authie 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 5fae3a28b39351d3fd2d65cceb2fb3c27ae48fc8
+  data.tar.gz: f495eea593432bacdfb352cf81e22c06a4d51e43
+SHA512:
+  metadata.gz: b4ea09a545f6e32133e3c07fc79a8b2f925dd3ca796146fc1beff04e4863fd7acaa0cdc725a035087f2d6d0616ea18a29afaedaf937846bd7a1b5ff49b9431d7
+  data.tar.gz: 556e8ae46773fefcd25b11e9e3d0f30c8cd7b71dcc54986f28255ce57f7867e9d984d1237002a9bd7eb6e8b6467ffb846b77acb457dfa091eb3ce73f838f85d0

data/db/migrate/20141012174250_create_authie_sessions.rb

@@ -0,0 +1,17 @@
+class CreateAuthieSessions < ActiveRecord::Migration
+  def change
+    create_table :authie_sessions do |t|
+      t.string :token, :browser_id
+      t.integer :user_id
+      t.boolean :active, :default => true
+      t.text :data
+      t.datetime :expires_at
+      t.datetime :login_at
+      t.string :login_ip
+      t.datetime :last_activity_at
+      t.string :last_activity_ip, :last_activity_path
+      t.string :user_agent
+      t.timestamps
+    end
+  end
+end

data/lib/authie.rb

@@ -0,0 +1,4 @@
+require 'authie/version'
+require 'authie/engine'
+require 'authie/config'
+require 'authie/error'

data/lib/authie/config.rb

@@ -0,0 +1,24 @@
+module Authie
+  class Config
+    
+    def session_inactivity_timeout
+      @session_inactivity_timeout || 12.hours
+    end
+    attr_writer :session_inactivity_timeout
+    
+    def persistent_session_length
+      @persistent_session_length || 2.months
+    end
+    attr_writer :persistent_session_length
+    
+    def user_model_class_name
+      @user_model_class_name || 'User'
+    end
+    attr_writer :user_model_class_name
+    
+  end
+  
+  def self.config
+    @config ||= Config.new
+  end
+end

data/lib/authie/controller_extension.rb

@@ -0,0 +1,48 @@
+module Authie
+  module ControllerExtension
+    
+    def self.included(base)
+      base.helper_method :logged_in?, :current_user, :auth_session
+      base.before_filter :set_browser_id
+    end
+    
+    private
+    
+    # Set a random browser ID for this browser. 
+    # TODO: check that this is unique before setting it.
+    def set_browser_id
+      unless cookies[:browser_id]
+        cookies[:browser_id] = {:value => SecureRandom.uuid, :expires => 20.years.from_now}
+      end
+    end
+    
+    # Return the currently logged in user object
+    def current_user
+      auth_session.user
+    end
+    
+    # Set the currently logged in user
+    def current_user=(user)
+      if user.is_a?(Authie.config.user_model_class_name.constantize)
+        unless logged_in?
+          @auth_session = Session.start(self, :user => user)
+        end
+        @current_user = user
+      else
+        auth_session.destroy if logged_in?
+        @current_user = nil
+      end
+    end
+    
+    # Is anyone currently logged in?
+    def logged_in?
+      auth_session.is_a?(Session)
+    end
+    
+    # Return the currently logged in user session
+    def auth_session
+      @auth_session ||= Session.get_session(self)
+    end
+    
+  end
+end

data/lib/authie/engine.rb

@@ -0,0 +1,21 @@
+module Authie
+  class Engine < ::Rails::Engine
+    
+    initializer 'authie.initialize' do |app|
+      config.paths["db/migrate"].expanded.each do |expanded_path|
+        app.config.paths["db/migrate"] << expanded_path
+      end
+      
+      ActiveSupport.on_load :active_record do
+        require 'authie/session'
+      end
+      
+      ActiveSupport.on_load :action_controller do
+        require 'authie/controller_extension'
+        include Authie::ControllerExtension
+      end
+      
+    end
+    
+  end
+end

data/lib/authie/error.rb

@@ -0,0 +1,4 @@
+module Authie
+  class Error < StandardError
+  end
+end

data/lib/authie/session.rb

@@ -0,0 +1,153 @@
+module Authie
+  class Session < ActiveRecord::Base
+    
+    # Define some errors which may be used
+    class InactiveSession < Error; end
+    class ExpiredSession < Error; end
+    class BrowserMismatch < Error; end
+    
+    # Set table name
+    self.table_name = "authie_sessions"
+    
+    # Relationships
+    belongs_to :user, :class_name => Authie.config.user_model_class_name, :foreign_key => 'user_id'
+    
+    # Scopes
+    scope :active, -> { where(:active => true) }
+    scope :asc, -> { order(:last_activity_at => :desc) }
+    
+    # Attributes
+    serialize :data, Hash
+    attr_accessor :controller
+    
+    before_create do
+      self.token = SecureRandom.base64(32)
+      if controller
+        self.user_agent = controller.request.user_agent
+        set_cookie!
+      end
+    end
+
+    before_destroy do
+      cookies.delete(:user_session) if controller
+    end
+    
+    # This method should be called each time a user performs an
+    # action while authenticated with this session.
+    def touch!
+      self.last_activity_at = Time.now
+      self.last_activity_ip = controller.request.ip
+      self.last_activity_path = controller.request.path
+      self.save!
+    end
+    
+    # Sets the cookie on the associated controller. 
+    def set_cookie!
+      cookies[:user_session] = {
+        :value => token,
+        :secure => controller.request.ssl?,
+        :httponly => true,
+        :expires => self.expires_at
+      }
+    end
+    
+    # Check the security of the session to ensure it can be used.
+    def check_security!
+      if controller
+        if cookies[:browser_id] != self.browser_id
+          invalidate!
+          raise BrowserMismatch, "Browser ID mismatch"
+        end
+        
+        unless self.active?
+          invalidate!
+          raise InactiveSession, "Session is no longer active"
+        end
+        
+        if self.expires_at && self.expires_at < Time.now
+          invalidate!
+          raise ExpiredSession, "Persistent session has expired"
+        end
+
+        if self.expires_at.nil? && self.last_activity_at && self.last_activity_at < Authie.config.session_inactivity_timeout.ago
+          invalidate!
+          raise InactiveSession, "Non-persistent session has expired"
+        end
+      end
+    end
+    
+    # Allow this session to persist rather than expiring at the end of the
+    # current browser session
+    def persist!
+      self.expires_at = Authie.config.persistent_session_length.from_now
+      self.save!
+      set_cookie!
+    end
+    
+    # Is this a persistent session?
+    def persistent?
+      !!expires_at
+    end
+
+    # Mark this session as invalid
+    def invalidate!
+      self.active = false
+      self.save!
+      if controller
+        cookies.delete(:user_session)
+      end
+    end
+    
+    # Set some additional data in this session
+    def set(key, value)
+      self.data ||= {}
+      self.data[key.to_s] = value
+      self.save!
+    end
+
+    # Get some additional data from this session
+    def get(key)
+      (self.data ||= {})[key.to_s]
+    end
+    
+    # Find a session from the database for the given controller instance.
+    # Returns a session object or :none if no session is found.
+    def self.get_session(controller)
+      cookies = controller.send(:cookies)
+      if cookies[:user_session] && session = self.active.where(:token => cookies[:user_session]).first
+        session.controller = controller
+        session
+      else
+        cookies.delete(:user_session)
+        :none
+      end
+    end
+    
+    # Create a new session and return the newly created session object.
+    # Any other sessions for the browser will be invalidated.
+    def self.start(controller, params = {})
+      cookies = controller.send(:cookies)
+      self.where(:browser_id => cookies[:browser_id]).each(&:invalidate!)
+      session = self.new(params)
+      session.controller = controller
+      session.browser_id = cookies[:browser_id]
+      session.login_at = Time.now
+      session.login_ip = controller.request.ip
+      session.save
+      session
+    end
+    
+    # Cleanup any old sessions.
+    def self.cleanup
+      self.active.where("expires_at IS NULL AND last_activity_at < ?", Authie.config.session_inactivity_timeout.ago).each(&:invalidate!)
+    end
+    
+    private
+    
+    # Return all cookies on the associated controller
+    def cookies
+      controller.send(:cookies)
+    end
+    
+  end
+end

data/lib/authie/version.rb

@@ -0,0 +1,3 @@
+module Authie
+  VERSION = '1.0.0'
+end

metadata

@@ -0,0 +1,53 @@
+--- !ruby/object:Gem::Specification
+name: authie
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Adam Cooke
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-10-12 00:00:00.000000000 Z
+dependencies: []
+description: A Rails library for storing user sessions in a backend database
+email:
+- me@adamcooke.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- db/migrate/20141012174250_create_authie_sessions.rb
+- lib/authie.rb
+- lib/authie/config.rb
+- lib/authie/controller_extension.rb
+- lib/authie/engine.rb
+- lib/authie/error.rb
+- lib/authie/session.rb
+- lib/authie/version.rb
+homepage: https://github.com/adamcooke/authie
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: A Rails library for storing user sessions in a backend database
+test_files: []
+has_rdoc: