies[Configuration::Jwt::RefreshToken.cookie_key.to_sym || :ref_tok] = {
+          httponly: true,
+          value: refresh_token,
+          secure: Rails.env.production?,
+          expires: Time.at(Configuration::Jwt::RefreshToken.exp).to_datetime
+        }
+      end
+    end
+  end
+end

data/app/controllers/auth_rails/api_controller.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module AuthRails
+  class ApiController < ActionController::API
+    include ActionController::Cookies
+    include AuthRails::Authentication
+  end
+end

data/app/controllers/concerns/auth_rails/authentication.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module AuthRails
+  module Authentication
+    extend ActiveSupport::Concern
+
+    def authenticate_user!
+      payload = Services::JwtService.verify_token(
+        token: lookup_access_token,
+        secret_key: Configuration::Jwt::AccessToken.secret_key
+      )
+
+      CurrentAuth.user = AuthRails.resource_class.find_by(email: payload[:sub])
+
+      raise AuthRails.error_class, :unauthenticated unless CurrentAuth.user
+    end
+
+    private
+
+    def lookup_access_token
+      token_match = request.headers['Authorization']&.match(/bearer (.+)/i)
+      token_match[1] if token_match
+    end
+
+    def lookup_refresh_token
+      cookies[Configuration::Jwt::RefreshToken.cookie_key.to_sym].presence || params[:refresh_token]
+    end
+  end
+end

data/app/models/concerns/auth_rails/concerns/allowed_token_strategy.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module AuthRails
+  module Concerns
+    module AllowedTokenStrategy
+      extend ActiveSupport::Concern
+
+      included do
+        has_many :allowed_tokens, dependent: :destroy
+      end
+    end
+  end
+end

data/app/supports/current_auth.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+class CurrentAuth < ActiveSupport::CurrentAttributes
+  attribute :user
+end

data/auth_rails.gemspec

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+require_relative 'lib/auth_rails/version'
+
+Gem::Specification.new do |spec|
+  spec.name = 'auth_rails'
+  spec.version = AuthRails::VERSION
+  spec.authors = ['Alpha']
+  spec.email = ['alphanolucifer@gmail.com']
+
+  spec.summary = 'Simple authentication for Rails'
+  spec.description = 'Simple authentication for Rails'
+  spec.homepage = 'https://github.com/zgid123/auth_rails'
+  spec.license = 'MIT'
+  spec.required_ruby_version = '>= 2.6.0'
+
+  spec.metadata['homepage_uri'] = spec.homepage
+
+  spec.files = Dir.chdir(__dir__) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      (File.expand_path(f) == __FILE__) ||
+        f.start_with?(
+          *%w[
+            bin/
+            test/
+            spec/
+            features/
+            .git
+            .circleci
+            appveyor
+            Gemfile
+            .rubocop.yml
+            .vscode/settings.json
+            LICENSE.txt
+            lefthook.yml
+          ]
+        )
+    end
+  end
+
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'jwt'
+end

data/lib/auth_rails/class_methods.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module AuthRails
+  class << self
+    def configure
+      yield Config
+    end
+
+    def configuration
+      Config
+    end
+
+    def resource_class
+      @resource_class ||= Config.resource_class
+    end
+
+    def error_class
+      @error_class ||= Config.error_class || Error
+    end
+
+    def jwt_strategy
+      @jwt_strategy ||= Configuration::Jwt.strategy || Strategies::BaseStrategy
+    end
+  end
+end

data/lib/auth_rails/config.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module AuthRails
+  class Config
+    class << self
+      attr_accessor :error_class,
+                    :resource_class
+
+      def jwt
+        yield Configuration::Jwt
+      end
+    end
+  end
+end

data/lib/auth_rails/configuration/jwt.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module AuthRails
+  module Configuration
+    class Jwt
+      class << self
+        attr_accessor :strategy
+
+        def access_token
+          yield AccessToken
+
+          AccessToken.algorithm ||= 'HS256'
+        end
+
+        def refresh_token
+          yield RefreshToken
+
+          RefreshToken.cookie_key ||= :ref_tok
+        end
+      end
+
+      class AccessToken
+        class << self
+          attr_accessor :exp,
+                        :algorithm,
+                        :secret_key
+        end
+      end
+
+      class RefreshToken < AccessToken
+        class << self
+          attr_accessor :http_only, :cookie_key
+        end
+      end
+    end
+  end
+end

data/lib/auth_rails/services/jwt_service.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module AuthRails
+  module Services
+    class JwtService
+      class << self
+        def gen_token(payload:, exp: nil, secret_key: nil, algorithm: nil, jti: nil)
+          exp ||= Configuration::Jwt::AccessToken.exp.to_i
+
+          JWT.encode(
+            (payload || {}).merge(jti: jti || SecureRandom.hex(20)),
+            secret_key,
+            algo(algorithm),
+            {
+              exp: exp.to_i
+            }
+          )
+        end
+
+        def verify_token(token:, secret_key: nil, algorithm: nil)
+          JWT.decode(
+            token,
+            secret_key,
+            true,
+            {
+              algorithm: algo(algorithm)
+            }
+          )[0].deep_symbolize_keys
+        rescue StandardError
+          {}
+        end
+
+        private
+
+        def algo(algorithm)
+          algorithm || Configuration::Jwt::AccessToken.algorithm
+        end
+      end
+    end
+  end
+end

data/lib/auth_rails/strategies/allowed_token_strategy.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module AuthRails
+  module Strategies
+    class AllowedTokenStrategy < BaseStrategy
+      class << self
+        def retrieve_resource(payload:)
+          symbolized_payload = payload.symbolize_keys
+
+          AuthRails.resource_class
+                   .joins(:allowed_tokens)
+                   .where(allowed_tokens: symbolized_payload.slice(:jti, :aud))
+                   .where('allowed_tokens.exp > ?', Time.current)
+                   .find_by(email: symbolized_payload[:sub])
+        end
+
+        def gen_token(resource:, payload:, exp: nil, secret_key: nil, algorithm: nil)
+          jti = SecureRandom.hex(20)
+
+          resource.allowed_tokens
+                  .create!(
+                    jti: jti,
+                    aud: payload[:aud],
+                    exp: Time.zone.at(exp)
+                  )
+
+          super(
+            jti: jti,
+            exp: exp,
+            payload: payload,
+            algorithm: algorithm,
+            secret_key: secret_key
+          )
+        end
+      end
+    end
+  end
+end

data/lib/auth_rails/strategies/base_strategy.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module AuthRails
+  module Strategies
+    class BaseStrategy
+      class << self
+        def retrieve_resource(payload:)
+          symbolized_payload = payload.symbolize_keys
+
+          AuthRails.resource_class
+                   .find_by(email: symbolized_payload[:sub])
+        end
+
+        def gen_token(payload:, exp: nil, secret_key: nil, algorithm: nil, jti: nil, **)
+          Services::JwtService.gen_token(
+            exp: exp,
+            jti: jti,
+            payload: payload,
+            algorithm: algorithm,
+            secret_key: secret_key
+          )
+        end
+      end
+    end
+  end
+end

data/lib/auth_rails/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module AuthRails
+  VERSION = '1.0.0'
+end

data/lib/auth_rails.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require_relative 'auth_rails/config'
+require_relative 'auth_rails/version'
+require_relative 'auth_rails/class_methods'
+require_relative 'auth_rails/configuration/jwt'
+require_relative 'auth_rails/services/jwt_service'
+require_relative 'auth_rails/strategies/base_strategy'
+require_relative 'auth_rails/strategies/allowed_token_strategy'
+
+module AuthRails
+  class Error < StandardError; end
+
+  class Engine < ::Rails::Engine
+    isolate_namespace AuthRails
+
+    config.autoload_paths << File.expand_path('app/models', __dir__)
+    config.autoload_paths << File.expand_path('app/supports', __dir__)
+    config.autoload_paths << File.expand_path('app/controllers', __dir__)
+  end
+end

metadata

@@ -0,0 +1,74 @@
+--- !ruby/object:Gem::Specification
+name: auth_rails
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Alpha
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-12-25 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Simple authentication for Rails
+email:
+- alphanolucifer@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- Rakefile
+- app/controllers/auth_rails/api/auth_controller.rb
+- app/controllers/auth_rails/api_controller.rb
+- app/controllers/concerns/auth_rails/authentication.rb
+- app/models/concerns/auth_rails/concerns/allowed_token_strategy.rb
+- app/supports/current_auth.rb
+- auth_rails.gemspec
+- lib/auth_rails.rb
+- lib/auth_rails/class_methods.rb
+- lib/auth_rails/config.rb
+- lib/auth_rails/configuration/jwt.rb
+- lib/auth_rails/services/jwt_service.rb
+- lib/auth_rails/strategies/allowed_token_strategy.rb
+- lib/auth_rails/strategies/base_strategy.rb
+- lib/auth_rails/version.rb
+homepage: https://github.com/zgid123/auth_rails
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/zgid123/auth_rails
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.6.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.13
+signing_key:
+specification_version: 4
+summary: Simple authentication for Rails
+test_files: []