RubyGems - card-mod-api_key - Versions diffs - 0.11.5 → 0.13.0 - Mend

card-mod-api_key 0.11.5 → 0.13.0

Files changed (8) hide show

checksums.yaml +4 -4
data/README.md +55 -0
data/lib/card/auth/api_key.rb +5 -5
data/lib/card_controller/api_key.rb +12 -0
data/set/right/api_key.rb +10 -2
data/set/right/api_key/core.haml +1 -1
metadata +8 -8
data/config/initializers/api_key.rb +0 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5daaebf767ad08b753f43f8719e8edab3c6e59182881730ff2c2f076cb98b71f
-  data.tar.gz: 4bb4036a442f5661be9d22b000a58c69fe9913936fe6a807aa5a164abcf81ed6
+  metadata.gz: e9822f719c1166831d0eec0ead0b1403845839a4eaade9758686ae47906347fd
+  data.tar.gz: 52517786e557d599c767dccb91986056e4df9395ea9fc29483e4830dcdba5a47
 SHA512:
-  metadata.gz: fff127e7b01bb657bff22c2f0d79ce9d4ec03787cf2fd49d4922c537c301de0f319f98879fbc873c0bd65209ed2de752a53e19761805fe5db665f33efb65e731
-  data.tar.gz: 4e9d53b8591fa6dee79cd7d91d4c23cbe2c4857d96f8984dad9c83d8c81c6fe0fde900bec8daab44b7c9752f073bb99bafaa4abe1cb7d79d8c6f662b0b2d9f92
+  metadata.gz: 813c5cd3ca3f865eae51c66e8f5d5548cfb7ee0d4c6e2c66212475e03fe8ffdc687e1cad722ca982e1702327845ba7bb077093f4db700f1e17421d4c4d32a40b
+  data.tar.gz: c7aa1dd2d13e3e793d91883df8a5a27f7d5bda29117d37b2eb8640596c7b52fff484e2298867fc77b81198957a42964da0c95b3c72fe8328202c64b5d2b65d80

data/README.md CHANGED Viewed

@@ -0,0 +1,55 @@
+<!--
+# @title README - mod: API key
+-->
+# API key Mod
+Enable Decko users to perform authorized web requests associated with their account
+without a session.
+## Cards with codenames
+| codename | default name | purpose |
+|:--------:|:------------:|:-------:|
+| :api_key | *api key | key for authenticating/authorizing API usage |
+## Sets with code rules
+### {Card::Set::Right::ApiKey [account card]+:api_key}
+This is where the API key is stored. By default it is visible to and editable by
+the account holder and to users with the "Help Desk" role.
+#### Events
+| event name | when | purpose |
+|:---------:|:------:|:-------:|
+| generate_api_key | triggered | creates a new, random key |
+| validate_api_key | on save | ensures content is comprised of 20+ alphanumerics (only) |
+#### Views
+| view name | format | purpose |
+|:---------:|:------:|:-------:|
+| core | HTML | show key to permitted user and provide form to generate new one |
+| generate_button | HTML | button for generating new API Key |
+| token_link | HTML | links to json view returning a JWT token |
+| token | JSON | return a JWT token for rapid authentication |
+### {Card::Set::Right::Account [accounted card]+:account}
+#### Views
+| view name | format | purpose |
+|:---------:|:------:|:-------:|
+| api_key | HTML | nests api_key card |
+## Card::Auth
+Extends `Card::Auth.signin_with` to accept `api_key: myapikey`
+## API Usage
+API users can add the api_key param to query strings or to request headers. Or, for
+faster authentication, they can use their api key to get a JWT token. Card sharks can
+provide a link for this token with the `token_link` view (see above). The token can
+then be passed via the token param. By default tokens last for two days. This can be
+configured in application.rb or environment config files using `config.token_expiry`.

data/lib/card/auth/api_key.rb CHANGED Viewed

@@ -4,11 +4,11 @@ class Card
   module Auth
     # methods for setting current account
     module ApiKey
-      def signin_with opts={}
-        if opts[:token]
-          signin_with_token opts[:token]
-        elsif opts[:api_key]
-          signin_with_api_key opts[:api_key]
+      def signin_with token: nil, api_key: nil
+        if token
+          signin_with_token token
+        elsif api_key
+          signin_with_api_key api_key
         else
           signin_with_session
         end

data/lib/card_controller/api_key.rb ADDED Viewed

@@ -0,0 +1,12 @@
+class CardController
+  # add support for passing api key through header using X-API-Key
+  module ApiKey
+    def authenticators
+      super.merge api_key: api_key_from_header || params[:api_key]
+    end
+    def api_key_from_header
+      request.headers["X-API-Key"]
+    end
+  end
+end

data/set/right/api_key.rb CHANGED Viewed

@@ -1,18 +1,20 @@
 include_set Abstract::AccountField
+# triggerable event to generate new API Key
 event :generate_api_key, :prepare_to_validate, trigger: :required do
   generate
 end
-event :validate_api_key, :validate do
+event :validate_api_key, :validate, on: :save, changed: :content do
   errors.add :content, t(:api_key_invalid) unless content.match?(/^\w{20,}$/)
   errors.add :content, t(:api_key_taken) if api_key_taken?
 end
+# checks availability of API key
 def api_key_taken?
   return false unless (acct = Card::Auth.find_account_by_api_key content)
-  acct.id == left_id
+  acct.id != left_id
 end
 def history?
@@ -27,6 +29,7 @@ def ok_to_create
   own_account? || super
 end
+# @return [True/False] checks whether key matches content
 def authenticate_api_key api_key
   return true unless (error = api_key_validation_error api_key)
@@ -65,6 +68,7 @@ end
 format :html do
   view :core, unknown: true, template: :haml
+  view(:content, unknown: true) { super() }
   %i[titled titled_content].each do |viewname|
     view(viewname, unknown: true) { super() }
@@ -83,4 +87,8 @@ format :html do
       ]
     end
   end
+  def input_type
+    :text_field
+  end
 end

data/set/right/api_key/core.haml CHANGED Viewed

@@ -6,6 +6,6 @@
       = text_field_tag :current_api_key, card.content, readonly: true
     - else
-      %em No key.
+      %em= t('api_key_no_key')
   .api-key-generate-button
     = render_generate_button

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: card-mod-api_key
 version: !ruby/object:Gem::Version
-  version: 0.11.5
+  version: 0.13.0
 platform: ruby
 authors:
 - Ethan McCutchen
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-10 00:00:00.000000000 Z
+date: 2021-08-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: card
@@ -18,28 +18,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.101.5
+        version: 1.103.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.101.5
+        version: 1.103.0
 - !ruby/object:Gem::Dependency
   name: card-mod-account
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.11.5
+        version: 0.13.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.11.5
+        version: 0.13.0
 description: ''
 email:
 - info@decko.org
@@ -48,8 +48,8 @@ extensions: []
 extra_rdoc_files: []
 files:
 - README.md
-- config/initializers/api_key.rb
 - lib/card/auth/api_key.rb
+- lib/card_controller/api_key.rb
 - set/right/account.rb
 - set/right/api_key.rb
 - set/right/api_key/core.haml
@@ -78,7 +78,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: API Keys and JWT Tokens for Decko

data/config/initializers/api_key.rb DELETED Viewed

	@@ -1 +0,0 @@
1	- Card::Auth.extend Card::Auth::ApiKey