blunt 0.0.1 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: adbc10560d0347656a0327782f69d0c01fb51fef
-  data.tar.gz: c4cd0c2dcf6473465dacd23e32b1cf19d3ffacaa
+  metadata.gz: 2c71c52c585bf1704dac5c8b46ded0b13ed651fd
+  data.tar.gz: 9ed0c21e46a12cfe925171a88867dfa1a4993c80
 SHA512:
-  metadata.gz: d0079bf491ed749b945b63079de4e0c593c16f33cbb10b3891cf76693368f3506e906b1ce3f51fd00562fa6fb2e2ab5e2eae03c6e46899992ab3bff25f82c32b
-  data.tar.gz: 375a3ab671cd4dbefdfe23780854056666af5ff57c5ce93102dfeba70f79daa8e0075698bfa0c08fb2a303944696baa1d7538b79d0be62ec57e22276fe7e819b
+  metadata.gz: 28683f5d8f9152a5ebf60ae3314266999661ec4ddc55427e93fd5b900eb0e73a4d285092c3090fd4631a7315616f8ea7343ae42864b35c5f6fab3e5b0ea57607
+  data.tar.gz: 62b66de1365600d72e32b029260c206237e12b75dc7cd04753a94b3d66f8151d1aff05ae10bc74e98f09fb985188a8739dd0bfba1376cd68cc8522e73d51ed1d

data/README.md

@@ -1 +1,62 @@
 # Blunt
+
+**Blunt** provides framework-agnostic authentication using [JSON Web Tokens](https://jwt.io). It wraps [ruby-jwt](https://github.com/jwt/ruby-jwt) with an easy-to-use interface and some common conventions. Great for APIs.
+
+## Installation
+
+Come on now:
+
+```ruby
+gem 'blunt'
+```
+```bash
+bundle install
+```
+
+Or:
+
+```bash
+gem install blunt
+```
+
+## Usage
+
+Add a secret key at `ENV['BLUNT_SECRET']`. You can generate one with `Blunt.new_secret`.
+
+### Signup
+
+```ruby
+# inside your signup interactor
+if digest = Blunt.signup(password, password_confirmation)
+  # create user
+else
+  # trigger an error
+end
+```
+
+Pretty straightforward: returns an encrypted password if the unencrypted inputs match, otherwise nil. You may want to validate the password first, e.g. minimum length.
+
+### Login
+
+```ruby
+# inside your login controller
+token = Blunt.login(expected, attempted, claims)
+```
+
+- `expected` is the user's encrypted password as stored in the database.
+- `attempted` is the unencrypted password attempt as sent by the client.
+- `claims` is a hash of JWT claims. It _must_ contain a `:sub` key whose value is any unique way to identify the user. You can also send optional JWT claims with the payload, such as `:exp`. Refer to the [ruby-jwt docs](https://github.com/jwt/ruby-jwt) for more information.
+
+If the passwords match and a `:sub` claim is present, a token will be generated for the claims. If the login attempt fails, the token will be nil. Have your controller return the token to the client and store it somewhere (cookies, local storage, etc).
+
+### Request Authentication
+
+Pass the token from the client in a request header: `'HTTP_AUTHORIZATION' => 'Bearer <TOKEN>`.
+
+`include Blunt::Controller` in your controller class. `current_user` will memoize whatever is in `:sub` in the token's payload, or nil if there are any errors.
+
+If the hash of request headers is not at `request.env`, you will need to override `#_blunt_request_env` to return it. (This works out of the box for Rails and Hanami.)
+
+### Logout
+
+To logout, simply have the controller respond to the client with instructions to unset the token, wherever it is stored.

data/TODO.md

@@ -0,0 +1,7 @@
+# TODO
+
+- Error handling
+- Defaults for important reserved claims (exp, iss, iat)
+- Devise-esque modules (rememberable, confirmable, reset password, etc)
+- Multiple credentials (Omniauth)
+- Adapters for common implementation patterns

data/bin/console

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+ENV['BLUNT_SECRET'] = "oKEtb3oB6TVGvHvH37vvCnH5whY0dtf9eYL2HVQDFoO8nrr-veAQ6s9FRRyZmI00ILG7NYuwkNJWnIM-RvgoUQ"
 
 require "bundler/setup"
 require "blunt"

data/blunt.gemspec

@@ -8,9 +8,10 @@ Gem::Specification.new do |spec|
   spec.version       = Blunt::VERSION
   spec.authors       = ["Josh Greenberg"]
   spec.email         = ["joshgreenberg91@gmail.com"]
+  spec.homepage      = "https://github.com/joshgreenberg/blunt"
 
-  spec.summary       = "Tokin' authentication"
-  spec.description   = "Tokin' authentication"
+  spec.summary       = "Token authentication"
+  spec.description   = "Token authentication"
   spec.license       = "MIT"
 
   spec.files         = `git ls-files -z`.split("\x0").reject do |f|
@@ -28,4 +29,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "guard"
   spec.add_development_dependency "guard-minitest"
   spec.add_development_dependency "rake-notes"
+
+  spec.add_runtime_dependency "jwt"
+  spec.add_runtime_dependency "bcrypt", ">= 3.1.11"
 end

data/lib/blunt/controller.rb

@@ -0,0 +1,24 @@
+require 'blunt/token'
+
+module Blunt
+  module Controller
+    private
+
+    def current_user
+      @current_user ||= Blunt::Token.decode(token)[:sub]
+    end
+
+    def logged_in?
+      !!current_user
+    end
+
+    def token
+      _blunt_request_env.fetch("HTTP_AUTHORIZATION", "").scan(/Bearer (.*)$/).flatten.last
+    end
+
+    def _blunt_request_env
+      request.env
+    end
+
+  end
+end

data/lib/blunt/token.rb

@@ -0,0 +1,25 @@
+require "json"
+require "jwt"
+
+module Blunt
+  module Token
+    extend self
+
+    ALGORITHM = 'HS256'
+
+    def issue(claims)
+      JWT.encode(claims, secret, ALGORITHM)
+    end
+
+    def decode(token)
+      JWT.decode(token, secret, true, {algorithm: ALGORITHM}).first.map{|k,v|[k.to_sym,v]}.to_h
+    end
+
+    private
+
+    def secret
+      ENV["BLUNT_SECRET"]
+    end
+
+  end
+end

data/lib/blunt/version.rb

@@ -1,3 +1,3 @@
 module Blunt
-  VERSION = "0.0.1"
+  VERSION = "0.0.2"
 end

data/lib/blunt.rb

@@ -1,4 +1,23 @@
 require "blunt/version"
+require "blunt/token"
+require "blunt/controller"
 
 module Blunt
+  extend self
+
+  def new_secret(n = 64)
+    require 'securerandom'
+    SecureRandom.urlsafe_base64(n)
+  end
+
+  def signup(a, b)
+    require 'bcrypt'
+    BCrypt::Password.create(a) if a == b
+  end
+
+  def login(expected, attempted, claims = {})
+    return unless claims[:sub]
+    require 'bcrypt'
+    Token.issue(claims) if BCrypt::Password.new(expected) == attempted
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: blunt
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - Josh Greenberg
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-07-02 00:00:00.000000000 Z
+date: 2017-07-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -122,7 +122,35 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: Tokin' authentication
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.11
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.11
+description: Token authentication
 email:
 - joshgreenberg91@gmail.com
 executables: []
@@ -136,12 +164,15 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- TODO.md
 - bin/console
 - bin/setup
 - blunt.gemspec
 - lib/blunt.rb
+- lib/blunt/controller.rb
+- lib/blunt/token.rb
 - lib/blunt/version.rb
-homepage: 
+homepage: https://github.com/joshgreenberg/blunt
 licenses:
 - MIT
 metadata: {}
@@ -164,5 +195,5 @@ rubyforge_project:
 rubygems_version: 2.6.8
 signing_key: 
 specification_version: 4
-summary: Tokin' authentication
+summary: Token authentication
 test_files: []