da-user-auth 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 7762d15f81b195fd9c44ee29faa5c7424afc5a04
+  data.tar.gz: 66e857a42ec38aaf63a7dd4e41664e9f5acc80ac
+SHA512:
+  metadata.gz: 278897d0e62ebf600b2298da68b57fbed94839215946b4d4f56a5997d9264335c98f868d0a21527585f460560e845c60591c059663e8dd5c6231eaac3f742497
+  data.tar.gz: 8e0425ed9b628cf878a8b711f4d718f86be9e907d68084f979c1abdea908dd52c5c50cf9623103af81742b4881ba504258e4870878fded3b857e3cf3d23ad2d0

data/.env.sample

@@ -0,0 +1,5 @@
+PORT=3030
+APP_ENV=development
+DATABASE_URL=postgres://127.0.0.1/services_user_auth_dev
+TEST_DATABASE_URL=postgres://127.0.0.1/services_user_auth_test
+JWT_SECRET_KEY=XXX

data/.gitignore

@@ -0,0 +1,15 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status
+
+# Environment variables
+.env

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.rubocop.yml

@@ -0,0 +1,48 @@
+AllCops:
+  DisplayCopNames: true
+  TargetRubyVersion: 2.4
+  Include:
+    - 'app/**/*.rb'
+    - 'lib/**/*.rb'
+    - 'lib/**/*.rake'
+  Exclude:
+    - 'Gemfile'
+    - 'Guardfile'
+    - 'Rakefile'
+    - 'bin/*'
+    - 'config/**/*'
+    - 'db/**/*'
+    - 'vendor/**/*'
+    - 'node_modules/**/*'
+    - '*.gemspec'
+Metrics/LineLength:
+  Max: 120
+  Exclude:
+    - spec/**/*
+Style/Documentation:
+  Enabled: false
+Style/StringLiterals:
+  EnforcedStyle: double_quotes
+Style/FrozenStringLiteralComment:
+  Enabled: false
+Style/IndentArray:
+  EnforcedStyle: consistent
+Style/GlobalVars:
+  Enabled: false
+Style/MultilineMethodCallIndentation:
+  EnforcedStyle: aligned
+Style/Alias:
+  EnforcedStyle: prefer_alias_method
+Style/Lambda:
+  EnforcedStyle: lambda
+Style/IfUnlessModifier:
+  Enabled: false
+Style/GuardClause:
+  MinBodyLength: 3
+Style/RaiseArgs:
+  EnforcedStyle: compact
+Style/SpecialGlobalVars:
+  EnforcedStyle: use_perl_names
+Metrics/BlockLength:
+  Exclude:
+    - spec/**/*

data/.ruby-version

@@ -0,0 +1 @@
+2.4.1

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.4.0
+before_install: gem install bundler -v 1.15.0

data/Gemfile

@@ -0,0 +1,4 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in user-auth.gemspec
+gemspec

data/Guardfile

@@ -0,0 +1,5 @@
+guard :rspec, cmd: "bin/rspec" do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/user_auth/api.rb$}) { |m| "spec/api/" }
+  watch(%r{^lib/(.+)\.rb$}) { |m| "spec/lib/#{m[1]}_spec.rb" }
+end

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Pete Hawkins
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,228 @@
+## User auth service
+
+Rack compatible user authentication microservice. Can be run standalone or mounted into another rack app.
+
+#### Dependencies
+
+Ensure you have Sequel (> v.4.44.0) setup and connected in your application before attempting to mount UserAuth.
+
+- Sequel (model plugins: :timestamps, :validation_helpers, :defaults_setter)
+- Postgres (pg gem)
+- Rack 2.0
+
+## Usage
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'user-auth', git: 'https://github.com/dawsonandrews/services-user-auth'
+```
+
+And then execute:
+
+```sh
+$ bundle
+```
+
+### Import and run migrations
+
+```ruby
+# Add this to your Rakefile
+require "bundler/setup"
+require "user_auth/rake_tasks"
+```
+
+Copy migrations and migrate:
+
+```sh
+$ bin/rake user_auth:import_migrations
+$ bin/rake db:migrate
+```
+
+### Map to a URL in config.ru
+
+```ruby
+require_relative "./config/boot"
+require "user_auth/api"
+
+# Somewhere after your middleware
+
+map("/auth") { run UserAuth::Api }
+```
+
+### Configuration
+
+```ruby
+# config/initializers/user_auth.rb
+require "user_auth"
+
+UserAuth.configure do |config|
+  config.jwt_exp = 3600 # Expire JWT tokens in 1 hour
+  config.require_account_confirmations = false
+  config.allow_signups = true
+
+  # Lambda that gets called each time an email should be delivered
+  # configure this with however your application sends email.
+  config.deliver_mail = lambda do |params|
+    # example params =>
+    # {
+    #   template: "user_signup",
+    #   to: "email@email.com",
+    #   user: {
+    #     user_id: 123,
+    #     email: "email@email.com",
+    #     name: "Jane"
+    #   }
+    # }
+    EmailDeliveryJob.new(params)
+  end
+end
+```
+
+That’s you all setup, see endpoints below for documentation on how to get a token etc.
+
+
+## Endpoints
+
+### `POST /signup`
+
+**Params**
+
+- **email** - Users email address
+- **password** - Users password
+- **info** - Basic key value json style object to store additional data about the user
+
+```ruby
+resp = HTTP.post("/signup", email: "test@example.org", password: "hunter2", info: { name: "Test" })
+
+resp.parsed # =>
+
+{
+  token_type: "Bearer",
+  token: "jwt-stateless-token-includes-user-data",
+  refresh_token: "refresh-token"
+}
+```
+
+### `POST /token`
+
+**Params**
+
+- **grant_type** - If 'password' provide username and password, if 'refresh_token' provide refresh_token param.
+- **username** - Users email address
+- **password** - Users password
+- **refresh_token** - Users refresh token
+
+```ruby
+resp = HTTP.post("/token", grant_type: "password", username: "test@example.org", password: "hunter2") # or...
+resp = HTTP.post("/token", grant_type: "refresh_token", refresh_token: "some-refresh-token")
+
+resp.parsed # =>
+
+{
+  token_type: "Bearer",
+  token: "jwt-stateless-token-includes-user-data",
+  refresh_token: "refresh-token"
+}
+```
+
+### `PUT /user`
+
+**Params**
+
+- **email** - Users email address
+- **info** - Basic key value json style object to store additional data about the user
+
+```ruby
+resp = HTTP.put("/user", email: "newemail@example.org", info: { foo: "Bar" })
+
+resp.parsed # =>
+
+{
+  token_type: "Bearer",
+  token: "jwt-stateless-token-includes-user-data"
+}
+```
+
+### `POST /logout`
+
+Destroys all active refresh tokens (current JWT is still active for the standard timeout of 1 hour)
+
+```ruby
+resp = HTTP.post("/logout")
+
+resp.parsed # =>
+
+{}
+```
+
+### `POST /recover`
+
+Delivers password reset emails
+
+**Params**
+
+- **email** - Users email address
+
+```ruby
+resp = HTTP.post("/recover", email: "test@example.org")
+
+resp.parsed # =>
+
+{}
+```
+
+### `PUT /user/attributes/password`
+
+Update users password either by authenticating with a valid JWT or providing a password reset token (sent in the email from POST /recover)
+
+**Params**
+
+- **password** - Users new password
+
+```ruby
+resp = HTTP.put("/user/attributes/password", password: "new-password", token: "password-reset-token")
+
+resp.parsed # =>
+
+{
+  token_type: "Bearer",
+  token: "jwt-stateless-token-includes-user-data",
+  refresh_token: "refresh-token"
+}
+```
+
+### TODO:  `POST /verify`
+
+Verify account, only required if confirmations are configured
+
+```ruby
+resp = HTTP.post("/verify", token: "confirmation-token")
+
+resp.parsed # =>
+
+{
+  token_type: "Bearer",
+  token: "jwt-stateless-token-includes-user-data",
+  refresh_token: "refresh-token"
+}
+```
+
+### TODO: Social auth
+
+Using [omniauth](https://github.com/omniauth/omniauth) to allow signin with third party services such as facebook.
+
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/user-auth.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+require "bundler/gem_tasks"
+require "da/rake_tasks"
+
+# Add current path and lib to the load path
+$: << File.expand_path('../', __FILE__)
+$: << File.expand_path('../lib', __FILE__)
+
+task default: ["ci:all"]

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "user/auth"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/guard

@@ -0,0 +1,17 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+#
+# This file was generated by Bundler.
+#
+# The application 'guard' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require "pathname"
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("guard", "guard")

data/bin/rake

@@ -0,0 +1,17 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+#
+# This file was generated by Bundler.
+#
+# The application 'rake' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require "pathname"
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("rake", "rake")

data/bin/rspec

@@ -0,0 +1,17 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+#
+# This file was generated by Bundler.
+#
+# The application 'rspec' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require "pathname"
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("rspec-core", "rspec")

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/config.ru

@@ -0,0 +1,13 @@
+require_relative "./config/boot"
+require_relative "./lib/user_auth/api"
+require "rack/cors"
+
+use Rack::Deflater
+use Rack::Cors do
+  allow do
+    origins ENV.fetch("ALLOWED_CORS_ORIGINS", "*")
+    resource "*", headers: :any, methods: :any, max_age: 2_592_000 # 30 days
+  end
+end
+
+map("/") { run UserAuth::Api }

data/config/boot.rb

@@ -0,0 +1,10 @@
+# Add current path and lib to the load path
+$: << File.expand_path("../../", __FILE__)
+$: << File.expand_path("../../lib", __FILE__)
+
+# Default ENV to dev if not present
+ENV["APP_ENV"] ||= "development"
+
+require "da/core/environment"
+require "da/db"
+require "da/web"

data/config/puma.rb

@@ -0,0 +1,34 @@
+# Puma can serve each request in a thread from an internal thread pool.
+# The `threads` method setting takes two numbers a minimum and maximum.
+# Any libraries that use thread pools should be configured to match
+# the maximum value specified for Puma. Default is set to 5 threads for minimum
+# and maximum, this matches the default thread size of Active Record.
+#
+threads_count = ENV.fetch("MAX_THREADS") { 5 }.to_i
+threads threads_count, threads_count
+
+# Specifies the `port` that Puma will listen on to receive requests, default is 3000.
+#
+port        ENV.fetch("PORT") { 3000 }
+
+# Specifies the `environment` that Puma will run in.
+#
+environment ENV.fetch("APP_ENV") { "development" }
+
+# Specifies the number of `workers` to boot in clustered mode.
+# Workers are forked webserver processes. If using threads and workers together
+# the concurrency of the application would be max `threads` * `workers`.
+# Workers do not work on JRuby or Windows (both of which do not support
+# processes).
+#
+workers ENV.fetch("WEB_CONCURRENCY") { 1 }
+
+# The code in the `on_worker_boot` will be called if you are using
+# clustered mode by specifying a number of `workers`. After each worker
+# process is booted this block will be run, if you are using `preload_app!`
+# option you will want to use this block to reconnect to any threads
+# or connections that may have been created at application boot, Ruby
+# cannot share connections between processes.
+#
+# on_worker_boot do
+# end

data/db/migrations/20170602120030_create_users.rb

@@ -0,0 +1,32 @@
+Sequel.migration do
+  up do
+    create_table :users do
+      primary_key :id
+      String :username, size: 255
+      String :email, null: false, size: 255
+      String :password_digest, null: false, size: 255
+      jsonb :info, null: false, default: Sequel.pg_jsonb({})
+      DateTime :created_at, null: false
+      DateTime :updated_at, null: false
+
+      index :email, unique: true
+      index :username, unique: true
+    end
+
+    create_table :refresh_tokens do
+      primary_key :id
+      foreign_key :user_id, :users, null: false
+      String :token, null: false, size: 64
+      DateTime :revoked_at
+      DateTime :created_at, null: false
+      DateTime :updated_at, null: false
+
+      index :token, unique: true
+    end
+  end
+
+  down do
+    drop_table :refresh_tokens
+    drop_table :users
+  end
+end

data/db/schema.rb

@@ -0,0 +1,33 @@
+Sequel.migration do
+  change do
+    create_table(:schema_migrations) do
+      String :filename, :text=>true, :null=>false
+      
+      primary_key [:filename]
+    end
+    
+    create_table(:users, :ignore_index_errors=>true) do
+      primary_key :id
+      String :username, :size=>255
+      String :email, :size=>255, :null=>false
+      String :password_digest, :size=>255, :null=>false
+      String :info, :null=>false
+      DateTime :created_at, :null=>false
+      DateTime :updated_at, :null=>false
+      
+      index [:email], :unique=>true
+      index [:username], :unique=>true
+    end
+    
+    create_table(:refresh_tokens, :ignore_index_errors=>true) do
+      primary_key :id
+      foreign_key :user_id, :users, :null=>false, :key=>[:id]
+      String :token, :size=>64, :null=>false
+      DateTime :revoked_at
+      DateTime :created_at, :null=>false
+      DateTime :updated_at, :null=>false
+      
+      index [:token], :unique=>true
+    end
+  end
+end

data/lib/user_auth.rb

@@ -0,0 +1,21 @@
+require "user_auth/version"
+require "user_auth/configuration"
+require "user_auth/api"
+
+module UserAuth
+  class << self
+    attr_accessor :configuration
+  end
+
+  def self.configuration
+    @configuration ||= Configuration.new
+  end
+
+  def self.reset
+    @configuration = Configuration.new
+  end
+
+  def self.configure
+    yield(configuration)
+  end
+end

data/lib/user_auth/api.rb

@@ -0,0 +1,120 @@
+require "da/web"
+require_relative "./models/refresh_token"
+require_relative "./models/user"
+require_relative "./web/helpers"
+require_relative "./password_verifier"
+
+module UserAuth
+  class Api < DA::Web::BaseRoute
+    include UserAuth::Models
+
+    helpers Web::Helpers
+
+    get "/" do
+      json(service: "user-auth")
+    end
+
+    post "/signup" do
+      user = User.create(
+        email: params[:email],
+        password: params[:password],
+        info: params.fetch(:info, {})
+      )
+      deliver_email(
+        to: user.email,
+        user: user.to_json,
+        template: "user_signup"
+      )
+
+      status 201
+
+      json_user_token(user)
+    end
+
+    post "/token" do
+      case params[:grant_type]
+      when "password"
+        user = User.first(email: params[:username])
+        verifier = PasswordVerifier.new(user&.password_digest)
+
+        if user && verifier.verify(params[:password])
+          json_user_token(user)
+        else
+          halt 404, json(error_code: "not_found", message: "Your email / password is incorrect")
+        end
+      when "refresh_token"
+        refresh_token = RefreshToken.first(token: params[:refresh_token])
+
+        if refresh_token
+          json_user_token(refresh_token.user)
+        else
+          halt 400, json(error_code: "bad_request", message: "Invalid refresh_token")
+        end
+      else
+        halt 400, json(error_code: "bad_request", message: "grant_type must be one of password, refresh_token")
+      end
+    end
+
+    put "/user" do
+      warden.authenticate!
+
+      update_params = {
+        info: params.fetch(:info, {})
+      }
+
+      update_params[:email] = params[:email] if params[:email]
+
+      user = current_user.update(update_params)
+
+      json_user_token(user)
+    end
+
+    post "/logout" do
+      warden.authenticate!
+      current_user.clear_refresh_tokens!
+      json({})
+    end
+
+    post "/recover" do
+      user = User.first(email: params[:email])
+
+      if user
+        deliver_email(
+          to: user.email,
+          user: user.to_json,
+          template: "password_reset",
+          reset_token: build_jwt(user.to_json)
+        )
+      end
+
+      json({})
+    end
+
+    put "/user/attributes/password" do
+      warden.authenticate!
+
+      current_user.password_changing = true
+      current_user.update(password: params[:password])
+
+      deliver_email(
+        to: current_user.email,
+        user: current_user.to_json,
+        template: "password_updated"
+      )
+
+      json_user_token(current_user)
+    end
+
+    error Sequel::ValidationFailed do |record|
+      halt 422, json(
+        errors: record.errors,
+        error_code: "validation_failed",
+        message: "Validation failed"
+      )
+    end
+
+    error Sinatra::NotFound, Sequel::NoMatchingRow do
+      halt 404, json(error_code: "not_found", message: "Endpoint '#{request.path}' not found")
+    end
+  end
+end

data/lib/user_auth/configuration.rb

@@ -0,0 +1,15 @@
+module UserAuth
+  class Configuration
+    attr_accessor :deliver_mail, :require_account_confirmations, :allow_signups,
+                  :jwt_exp
+
+    def initialize
+      @deliver_mail = lambda do |options|
+        $logger.info("TODO: Deliver mail #{options.inspect}")
+      end
+      @require_account_confirmations = false
+      @allow_signups = true
+      @jwt_exp = 3600
+    end
+  end
+end

data/lib/user_auth/models/refresh_token.rb

@@ -0,0 +1,13 @@
+require "securerandom"
+
+module UserAuth
+  module Models
+    class RefreshToken < Sequel::Model
+      many_to_one :user
+
+      def before_save
+        self.token ||= SecureRandom.hex(32)
+      end
+    end
+  end
+end

data/lib/user_auth/models/user.rb

@@ -0,0 +1,42 @@
+require_relative "../password_hasher"
+require "active_support/core_ext/hash/conversions"
+
+module UserAuth
+  module Models
+    class User < Sequel::Model
+      attr_reader :password
+      attr_accessor :password_changing
+      one_to_many :refresh_tokens
+
+      def validate
+        super
+        validates_presence :email
+        validates_unique :email
+        validates_format(/\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i, :email, message: "is not a valid email address")
+        validates_presence :password if new? || password_changing
+        validates_min_length 8, :password if new? || password_changing
+      end
+
+      def password=(plaintext)
+        @password = plaintext
+        self.password_digest = PasswordHasher.new.hash_plaintext(plaintext)
+      end
+
+      def email=(email)
+        super(email.try(:downcase))
+      end
+
+      def to_json
+        info.merge(email: email, user_id: id).symbolize_keys
+      end
+
+      def refresh_token!
+        RefreshToken.find_or_create(user: self).token
+      end
+
+      def clear_refresh_tokens!
+        refresh_tokens_dataset.destroy
+      end
+    end
+  end
+end

data/lib/user_auth/password_hasher.rb

@@ -0,0 +1,9 @@
+require "bcrypt"
+
+module UserAuth
+  class PasswordHasher
+    def hash_plaintext(plaintext)
+      BCrypt::Password.create(plaintext)
+    end
+  end
+end

data/lib/user_auth/password_verifier.rb

@@ -0,0 +1,16 @@
+require "bcrypt"
+
+module UserAuth
+  class PasswordVerifier
+    def initialize(digest)
+      @bcrypt = BCrypt::Password.new(digest)
+    rescue BCrypt::Errors::InvalidHash
+      @bcrypt = nil
+    end
+
+    def verify(plaintext)
+      return false unless @bcrypt
+      @bcrypt == plaintext
+    end
+  end
+end

data/lib/user_auth/rake_tasks.rb

@@ -0,0 +1 @@
+import File.expand_path(File.join(__dir__, "tasks", "import_migrations.rake"))

data/lib/user_auth/tasks/import_migrations.rake

@@ -0,0 +1,11 @@
+require "fileutils"
+
+namespace :user_auth do
+  desc "Import migrations for user-auth service"
+  task :import_migrations do |t|
+    import_to = File.join(t.application.original_dir, "db")
+    import_form = File.expand_path(File.join(__dir__, "..", "..", "..", "db", "migrations"))
+
+    FileUtils.cp_r(import_form, import_to, preserve: true)
+  end
+end

data/lib/user_auth/version.rb

@@ -0,0 +1,3 @@
+module UserAuth
+  VERSION = "0.1.0".freeze
+end

data/lib/user_auth/web/helpers.rb

@@ -0,0 +1,33 @@
+require "da/core/auth_token"
+
+module UserAuth
+  module Web
+    module Helpers
+      def current_user
+        @current_user ||= UserAuth::Models::User.with_pk!(warden.user.user_id)
+      end
+
+      def deliver_email(options)
+        UserAuth.configuration.deliver_mail.call(options)
+      end
+
+      def json(data)
+        content_type(:json)
+        JSON.dump(data)
+      end
+
+      def json_user_token(user)
+        json(
+          token_type: "Bearer",
+          token: build_jwt(user.to_json),
+          refresh_token: user.refresh_token!
+        )
+      end
+
+      def build_jwt(data)
+        exp = Time.now.to_i + UserAuth.configuration.jwt_exp
+        AuthToken.new.create(data.merge(exp: exp))
+      end
+    end
+  end
+end

data/user-auth.gemspec

@@ -0,0 +1,37 @@
+# coding: utf-8
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "user_auth/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "da-user-auth"
+  spec.version       = UserAuth::VERSION
+  spec.authors       = ["Pete Hawkins"]
+  spec.email         = ["pete@phawk.co.uk"]
+
+  spec.summary       = %q{Rack compatible user authentication microservice}
+  spec.description   = %q{Rack compatible user authentication microservice. Can be run standalone or mounted into another rack app.}
+  spec.homepage      = "https://dawsonandrews.com/"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency "da-core", "~> 0.1.1"
+  spec.add_runtime_dependency "pg", "~> 0.20"
+  spec.add_runtime_dependency "sequel", "~> 4.44.0"
+  spec.add_runtime_dependency "bcrypt"
+
+  spec.add_development_dependency "bundler", ">= 1.14"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "rack-test"
+  spec.add_development_dependency "rubocop"
+  spec.add_development_dependency "bundler-audit"
+  spec.add_development_dependency "guard"
+  spec.add_development_dependency "guard-rspec"
+end

metadata

@@ -0,0 +1,246 @@
+--- !ruby/object:Gem::Specification
+name: da-user-auth
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Pete Hawkins
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-06-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: da-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.1
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.20'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.20'
+- !ruby/object:Gem::Dependency
+  name: sequel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.44.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.44.0
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.14'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.14'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler-audit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Rack compatible user authentication microservice. Can be run standalone
+  or mounted into another rack app.
+email:
+- pete@phawk.co.uk
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".env.sample"
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".ruby-version"
+- ".travis.yml"
+- Gemfile
+- Guardfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/guard
+- bin/rake
+- bin/rspec
+- bin/setup
+- config.ru
+- config/boot.rb
+- config/puma.rb
+- db/migrations/20170602120030_create_users.rb
+- db/schema.rb
+- lib/user_auth.rb
+- lib/user_auth/api.rb
+- lib/user_auth/configuration.rb
+- lib/user_auth/models/refresh_token.rb
+- lib/user_auth/models/user.rb
+- lib/user_auth/password_hasher.rb
+- lib/user_auth/password_verifier.rb
+- lib/user_auth/rake_tasks.rb
+- lib/user_auth/tasks/import_migrations.rake
+- lib/user_auth/version.rb
+- lib/user_auth/web/helpers.rb
+- user-auth.gemspec
+homepage: https://dawsonandrews.com/
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.11
+signing_key: 
+specification_version: 4
+summary: Rack compatible user authentication microservice
+test_files: []