RubyGems - card-mod-api_key - Versions diffs - 0.11.5 → 0.13.0 - Mend

card-mod-api_key 0.11.5 → 0.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/README.md +55 -0
data/lib/card/auth/api_key.rb +5 -5
data/lib/card_controller/api_key.rb +12 -0
data/set/right/api_key.rb +10 -2
data/set/right/api_key/core.haml +1 -1
metadata +8 -8
data/config/initializers/api_key.rb +0 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5daaebf767ad08b753f43f8719e8edab3c6e59182881730ff2c2f076cb98b71f
-  data.tar.gz: 4bb4036a442f5661be9d22b000a58c69fe9913936fe6a807aa5a164abcf81ed6
+  metadata.gz: e9822f719c1166831d0eec0ead0b1403845839a4eaade9758686ae47906347fd
+  data.tar.gz: 52517786e557d599c767dccb91986056e4df9395ea9fc29483e4830dcdba5a47
 SHA512:
-  metadata.gz: fff127e7b01bb657bff22c2f0d79ce9d4ec03787cf2fd49d4922c537c301de0f319f98879fbc873c0bd65209ed2de752a53e19761805fe5db665f33efb65e731
-  data.tar.gz: 4e9d53b8591fa6dee79cd7d91d4c23cbe2c4857d96f8984dad9c83d8c81c6fe0fde900bec8daab44b7c9752f073bb99bafaa4abe1cb7d79d8c6f662b0b2d9f92
+  metadata.gz: 813c5cd3ca3f865eae51c66e8f5d5548cfb7ee0d4c6e2c66212475e03fe8ffdc687e1cad722ca982e1702327845ba7bb077093f4db700f1e17421d4c4d32a40b
+  data.tar.gz: c7aa1dd2d13e3e793d91883df8a5a27f7d5bda29117d37b2eb8640596c7b52fff484e2298867fc77b81198957a42964da0c95b3c72fe8328202c64b5d2b65d80

data/README.md CHANGED Viewed

@@ -0,0 +1,55 @@
+<!--
+# @title README - mod: API key
+-->
+# API key Mod
+Enable Decko users to perform authorized web requests associated with their account
+without a session.
+## Cards with codenames
+| codename | default name | purpose |
+|:--------:|:------------:|:-------:|
+| :api_key | *api key | key for authenticating/authorizing API usage |
+## Sets with code rules
+### {Card::Set::Right::ApiKey [account card]+:api_key}
+This is where the API key is stored. By default it is visible to and editable by
+the account holder and to users with the "Help Desk" role.
+#### Events
+| event name | when | purpose |
+|:---------:|:------:|:-------:|
+| generate_api_key | triggered | creates a new, random key |
+| validate_api_key | on save | ensures content is comprised of 20+ alphanumerics (only) |
+#### Views
+| view name | format | purpose |
+|:---------:|:------:|:-------:|
+| core | HTML | show key to permitted user and provide form to generate new one |
+| generate_button | HTML | button for generating new API Key |
+| token_link | HTML | links to json view returning a JWT token |
+| token | JSON | return a JWT token for rapid authentication |
+### {Card::Set::Right::Account [accounted card]+:account}
+#### Views
+| view name | format | purpose |
+|:---------:|:------:|:-------:|
+| api_key | HTML | nests api_key card |
+## Card::Auth
+Extends `Card::Auth.signin_with` to accept `api_key: myapikey`
+## API Usage
+API users can add the api_key param to query strings or to request headers. Or, for
+faster authentication, they can use their api key to get a JWT token. Card sharks can
+provide a link for this token with the `token_link` view (see above). The token can
+then be passed via the token param. By default tokens last for two days. This can be
+configured in application.rb or environment config files using `config.token_expiry`.

data/lib/card/auth/api_key.rb CHANGED Viewed

@@ -4,11 +4,11 @@ class Card
   module Auth
     # methods for setting current account
     module ApiKey
-      def signin_with opts={}
-        if opts[:token]
-          signin_with_token opts[:token]
-        elsif opts[:api_key]
-          signin_with_api_key opts[:api_key]
+      def signin_with token: nil, api_key: nil
+        if token
+          signin_with_token token
+        elsif api_key
+          signin_with_api_key api_key
         else
           signin_with_session
         end

data/lib/card_controller/api_key.rb ADDED Viewed

@@ -0,0 +1,12 @@
+class CardController
+  # add support for passing api key through header using X-API-Key
+  module ApiKey
+    def authenticators
+      super.merge api_key: api_key_from_header || params[:api_key]
+    end
+    def api_key_from_header
+      request.headers["X-API-Key"]
+    end
+  end
+end

data/set/right/api_key.rb CHANGED Viewed

@@ -1,18 +1,20 @@
 include_set Abstract::AccountField
+# triggerable event to generate new API Key
 event :generate_api_key, :prepare_to_validate, trigger: :required do
   generate
 end
-event :validate_api_key, :validate do
+event :validate_api_key, :validate, on: :save, changed: :content do
   errors.add :content, t(:api_key_invalid) unless content.match?(/^\w{20,}$/)
   errors.add :content, t(:api_key_taken) if api_key_taken?
 end
+# checks availability of API key
 def api_key_taken?
   return false unless (acct = Card::Auth.find_account_by_api_key content)
-  acct.id == left_id
+  acct.id != left_id
 end
 def history?
@@ -27,6 +29,7 @@ def ok_to_create
   own_account? || super
 end
+# @return [True/False] checks whether key matches content
 def authenticate_api_key api_key
   return true unless (error = api_key_validation_error api_key)
@@ -65,6 +68,7 @@ end
 format :html do
   view :core, unknown: true, template: :haml
+  view(:content, unknown: true) { super() }
   %i[titled titled_content].each do |viewname|
     view(viewname, unknown: true) { super() }
@@ -83,4 +87,8 @@ format :html do
       ]
     end
   end
+  def input_type
+    :text_field
+  end
 end

data/set/right/api_key/core.haml CHANGED Viewed

@@ -6,6 +6,6 @@
       = text_field_tag :current_api_key, card.content, readonly: true
     - else
-      %em No key.
+      %em= t('api_key_no_key')
   .api-key-generate-button
     = render_generate_button

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: card-mod-api_key
 version: !ruby/object:Gem::Version
-  version: 0.11.5
+  version: 0.13.0
 platform: ruby
 authors:
 - Ethan McCutchen
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-10 00:00:00.000000000 Z
+date: 2021-08-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: card
@@ -18,28 +18,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.101.5
+        version: 1.103.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.101.5
+        version: 1.103.0
 - !ruby/object:Gem::Dependency
   name: card-mod-account
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.11.5
+        version: 0.13.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.11.5
+        version: 0.13.0
 description: ''
 email:
 - info@decko.org
@@ -48,8 +48,8 @@ extensions: []
 extra_rdoc_files: []
 files:
 - README.md
-- config/initializers/api_key.rb
 - lib/card/auth/api_key.rb
+- lib/card_controller/api_key.rb
 - set/right/account.rb
 - set/right/api_key.rb
 - set/right/api_key/core.haml
@@ -78,7 +78,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: API Keys and JWT Tokens for Decko

data/config/initializers/api_key.rb DELETED Viewed

	@@ -1 +0,0 @@
1	- Card::Auth.extend Card::Auth::ApiKey