authkeeper 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 1d291c37e7026099622fefe84c63a02de6cef06daa7eee635f36b796db5c7aa9
+  data.tar.gz: 907a89191c1c28605281792a51e5152ff8d3a6772d2bd9b1b9123a4cce7a9d24
+SHA512:
+  metadata.gz: accb54c1f14af1647d1ec78ce89cb6497b68086bf413e14fbd0f84a157eb85756fd7bdbc7059fd2428b906f8581a36f5b6d8d2327b2ab6c73bd782197a2558e3
+  data.tar.gz: cafb801a5ad8b25a840d6bf499eca9b6f8593eac07b6b446fd6b565cb71ddd864c2e11bbdec959933fe48e2c6e0ead259cf844098677f1c4b80e935c334ae932

data/README.md

@@ -0,0 +1,28 @@
+# Authkeeper
+Short description and motivation.
+
+## Usage
+How to use my plugin.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem "authkeeper"
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install authkeeper
+```
+
+## Contributing
+Contribution directions go here.
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require 'bundler/setup'
+
+APP_RAKEFILE = File.expand_path('test/dummy/Rakefile', __dir__)
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'

data/app/assets/config/authkeeper_manifest.js

@@ -0,0 +1 @@
+//= link_directory ../stylesheets/authkeeper .css

data/app/assets/stylesheets/authkeeper/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/authkeeper/omniauth_callbacks_controller.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  class OmniauthCallbacksController < ::ApplicationController
+    include AuthkeeperDeps[
+      fetch_session: 'services.fetch_session',
+      generate_token: 'services.generate_token'
+    ]
+
+    GITHUB = 'github'
+    GITLAB = 'gitlab'
+    TELEGRAM = 'telegram'
+    GOOGLE = 'google'
+    YANDEX = 'yandex'
+
+    skip_before_action :verify_authenticity_token
+    skip_before_action :authenticate, only: %i[create]
+    before_action :validate_provider, only: %i[create]
+    before_action :validate_auth, only: %i[create]
+
+    def create; end
+
+    def destroy
+      fetch_session
+        .call(token: cookies[Authkeeper.configuration.access_token_name])[:result]
+        &.destroy
+      cookies.delete(Authkeeper.configuration.access_token_name)
+      redirect_to root_path
+    end
+
+    private
+
+    def validate_provider
+      authentication_error if Authkeeper.configuration.omniauth_providers.exclude?(params[:provider])
+    end
+
+    def validate_auth
+      return validate_telegram_auth if params[:provider] == TELEGRAM
+
+      validate_general_auth
+    end
+
+    def validate_general_auth
+      authentication_error if params[:code].blank? || auth.nil?
+    end
+
+    def validate_telegram_auth
+      authentication_error if params[:id].blank? || auth.nil?
+    end
+
+    def auth
+      @auth ||= provider_service(params[:provider]).call(params: params)[:result]
+    end
+
+    def provider_service(provider)
+      Authkeeper::Container.resolve("services.providers.#{provider}")
+    end
+
+    def sign_in(user)
+      user_session = Authkeeper.configuration.user_session_model.constantize.create!(user: user)
+      cookies[Authkeeper.configuration.access_token_name] = {
+        value: generate_token.call(user_session: user_session)[:result],
+        domain: Authkeeper.configuration.domain,
+        expires: 1.week.from_now
+      }.compact
+    end
+  end
+end

data/app/helpers/authkeeper/application_helper.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module ApplicationHelper
+    def omniauth_link(provider)
+      case provider
+      when :github then github_oauth_link
+      when :gitlab then gitlab_oauth_link
+      when :google then google_oauth_link
+      when :yandex then yandex_oauth_link
+      end
+    end
+
+    private
+
+    # rubocop: disable Layout/LineLength
+    def github_oauth_link
+      "https://github.com/login/oauth/authorize?scope=user:email&response_type=code&client_id=#{value(:github, :client_id)}&redirect_uri=#{value(:github, :redirect_url)}"
+    end
+
+    def gitlab_oauth_link
+      "https://gitlab.com/oauth/authorize?scope=read_user&response_type=code&client_id=#{value(:gitlab, :client_id)}&redirect_uri=#{value(:gitlab, :redirect_url)}"
+    end
+
+    def google_oauth_link
+      "https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&response_type=code&client_id=#{value(:google, :client_id)}&redirect_uri=#{value(:google, :redirect_url)}"
+    end
+
+    def yandex_oauth_link
+      "https://oauth.yandex.ru/authorize?response_type=code&client_id=#{value(:yandex, :client_id)}"
+    end
+    # rubocop: enable Layout/LineLength
+
+    def value(provider, key)
+      Authkeeper.configuration.omniauth_configs.dig(provider, key)
+    end
+  end
+end

data/app/jobs/authkeeper/application_job.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/lib/authkeeper/github_api/client.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module GithubApi
+    class Client < HttpService::Client
+      include Requests::User
+      include Requests::UserEmails
+
+      BASE_URL = 'https://api.github.com'
+
+      option :url, default: proc { BASE_URL }
+
+      private
+
+      def headers(access_token)
+        {
+          'Accept' => 'application/vnd.github+json',
+          'X-GitHub-Api-Version' => '2022-11-28',
+          'Authorization' => "Bearer #{access_token}"
+        }
+      end
+    end
+  end
+end

data/app/lib/authkeeper/github_api/requests/user.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module GithubApi
+    module Requests
+      module User
+        def user(access_token:)
+          get(
+            path: 'user',
+            headers: headers(access_token)
+          )
+        end
+      end
+    end
+  end
+end

data/app/lib/authkeeper/github_api/requests/user_emails.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module GithubApi
+    module Requests
+      module UserEmails
+        def user_emails(access_token:)
+          get(
+            path: 'user/emails',
+            headers: headers(access_token)
+          )
+        end
+      end
+    end
+  end
+end

data/app/lib/authkeeper/github_auth_api/client.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module GithubAuthApi
+    class Client < HttpService::Client
+      include Requests::FetchAccessToken
+
+      BASE_URL = 'https://github.com'
+
+      option :url, default: proc { BASE_URL }
+    end
+  end
+end

data/app/lib/authkeeper/github_auth_api/requests/fetch_access_token.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module GithubAuthApi
+    module Requests
+      module FetchAccessToken
+        def fetch_access_token(client_id:, client_secret:, code:)
+          post(
+            path: 'login/oauth/access_token',
+            params: { client_id: client_id, client_secret: client_secret, code: code },
+            headers: { 'Accept' => 'application/vnd.github+json', 'X-GitHub-Api-Version' => '2022-11-28' }
+          )
+        end
+      end
+    end
+  end
+end

data/app/lib/authkeeper/gitlab_api/client.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module GitlabApi
+    class Client < HttpService::Client
+      include Requests::User
+
+      BASE_URL = 'https://gitlab.com'
+
+      option :url, default: proc { BASE_URL }
+
+      private
+
+      def headers(access_token)
+        {
+          'Authorization' => "Bearer #{access_token}"
+        }
+      end
+    end
+  end
+end

data/app/lib/authkeeper/gitlab_api/requests/user.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module GitlabApi
+    module Requests
+      module User
+        def user(access_token:)
+          get(
+            path: 'api/v4/user',
+            headers: headers(access_token)
+          )
+        end
+      end
+    end
+  end
+end

data/app/lib/authkeeper/gitlab_auth_api/client.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module GitlabAuthApi
+    class Client < HttpService::Client
+      include Requests::FetchAccessToken
+
+      BASE_URL = 'https://gitlab.com'
+
+      option :url, default: proc { BASE_URL }
+    end
+  end
+end

data/app/lib/authkeeper/gitlab_auth_api/requests/fetch_access_token.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module GitlabAuthApi
+    module Requests
+      module FetchAccessToken
+        def fetch_access_token(client_id:, client_secret:, redirect_url:, code:)
+          post(
+            path: 'oauth/token',
+            params: {
+              client_id: client_id,
+              client_secret: client_secret,
+              redirect_uri: redirect_url,
+              code: code,
+              grant_type: 'authorization_code'
+            },
+            headers: { 'Content-type' => 'application/json' }
+          )
+        end
+      end
+    end
+  end
+end

data/app/lib/authkeeper/google_api/client.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module GoogleApi
+    class Client < HttpService::Client
+      include Requests::User
+
+      BASE_URL = 'https://www.googleapis.com'
+
+      option :url, default: proc { BASE_URL }
+    end
+  end
+end

data/app/lib/authkeeper/google_api/requests/user.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module GoogleApi
+    module Requests
+      module User
+        def user(access_token:)
+          get(path: "oauth2/v3/userinfo?access_token=#{access_token}")
+        end
+      end
+    end
+  end
+end

data/app/lib/authkeeper/google_auth_api/client.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module GoogleAuthApi
+    class Client < HttpService::Client
+      include Requests::FetchAccessToken
+
+      BASE_URL = 'https://www.googleapis.com/'
+
+      option :url, default: proc { BASE_URL }
+    end
+  end
+end

data/app/lib/authkeeper/google_auth_api/requests/fetch_access_token.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module GoogleAuthApi
+    module Requests
+      module FetchAccessToken
+        def fetch_access_token(client_id:, client_secret:, code:, redirect_uri:)
+          post(
+            path: 'oauth2/v4/token',
+            params: {
+              grant_type: 'authorization_code',
+              client_id: client_id,
+              client_secret: client_secret,
+              code: code,
+              redirect_uri: redirect_uri
+            },
+            headers: { 'Content-Type' => 'application/x-www-form-urlencoded' }
+          )
+        end
+      end
+    end
+  end
+end

data/app/lib/authkeeper/jwt_encoder.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  class JwtEncoder
+    HMAC_SECRET = Rails.application.secret_key_base
+    EXPIRATION_SECONDS = 604_800 # 1.week
+
+    def encode(payload:, secret: HMAC_SECRET)
+      JWT.encode(modify_payload(payload), secret)
+    end
+
+    def decode(token:, secret: HMAC_SECRET)
+      JWT.decode(token, secret).first
+    rescue JWT::DecodeError
+      {}
+    end
+
+    def modify_payload(payload)
+      payload.merge!(
+        random: SecureRandom.hex,
+        exp: DateTime.now.to_i + EXPIRATION_SECONDS
+      )
+    end
+  end
+end

data/app/lib/authkeeper/yandex_api/client.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module YandexApi
+    class Client < HttpService::Client
+      include Requests::Info
+
+      BASE_URL = 'https://login.yandex.ru/'
+
+      option :url, default: proc { BASE_URL }
+    end
+  end
+end

data/app/lib/authkeeper/yandex_api/requests/info.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module YandexApi
+    module Requests
+      module Info
+        def info(access_token:)
+          get(
+            path: 'info',
+            headers: { 'Authorization' => "OAuth #{access_token}" }
+          )
+        end
+      end
+    end
+  end
+end

data/app/lib/authkeeper/yandex_auth_api/client.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module YandexAuthApi
+    class Client < HttpService::Client
+      include Requests::FetchAccessToken
+
+      BASE_URL = 'https://oauth.yandex.ru/'
+
+      option :url, default: proc { BASE_URL }
+    end
+  end
+end

data/app/lib/authkeeper/yandex_auth_api/requests/fetch_access_token.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require 'uri'
+
+module Authkeeper
+  module YandexAuthApi
+    module Requests
+      module FetchAccessToken
+        def fetch_access_token(client_id:, client_secret:, code:)
+          post(
+            path: 'token',
+            body: URI.encode_www_form({
+              grant_type: 'authorization_code',
+              client_id: client_id,
+              client_secret: client_secret,
+              code: code
+            }),
+            headers: {
+              'Content-Type' => 'application/x-www-form-urlencoded'
+            }
+          )
+        end
+      end
+    end
+  end
+end

data/app/mailers/authkeeper/application_mailer.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  class ApplicationMailer < ActionMailer::Base
+    default from: 'from@example.com'
+    layout 'mailer'
+  end
+end

data/app/models/authkeeper/application_record.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/services/authkeeper/fetch_session_service.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  class FetchSessionService
+    include AuthkeeperDeps[jwt_encoder: 'jwt_encoder']
+
+    def call(token:)
+      payload = extract_uuid(token)
+      return { errors: ['Forbidden'] } if payload.blank?
+
+      session = find_session(payload)
+      return { errors: ['Forbidden'] } if session.blank?
+
+      { result: session }
+    end
+
+    private
+
+    def extract_uuid(token)
+      jwt_encoder.decode(token: token)
+    end
+
+    def find_session(payload)
+      Authkeeper
+        .configuration.user_session_model.constantize
+        .find_by(id: payload.fetch('uuid', ''))
+    end
+  end
+end

data/app/services/authkeeper/generate_token_service.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  class GenerateTokenService
+    include AuthkeeperDeps[jwt_encoder: 'jwt_encoder']
+
+    def call(user_session:)
+      {
+        result: jwt_encoder.encode(
+          payload: {
+            uuid: user_session.id
+          }
+        )
+      }
+    end
+  end
+end

data/app/services/authkeeper/providers/github.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module Providers
+    class Github
+      include AuthkeeperDeps[
+        auth_client: 'api.github.auth_client',
+        api_client: 'api.github.client'
+      ]
+
+      def call(params: {})
+        access_token = fetch_access_token(params[:code])
+        return { errors: ['Invalid code'] } unless access_token
+
+        user = fetch_user_info(access_token)
+        email = fetch_user_emails(access_token, user)
+
+        {
+          result: {
+            uid: user['id'].to_s,
+            provider: 'github',
+            login: user['login'],
+            email: email
+          }
+        }
+      end
+
+      private
+
+      def fetch_access_token(code)
+        auth_client.fetch_access_token(
+          client_id: omniauth_config[:client_id],
+          client_secret: omniauth_config[:client_secret],
+          code: code
+        )['access_token']
+      end
+
+      def fetch_user_info(access_token)
+        api_client.user(access_token: access_token)[:body]
+      end
+
+      def fetch_user_emails(access_token, user)
+        return user['email'] if user['email']
+
+        emails = api_client.user_emails(access_token: access_token)[:body]
+        emails.dig(0, 'email')
+      end
+
+      def omniauth_config
+        @omniauth_config ||= Authkeeper.configuration.omniauth_configs[:github]
+      end
+    end
+  end
+end

data/app/services/authkeeper/providers/gitlab.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module Providers
+    class Gitlab
+      include AuthkeeperDeps[
+        auth_client: 'api.gitlab.auth_client',
+        api_client: 'api.gitlab.client'
+      ]
+
+      def call(params: {})
+        access_token = fetch_access_token(params[:code])
+        return { errors: ['Invalid code'] } unless access_token
+
+        user = fetch_user_info(access_token)
+
+        {
+          result: {
+            uid: user['id'].to_s,
+            provider: 'gitlab',
+            login: user['username'],
+            email: user['email']
+          }
+        }
+      end
+
+      private
+
+      def fetch_access_token(code)
+        auth_client.fetch_access_token(
+          client_id: omniauth_config[:client_id],
+          client_secret: omniauth_config[:client_secret],
+          redirect_url: omniauth_config[:redirect_url],
+          code: code
+        )['access_token']
+      end
+
+      def fetch_user_info(access_token)
+        api_client.user(access_token: access_token)[:body]
+      end
+
+      def omniauth_config
+        @omniauth_config ||= Authkeeper.configuration.omniauth_configs[:gitlab]
+      end
+    end
+  end
+end

data/app/services/authkeeper/providers/google.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module Providers
+    class Google
+      include AuthkeeperDeps[
+        auth_client: 'api.google.auth_client',
+        api_client: 'api.google.client'
+      ]
+
+      def call(params: {})
+        access_token = fetch_access_token(params[:code])
+        return { errors: ['Invalid code'] } unless access_token
+
+        user = fetch_user_info(access_token)
+
+        {
+          result: {
+            uid: user['sub'].to_s,
+            provider: 'google',
+            email: user['email']
+          }
+        }
+      end
+
+      private
+
+      def fetch_access_token(code)
+        auth_client.fetch_access_token(
+          client_id: omniauth_config[:client_id],
+          client_secret: omniauth_config[:client_secret],
+          redirect_uri: omniauth_config[:redirect_url],
+          code: code
+        )['access_token']
+      end
+
+      def fetch_user_info(access_token)
+        api_client.user(access_token: access_token)[:body]
+      end
+
+      def omniauth_config
+        @omniauth_config ||= Authkeeper.configuration.omniauth_configs[:google]
+      end
+    end
+  end
+end

data/app/services/authkeeper/providers/telegram.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+require 'openssl'
+require 'base64'
+
+module Authkeeper
+  module Providers
+    class Telegram
+      REQUIRED_FIELDS = %i[id hash].freeze
+      HASH_FIELDS = %i[auth_date first_name id last_name photo_url username].freeze
+      SECONDS_IN_DAY = 86_400
+
+      def call(params: {})
+        return { errors: ['Required field is missing'] } unless required_fields_valid?(params)
+        return { errors: ['Signature mismatch'] } unless signature_valid?(params)
+        return { errors: ['Session expired'] } if session_expired?(params)
+
+        {
+          result: {
+            uid: params[:id].to_s,
+            provider: 'telegram',
+            login: params[:username]
+          }
+        }
+      end
+
+      private
+
+      def required_fields_valid?(params)
+        REQUIRED_FIELDS.all? { |field| params.include?(field) }
+      end
+
+      def signature_valid?(params)
+        params[:hash] == calculate_signature(params)
+      end
+
+      def session_expired?(params)
+        Time.now.to_i - params[:auth_date].to_i > SECONDS_IN_DAY
+      end
+
+      def calculate_signature(params)
+        secret = OpenSSL::Digest::SHA256.digest(omniauth_config[:bot_secret])
+        signature = generate_comparison_string(params)
+        OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('SHA256'), secret, signature)
+      end
+
+      # rubocop: disable Style/FormatStringToken
+      def generate_comparison_string(params)
+        (params.keys & HASH_FIELDS).sort.map { |field| '%s=%s' % [field, params[field]] }.join("\n")
+      end
+      # rubocop: enable Style/FormatStringToken
+
+      def omniauth_config
+        @omniauth_config ||= Authkeeper.configuration.omniauth_configs[:telegram]
+      end
+    end
+  end
+end

data/app/services/authkeeper/providers/yandex.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module Providers
+    class Yandex
+      include Deps[
+        auth_client: 'api.yandex.auth_client',
+        api_client: 'api.yandex.client'
+      ]
+
+      def call(params: {})
+        auth_info = fetch_auth_info(params[:code])
+        return { errors: ['Invalid code'] } if auth_info.nil?
+        return { errors: ['Invalid code'] } unless auth_info['access_token']
+
+        user_info = fetch_user_info(auth_info['access_token'])
+        {
+          result: {
+            auth_info: auth_info.symbolize_keys,
+            user_info: {
+              uid: user_info['id'].to_s,
+              provider: 'yandex',
+              username: user_info['login'],
+              email: user_info['default_email'],
+              phone_number: user_info.dig('default_phone', 'number')
+            }
+          }
+        }
+      end
+
+      private
+
+      def fetch_auth_info(code)
+        auth_client.fetch_access_token(
+          client_id: omniauth_config[:client_id],
+          client_secret: omniauth_config[:client_secret],
+          code: code
+        )
+      end
+
+      def fetch_user_info(access_token)
+        api_client.info(access_token: access_token)
+      end
+
+      def omniauth_config
+        @omniauth_config ||= Authkeeper.configuration.omniauth_configs[:yandex]
+      end
+    end
+  end
+end

data/app/views/layouts/authkeeper/application.html.erb

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>Authkeeper</title>
+    <%= csrf_meta_tags %>
+    <%= csp_meta_tag %>
+    <%= stylesheet_link_tag "authkeeper/application", media: "all" %>
+  </head>
+  <body>
+    <%= yield %>
+  </body>
+</html>

data/config/routes.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+# rubocop: disable Lint/EmptyBlock
+Authkeeper::Engine.routes.draw do
+end
+# rubocop: enable Lint/EmptyBlock

data/lib/authkeeper/configuration.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  class Configuration
+    InitializeError = Class.new(StandardError)
+
+    attr_accessor :user_model, :user_session_model, :access_token_name, :domain, :fallback_url_session_name, :omniauth_providers
+    attr_reader :omniauth_configs
+
+    def initialize
+      @user_model = 'User'
+      @user_session_model = 'User::Session'
+
+      @access_token_name = nil
+      @domain = nil
+      @fallback_url_session_name = nil
+
+      @omniauth_providers = []
+      @omniauth_configs = {}
+    end
+
+    def validate
+      raise InitializeError, 'User model must be present' if user_model.nil?
+      raise InitializeError, 'User session model must be present' if user_session_model.nil?
+      raise InitializeError, 'Access token name must be present' if access_token_name.nil?
+    end
+
+    def omniauth(provider, **args)
+      @omniauth_configs[provider] = args
+    end
+  end
+end

data/lib/authkeeper/container.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'dry/auto_inject'
+require 'dry/container'
+
+module Authkeeper
+  class Container
+    extend Dry::Container::Mixin
+
+    DEFAULT_OPTIONS = { memoize: true }.freeze
+
+    class << self
+      def register(key)
+        super(key, DEFAULT_OPTIONS)
+      end
+    end
+
+    register(:jwt_encoder) { Authkeeper::JwtEncoder.new }
+
+    register('api.github.auth_client') { Authkeeper::GithubAuthApi::Client.new }
+    register('api.github.client') { Authkeeper::GithubApi::Client.new }
+    register('api.gitlab.auth_client') { Authkeeper::GitlabAuthApi::Client.new }
+    register('api.gitlab.client') { Authkeeper::GitlabApi::Client.new }
+    register('api.google.auth_client') { Authkeeper::GoogleAuthApi::Client.new }
+    register('api.google.client') { Authkeeper::GoogleApi::Client.new }
+    register('api.yandex.auth_client') { Authkeeper::YandexAuthApi::Client.new }
+    register('api.yandex.client') { Authkeeper::YandexApi::Client.new }
+
+    register('services.providers.github') { Authkeeper::Providers::Github.new }
+    register('services.providers.gitlab') { Authkeeper::Providers::Gitlab.new }
+    register('services.providers.telegram') { Authkeeper::Providers::Telegram.new }
+    register('services.providers.google') { Authkeeper::Providers::Google.new }
+    register('services.providers.yandex') { Authkeeper::Providers::Yandex.new }
+
+    register('services.fetch_session') { Authkeeper::FetchSessionService.new }
+    register('services.generate_token') { Authkeeper::GenerateTokenService.new }
+  end
+end
+
+AuthkeeperDeps = Dry::AutoInject(Authkeeper::Container)

data/lib/authkeeper/controllers/authentication.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  module Controllers
+    module Authentication
+      extend ActiveSupport::Concern
+
+      included do
+        before_action :set_current_user
+
+        helper_method :current_user
+      end
+
+      private
+
+      def set_current_user
+        access_token = cookies_token.presence || bearer_token.presence || params_token
+        return unless access_token
+
+        auth_call = Authkeeper::Container['services.fetch_session'].call(token: access_token)
+        return if auth_call[:errors].present?
+
+        @current_user = auth_call[:result].user
+      end
+
+      def current_user = @current_user
+
+      def authenticate
+        return if current_user
+
+        if Authkeeper.configuration.fallback_url_session_name
+          session[Authkeeper.configuration.fallback_url_session_name] = request.fullpath
+        end
+
+        authentication_error
+      end
+
+      def authentication_error
+        redirect_to root_path, alert: t('controllers.authentication.permission')
+      end
+
+      def cookies_token = cookies[access_token_name]
+      def params_token = params[access_token_name]
+
+      def bearer_token
+        pattern = /^Bearer /
+        header = request.headers['Authorization']
+        header.gsub(pattern, '') if header&.match(pattern)
+      end
+
+      def access_token_name = Authkeeper.configuration.access_token_name
+    end
+  end
+end

data/lib/authkeeper/engine.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  class Engine < ::Rails::Engine
+    isolate_namespace Authkeeper
+  end
+end

data/lib/authkeeper/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Authkeeper
+  VERSION = '0.1.0'
+end

data/lib/authkeeper.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require 'authkeeper/version'
+require 'authkeeper/engine'
+require 'authkeeper/configuration'
+require 'authkeeper/container'
+
+require 'authkeeper/controllers/authentication'
+
+module Authkeeper
+  module_function
+
+  # Public: Configure authkeeper.
+  #
+  #   Authkeeper.configure do |config|
+  #     config.user_model = 'User'
+  #     config.omniauth :github, client_id: 'id', client_secret: 'secret', redirect_url: 'redirect_url'
+  #     config.omniauth :gitlab, client_id: 'id', client_secret: 'secret', redirect_url: 'redirect_url'
+  #     config.omniauth :google, client_id: 'id', client_secret: 'secret', redirect_uri: 'redirect_uri'
+  #     config.omniauth :telegram, client_id: 'id', client_secret: 'secret', bot_secret: 'bot_secret'
+  #     config.omniauth :yandex, client_id: 'id', client_secret: 'secret', redirect_uri: 'redirect_uri'
+  #   end
+  #
+  def configure
+    yield configuration
+
+    configuration.validate
+  end
+
+  # Public: Returns Authkeeper::Configuration instance.
+  def configuration
+    return Authkeeper::Container.resolve(:configuration) if Authkeeper::Container.key?(:configuration)
+
+    Authkeeper::Container.register(:configuration) { Configuration.new }
+    Authkeeper::Container.resolve(:configuration)
+  end
+end

metadata

@@ -0,0 +1,102 @@
+--- !ruby/object:Gem::Specification
+name: authkeeper
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Bogdanov Anton
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2024-11-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.0'
+description: Authentication engine for Ruby on Rails projects.
+email:
+- kortirso@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- Rakefile
+- app/assets/config/authkeeper_manifest.js
+- app/assets/stylesheets/authkeeper/application.css
+- app/controllers/authkeeper/omniauth_callbacks_controller.rb
+- app/helpers/authkeeper/application_helper.rb
+- app/jobs/authkeeper/application_job.rb
+- app/lib/authkeeper/github_api/client.rb
+- app/lib/authkeeper/github_api/requests/user.rb
+- app/lib/authkeeper/github_api/requests/user_emails.rb
+- app/lib/authkeeper/github_auth_api/client.rb
+- app/lib/authkeeper/github_auth_api/requests/fetch_access_token.rb
+- app/lib/authkeeper/gitlab_api/client.rb
+- app/lib/authkeeper/gitlab_api/requests/user.rb
+- app/lib/authkeeper/gitlab_auth_api/client.rb
+- app/lib/authkeeper/gitlab_auth_api/requests/fetch_access_token.rb
+- app/lib/authkeeper/google_api/client.rb
+- app/lib/authkeeper/google_api/requests/user.rb
+- app/lib/authkeeper/google_auth_api/client.rb
+- app/lib/authkeeper/google_auth_api/requests/fetch_access_token.rb
+- app/lib/authkeeper/jwt_encoder.rb
+- app/lib/authkeeper/yandex_api/client.rb
+- app/lib/authkeeper/yandex_api/requests/info.rb
+- app/lib/authkeeper/yandex_auth_api/client.rb
+- app/lib/authkeeper/yandex_auth_api/requests/fetch_access_token.rb
+- app/mailers/authkeeper/application_mailer.rb
+- app/models/authkeeper/application_record.rb
+- app/services/authkeeper/fetch_session_service.rb
+- app/services/authkeeper/generate_token_service.rb
+- app/services/authkeeper/providers/github.rb
+- app/services/authkeeper/providers/gitlab.rb
+- app/services/authkeeper/providers/google.rb
+- app/services/authkeeper/providers/telegram.rb
+- app/services/authkeeper/providers/yandex.rb
+- app/views/layouts/authkeeper/application.html.erb
+- config/routes.rb
+- lib/authkeeper.rb
+- lib/authkeeper/configuration.rb
+- lib/authkeeper/container.rb
+- lib/authkeeper/controllers/authentication.rb
+- lib/authkeeper/engine.rb
+- lib/authkeeper/version.rb
+homepage: https://github.com/kortirso/authkeeper
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/kortirso/authkeeper
+  source_code_uri: https://github.com/kortirso/authkeeper
+  changelog_uri: https://github.com/kortirso/authkeeper/blob/master/CHANGELOG.md
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.2'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.1
+signing_key:
+specification_version: 4
+summary: Authentication engine.
+test_files: []