grape-tokeeo 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +22 -0
- data/.travis.yml +17 -0
- data/Gemfile +7 -0
- data/LICENSE.txt +20 -0
- data/README.md +111 -0
- data/Rakefile +2 -0
- data/grape-tokeeo.gemspec +34 -0
- data/lib/grape/tokeeo/version.rb +5 -0
- data/lib/grape/tokeeo.rb +77 -0
- data/spec/factories/car_factory.rb +7 -0
- data/spec/factories/user_factory.rb +7 -0
- data/spec/lib/grape/tokeeo_spec.rb +98 -0
- data/spec/spec_helper.rb +55 -0
- data/spec/support/examples/api_example.rb +91 -0
- data/spec/support/models/user.rb +4 -0
- data/spec/support/schema.rb +9 -0
- metadata +222 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: f5fcfd1763b17a097bd9e0a671cf52250a353e9a
|
4
|
+
data.tar.gz: c2f064374c1c0d8305a931afcd98e3817a18fe2f
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: bfaa25be554550e1b95b72e4543429448cd9e5e1b0d1fe09dbf34ccea04d68e59fdd0c2265d3af058db1ab7ec48fe62ba6562d5f23daaca6cc07686bb828b6e3
|
7
|
+
data.tar.gz: c0ac60c5852715d72194de623a60ba1acc8e11a527750de1db4774b99cafa27d31dcef0df02e873e299ee090ef15b3840650de39013c14cc6fbc7b8b16f6a38f
|
data/.gitignore
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
*.gem
|
2
|
+
*.rbc
|
3
|
+
.bundle
|
4
|
+
.config
|
5
|
+
.yardoc
|
6
|
+
Gemfile.lock
|
7
|
+
InstalledFiles
|
8
|
+
_yardoc
|
9
|
+
coverage
|
10
|
+
doc/
|
11
|
+
lib/bundler/man
|
12
|
+
pkg
|
13
|
+
rdoc
|
14
|
+
spec/reports
|
15
|
+
test/tmp
|
16
|
+
test/version_tmp
|
17
|
+
tmp
|
18
|
+
*.bundle
|
19
|
+
*.so
|
20
|
+
*.o
|
21
|
+
*.a
|
22
|
+
mkmf.log
|
data/.travis.yml
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
language: ruby
|
2
|
+
cache: bundler
|
3
|
+
|
4
|
+
rvm:
|
5
|
+
- 2.1.2
|
6
|
+
|
7
|
+
script: 'bundle exec rspec'
|
8
|
+
|
9
|
+
notifications:
|
10
|
+
email:
|
11
|
+
recipients:
|
12
|
+
- apagano@wawand.co
|
13
|
+
on_failure: change
|
14
|
+
on_success: never
|
15
|
+
addons:
|
16
|
+
code_climate:
|
17
|
+
repo_token: 9049d92330ddb6d8e03b86e8e1c64632528f9bfe1233cc2a943e6ed4768e772e
|
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2010 Antonio Pagano and Wawandco, SAS.
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,111 @@
|
|
1
|
+
[![Build Status](https://travis-ci.org/wawandco/grape-tokeeo.svg?branch=master)](https://travis-ci.org/wawandco/grape-tokeeo)
|
2
|
+
[![Code Climate](https://codeclimate.com/github/wawandco/grape-tokeeo/badges/gpa.svg)](https://codeclimate.com/github/wawandco/grape-tokeeo)
|
3
|
+
[![Test Coverage](https://codeclimate.com/github/wawandco/grape-tokeeo/badges/coverage.svg)](https://codeclimate.com/github/wawandco/grape-tokeeo)
|
4
|
+
|
5
|
+
# Grape::Tokeeo
|
6
|
+
|
7
|
+
|
8
|
+
Grape::Tokeeo is an extension to the grape gem that provides simple header-based Token authentication for API.
|
9
|
+
|
10
|
+
## Installation
|
11
|
+
Add this line to your application's Gemfile:
|
12
|
+
```
|
13
|
+
gem 'grape-tokeeo'
|
14
|
+
```
|
15
|
+
And then execute:
|
16
|
+
```
|
17
|
+
$ bundle
|
18
|
+
```
|
19
|
+
Or install it yourself as:
|
20
|
+
```
|
21
|
+
$ gem install grape-tokeeo
|
22
|
+
```
|
23
|
+
|
24
|
+
## Usage
|
25
|
+
|
26
|
+
One of the common things we do when implementing API's is to secure those, one of the kind of security implementations we can do is token-based authentication, where the client should pass some tokens based on the requests he is trying to do.
|
27
|
+
|
28
|
+
Lets say we have an API in app/api/my_api.rb
|
29
|
+
|
30
|
+
```ruby
|
31
|
+
class MyApi::API < Grape::API
|
32
|
+
get :something do
|
33
|
+
{content: 'secret content'}
|
34
|
+
end
|
35
|
+
end
|
36
|
+
```
|
37
|
+
### Pre-shared token
|
38
|
+
|
39
|
+
And we don't want to expose :something publicly, grape-tokkeo helps us by allowing to ensure a valid token is being passed to the request on the X-Api-Token header, our secure API would look like:
|
40
|
+
|
41
|
+
```ruby
|
42
|
+
class MyApi::API < Grape::API
|
43
|
+
validate_token is: 'S0METHINGWEWANTTOSHAREONLYWITHCLIENT'
|
44
|
+
|
45
|
+
get :something do
|
46
|
+
{content: 'secret content'}
|
47
|
+
end
|
48
|
+
end
|
49
|
+
```
|
50
|
+
|
51
|
+
In case we call the API without passing *X-Api-Token* with the 'S0METHINGWEWANTTOS..' value, we will get a 401 error code on the response and our 'secret content' wont be returned to the client requesting.
|
52
|
+
|
53
|
+
this options also accepts a list of tokens inside the /is:/ option. like this.
|
54
|
+
```ruby
|
55
|
+
class MyApi::API < Grape::API
|
56
|
+
validate_token is: ['TOKENA','TOKENB']
|
57
|
+
|
58
|
+
get :something do
|
59
|
+
{content: 'secret content'}
|
60
|
+
end
|
61
|
+
end
|
62
|
+
```
|
63
|
+
|
64
|
+
|
65
|
+
### Token on model
|
66
|
+
|
67
|
+
In case we want to ensure the token exists in a model we can use the following syntax for the *validate_token* method:
|
68
|
+
|
69
|
+
```ruby
|
70
|
+
class MyApi::API < Grape::API
|
71
|
+
validate_token in: SecureTokenHolder, field: :token
|
72
|
+
|
73
|
+
get :something do
|
74
|
+
{content: 'secret content'}
|
75
|
+
end
|
76
|
+
end
|
77
|
+
```
|
78
|
+
|
79
|
+
Again this should ensure the token exist by looking on the SecureTokenHolder model table for a record with the column 'token' with the same value as 'X-Api-Token'.
|
80
|
+
|
81
|
+
### Token validated against a block passed
|
82
|
+
|
83
|
+
There may be some cases where you would like to do the validation by yourself or the validation logic is not simple as verifying against the model attribute, in that case we could pass a block to the *validate_token_in* method like:
|
84
|
+
|
85
|
+
```ruby
|
86
|
+
class MyApi::API < Grape::API
|
87
|
+
validate_token_with do |token|
|
88
|
+
SomeComplexOperationHolder.validate token
|
89
|
+
end
|
90
|
+
|
91
|
+
get :something do
|
92
|
+
{content: 'secret content'}
|
93
|
+
end
|
94
|
+
end
|
95
|
+
```
|
96
|
+
|
97
|
+
In this case if the result of the block is true request will bypass the token control.
|
98
|
+
|
99
|
+
### Custom validation error message
|
100
|
+
|
101
|
+
You can also define your custom validation error message by passing the /invalid_message/ option to the method, as the following code:
|
102
|
+
|
103
|
+
```ruby
|
104
|
+
class MyApi::API < Grape::API
|
105
|
+
validate_token is: ['TOKENA','TOKENB'], invalid_message: "Look 'ma its working"
|
106
|
+
|
107
|
+
get :something do
|
108
|
+
{content: 'secret content'}
|
109
|
+
end
|
110
|
+
end
|
111
|
+
```
|
data/Rakefile
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'grape/tokeeo/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "grape-tokeeo"
|
8
|
+
spec.version = Grape::Tokeeo::VERSION
|
9
|
+
spec.authors = ["Antonio Pagano"]
|
10
|
+
spec.email = ["ap@wawand.co"]
|
11
|
+
spec.summary = %q{ Grape resources provides simple API token auth for grape }
|
12
|
+
spec.description = %q{ Grape resources provides simple API token auth for grape in three different flavours.}
|
13
|
+
spec.homepage = "https://github.com/wawandco/grape-tokeeo"
|
14
|
+
spec.license = "MIT"
|
15
|
+
|
16
|
+
spec.files = `git ls-files -z`.split("\x0")
|
17
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
18
|
+
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
19
|
+
spec.require_paths = ["lib"]
|
20
|
+
|
21
|
+
spec.add_development_dependency "bundler", "~> 1.6"
|
22
|
+
spec.add_development_dependency "rake", '~> 10'
|
23
|
+
spec.add_development_dependency "rspec", '~> 3'
|
24
|
+
spec.add_development_dependency "sqlite3", '~> 1.3'
|
25
|
+
spec.add_development_dependency "factory_girl", '~> 3'
|
26
|
+
spec.add_development_dependency 'pry', '~> 0'
|
27
|
+
spec.add_development_dependency 'database_cleaner', '~> 1.3'
|
28
|
+
spec.add_development_dependency "rack-test", '~> 0'
|
29
|
+
spec.add_development_dependency "codeclimate-test-reporter", '~> 0'
|
30
|
+
|
31
|
+
|
32
|
+
spec.add_runtime_dependency "grape", '~> 0.9'
|
33
|
+
spec.add_runtime_dependency "activerecord", '~> 4'
|
34
|
+
end
|
data/lib/grape/tokeeo.rb
ADDED
@@ -0,0 +1,77 @@
|
|
1
|
+
require "grape"
|
2
|
+
require "grape/tokeeo/version"
|
3
|
+
|
4
|
+
module Grape
|
5
|
+
class API
|
6
|
+
include Grape::Tokeeo
|
7
|
+
|
8
|
+
class << self
|
9
|
+
def validate_token( options={} )
|
10
|
+
Grape::Tokeeo.build_preshared_token_security(options, self) if options[:is].present?
|
11
|
+
Grape::Tokeeo.build_model_token_security(options, self) if options[:in].present?
|
12
|
+
end
|
13
|
+
|
14
|
+
def validate_token_with(options={}, &block)
|
15
|
+
Grape::Tokeeo.secure_with( self, options, &block)
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
module Tokeeo
|
21
|
+
DEFAULT_INVALID_MESSAGE = 'Invalid Token'
|
22
|
+
DEFAULT_MISSING_MESSAGE = 'Token was not passed'
|
23
|
+
DEFAULT_HEADER = 'X-Api-Token'
|
24
|
+
|
25
|
+
class << self
|
26
|
+
|
27
|
+
def message_for_invalid_token( options={} )
|
28
|
+
invalid_message_to_use = options[:invalid_message]
|
29
|
+
invalid_message_to_use ||= DEFAULT_INVALID_MESSAGE
|
30
|
+
end
|
31
|
+
|
32
|
+
def header_to_verify( options={} )
|
33
|
+
header_to_use = options[:header]
|
34
|
+
header_to_use ||= DEFAULT_HEADER
|
35
|
+
end
|
36
|
+
|
37
|
+
def build_preshared_token_security(options, api_instance)
|
38
|
+
api_instance.before do
|
39
|
+
header = Grape::Tokeeo.header_to_verify(options)
|
40
|
+
token = env[header]
|
41
|
+
preshared_token = options[:is]
|
42
|
+
|
43
|
+
error!(DEFAULT_MISSING_MESSAGE, 401) unless token.present?
|
44
|
+
|
45
|
+
verification_passed = preshared_token.is_a?(Array) ? preshared_token.include?(token) : token == preshared_token
|
46
|
+
error!( Grape::Tokeeo.message_for_invalid_token(options) , 401) unless verification_passed
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
def build_model_token_security(options, api_instance)
|
51
|
+
clazz = options[:in]
|
52
|
+
field = options[:field]
|
53
|
+
|
54
|
+
raise Error("#{clazz} is not an ActiveRecord::Base subclass") unless clazz < ActiveRecord::Base
|
55
|
+
|
56
|
+
api_instance.before do
|
57
|
+
header = Grape::Tokeeo.header_to_verify(options)
|
58
|
+
token = env[header]
|
59
|
+
found = clazz.find_by("#{field.to_s}" => token )
|
60
|
+
|
61
|
+
error!(DEFAULT_MISSING_MESSAGE, 401) unless token.present?
|
62
|
+
error!( Grape::Tokeeo.message_for_invalid_token(options), 401) unless found.present?
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
def secure_with(api_instance, options, &block )
|
67
|
+
api_instance.before do
|
68
|
+
header = Grape::Tokeeo.header_to_verify(options)
|
69
|
+
token = env[header]
|
70
|
+
|
71
|
+
error!( DEFAULT_MISSING_MESSAGE, 401) unless token.present?
|
72
|
+
error!( Grape::Tokeeo.message_for_invalid_token(options), 401) unless yield(token)
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
@@ -0,0 +1,98 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'support/examples/api_example'
|
3
|
+
|
4
|
+
describe Grape::Tokeeo do
|
5
|
+
|
6
|
+
def app
|
7
|
+
APIExample.new
|
8
|
+
end
|
9
|
+
|
10
|
+
['preshared', 'preshared_header', 'preshared_with_list', 'block', 'model'].each do |feature|
|
11
|
+
context "##{feature} token" do
|
12
|
+
it "should return 401 if X-Api-Token is not passed" do
|
13
|
+
get "#{feature}/something"
|
14
|
+
expect(last_response.status).to eq(401)
|
15
|
+
end
|
16
|
+
|
17
|
+
it "should return 401 if header name is not the same as the value user has defined" do
|
18
|
+
get "#{feature}/something", nil, { 'Not-Header-Name' => 'S0METHINGWEWANTTOSHAREONLYWITHCLIENT' }
|
19
|
+
expect(last_response.status).to eq(401)
|
20
|
+
end
|
21
|
+
|
22
|
+
it "should return 401 if X-Api-Token is not the same as the value user has defined" do
|
23
|
+
get "#{feature}/something", nil, { 'X-Api-Token' => 'not right' }
|
24
|
+
expect(last_response.status).to eq(401)
|
25
|
+
end
|
26
|
+
|
27
|
+
it "should not affect external content" do
|
28
|
+
get :unsecured_endpoint
|
29
|
+
expect(JSON.parse(last_response.body)['content']).to eq('public content')
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
context "valid preshared one" do
|
35
|
+
it "should return 200 if X-Api-Token is the same as the value user has defined" do
|
36
|
+
get 'preshared/something', {}, {'X-Api-Token' => 'S0METHINGWEWANTTOSHAREONLYWITHCLIENT'}
|
37
|
+
expect(last_response.status).to eq(200)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
context "valid preshared with list one" do
|
42
|
+
it "should return 200 if X-Api-Token exist in the list that user has defined" do
|
43
|
+
get 'preshared_with_list/something', {}, {'X-Api-Token' => 'OTHERS0METHINGWEWANTTOSHAREONLYWITHCLIENT'}
|
44
|
+
expect(last_response.status).to eq(200)
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
context "valid block one" do
|
49
|
+
it "should return 200 if X-My-Api-Header is the same as the value user has defined" do
|
50
|
+
get 'block/something', {}, {"X-Api-Token" => 'AS0METHINGWEWANTTOSHAREONLYWITHCLIENT'}
|
51
|
+
expect(last_response.status).to eq(200)
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
context "valid model one" do
|
56
|
+
it "should return 200 if X-Api-Token is the same as the value user has defined" do
|
57
|
+
create(:user, token: 'S0METHINGWEWANTTOSHAREONLYWITHCLIENT')
|
58
|
+
get 'model/something', {}, {"X-Api-Token" => 'S0METHINGWEWANTTOSHAREONLYWITHCLIENT'}
|
59
|
+
expect(last_response.status).to eq(200)
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
context "custom_error_message" do
|
64
|
+
it "should return current message if X-Api-Token is not user-defined" do
|
65
|
+
get 'preshared_with_message/something', {}, {"X-Api-Token" => 'AAB'}
|
66
|
+
expect(JSON.parse(last_response.body)['error']).to eq("Invalid token passed buddy")
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
context "preshared header one" do
|
71
|
+
it "should return 200 if X-My-Api-Header is the same as the value user has defined" do
|
72
|
+
get 'preshared_header/something', {}, {"X-My-Api-Header" => 'S0METHINGWEWANTTOSHAREONLYWITHCLIENT'}
|
73
|
+
expect(last_response.status).to eq(200)
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
context "valid preshared with list one" do
|
78
|
+
it "should return 200 if X-My-Api-Header exist in the list that user has defined" do
|
79
|
+
get 'preshared_header_with_list/something', {}, {'X-My-Api-Header' => 'OTHERS0METHINGWEWANTTOSHAREONLYWITHCLIENT'}
|
80
|
+
expect(last_response.status).to eq(200)
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
context "valid model one" do
|
85
|
+
it "should return 200 if X-My-Api-Header is the same as the value user has defined" do
|
86
|
+
create(:user, token: 'S0METHINGWEWANTTOSHAREONLYWITHCLIENT')
|
87
|
+
get 'model_header/something', {}, {"X-My-Api-Header" => 'S0METHINGWEWANTTOSHAREONLYWITHCLIENT'}
|
88
|
+
expect(last_response.status).to eq(200)
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
92
|
+
context "valid block one" do
|
93
|
+
it "should return 200 if X-My-Api-Header is the same as the value user has defined" do
|
94
|
+
get 'block_header/something', {}, {"X-My-Api-Header" => 'AS0METHINGWEWANTTOSHAREONLYWITHCLIENT'}
|
95
|
+
expect(last_response.status).to eq(200)
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,55 @@
|
|
1
|
+
|
2
|
+
require "codeclimate-test-reporter"
|
3
|
+
CodeClimate::TestReporter.start
|
4
|
+
|
5
|
+
require "grape"
|
6
|
+
require 'grape/tokeeo'
|
7
|
+
require 'active_record'
|
8
|
+
require 'database_cleaner'
|
9
|
+
require 'factory_girl'
|
10
|
+
require "rack/test"
|
11
|
+
|
12
|
+
ENV["RAILS_ENV"] = "test"
|
13
|
+
|
14
|
+
RSpec.configure do |config|
|
15
|
+
# Remove this line if you don't want RSpec's should and should_not
|
16
|
+
I18n.enforce_available_locales = false
|
17
|
+
ActiveRecord::Base.establish_connection(
|
18
|
+
:adapter => 'sqlite3',
|
19
|
+
:database => ':memory:'
|
20
|
+
)
|
21
|
+
|
22
|
+
load File.dirname(__FILE__) + '/support/schema.rb'
|
23
|
+
|
24
|
+
|
25
|
+
Dir["#{File.dirname(__FILE__)}/support/models/*.rb"].each {|f| require f}
|
26
|
+
Dir["#{File.dirname(__FILE__)}/factories/*.rb"].each {|f| require f }
|
27
|
+
Dir["#{File.dirname(__FILE__)}/support/*.rb"].each{ |f| require f }
|
28
|
+
|
29
|
+
# methods or matchers
|
30
|
+
require 'rspec/expectations'
|
31
|
+
config.include RSpec::Matchers
|
32
|
+
config.include Rack::Test::Methods
|
33
|
+
|
34
|
+
# == Mock Framework
|
35
|
+
config.mock_with :rspec
|
36
|
+
|
37
|
+
include FactoryGirl::Syntax::Methods
|
38
|
+
|
39
|
+
config.before(:suite) do
|
40
|
+
DatabaseCleaner.strategy = :transaction
|
41
|
+
end
|
42
|
+
|
43
|
+
config.before :each do
|
44
|
+
DatabaseCleaner.start
|
45
|
+
end
|
46
|
+
|
47
|
+
config.after :each do
|
48
|
+
DatabaseCleaner.clean
|
49
|
+
end
|
50
|
+
|
51
|
+
RSpec.configure do |config|
|
52
|
+
config.include Rack::Test::Methods
|
53
|
+
end
|
54
|
+
|
55
|
+
end
|
@@ -0,0 +1,91 @@
|
|
1
|
+
require "grape/tokeeo"
|
2
|
+
|
3
|
+
|
4
|
+
class APIExample < Grape::API
|
5
|
+
format :json
|
6
|
+
|
7
|
+
resource :preshared_with_message do
|
8
|
+
validate_token is: "AAA", invalid_message: 'Invalid token passed buddy'
|
9
|
+
|
10
|
+
get :something do
|
11
|
+
{content: 'secret content'}
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
resource :preshared do
|
16
|
+
validate_token is: "S0METHINGWEWANTTOSHAREONLYWITHCLIENT"
|
17
|
+
|
18
|
+
get :something do
|
19
|
+
{content: 'secret content'}
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
resource :preshared_header do
|
24
|
+
validate_token header: "X-My-Api-Header", is: "S0METHINGWEWANTTOSHAREONLYWITHCLIENT"
|
25
|
+
|
26
|
+
get :something do
|
27
|
+
{content: 'secret content'}
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
resource :preshared_with_list do
|
32
|
+
validate_token is: ["S0METHINGWEWANTTOSHAREONLYWITHCLIENT", "OTHERS0METHINGWEWANTTOSHAREONLYWITHCLIENT"]
|
33
|
+
|
34
|
+
get :something do
|
35
|
+
{content: 'secret content'}
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
resource :preshared_header_with_list do
|
40
|
+
validate_token header: "X-My-Api-Header", is: ["S0METHINGWEWANTTOSHAREONLYWITHCLIENT", "OTHERS0METHINGWEWANTTOSHAREONLYWITHCLIENT"]
|
41
|
+
|
42
|
+
get :something do
|
43
|
+
{content: 'secret content'}
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
get :unsecured_endpoint do
|
48
|
+
{content: "public content"}
|
49
|
+
end
|
50
|
+
|
51
|
+
resource :block do
|
52
|
+
validate_token_with do |token|
|
53
|
+
token.try(:start_with?, 'A')
|
54
|
+
end
|
55
|
+
|
56
|
+
get :something do
|
57
|
+
{content: 'secret content'}
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
resource :block_header do
|
62
|
+
validate_token_with header: "X-My-Api-Header" do |token|
|
63
|
+
token.try(:start_with?, 'A')
|
64
|
+
end
|
65
|
+
|
66
|
+
get :something do
|
67
|
+
{content: 'secret content'}
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
resource :model do
|
72
|
+
validate_token in: User, field: :token
|
73
|
+
|
74
|
+
get :something do
|
75
|
+
{content: 'secret content'}
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
resource :model_header do
|
80
|
+
validate_token header: "X-My-Api-Header", in: User, field: :token
|
81
|
+
|
82
|
+
get :something do
|
83
|
+
{content: 'secret content'}
|
84
|
+
end
|
85
|
+
end
|
86
|
+
# validate_token in: User, field: :auth_token
|
87
|
+
# validate_token with: do |token|
|
88
|
+
#
|
89
|
+
# end
|
90
|
+
|
91
|
+
end
|
metadata
ADDED
@@ -0,0 +1,222 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: grape-tokeeo
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Antonio Pagano
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2014-10-16 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.6'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.6'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rake
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '10'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '10'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rspec
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '3'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '3'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: sqlite3
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '1.3'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '1.3'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: factory_girl
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '3'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '3'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: pry
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '0'
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '0'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: database_cleaner
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '1.3'
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '1.3'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: rack-test
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - "~>"
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - "~>"
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: codeclimate-test-reporter
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - "~>"
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '0'
|
132
|
+
type: :development
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - "~>"
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '0'
|
139
|
+
- !ruby/object:Gem::Dependency
|
140
|
+
name: grape
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - "~>"
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: '0.9'
|
146
|
+
type: :runtime
|
147
|
+
prerelease: false
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
149
|
+
requirements:
|
150
|
+
- - "~>"
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: '0.9'
|
153
|
+
- !ruby/object:Gem::Dependency
|
154
|
+
name: activerecord
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
156
|
+
requirements:
|
157
|
+
- - "~>"
|
158
|
+
- !ruby/object:Gem::Version
|
159
|
+
version: '4'
|
160
|
+
type: :runtime
|
161
|
+
prerelease: false
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
163
|
+
requirements:
|
164
|
+
- - "~>"
|
165
|
+
- !ruby/object:Gem::Version
|
166
|
+
version: '4'
|
167
|
+
description: " Grape resources provides simple API token auth for grape in three different
|
168
|
+
flavours."
|
169
|
+
email:
|
170
|
+
- ap@wawand.co
|
171
|
+
executables: []
|
172
|
+
extensions: []
|
173
|
+
extra_rdoc_files: []
|
174
|
+
files:
|
175
|
+
- ".gitignore"
|
176
|
+
- ".travis.yml"
|
177
|
+
- Gemfile
|
178
|
+
- LICENSE.txt
|
179
|
+
- README.md
|
180
|
+
- Rakefile
|
181
|
+
- grape-tokeeo.gemspec
|
182
|
+
- lib/grape/tokeeo.rb
|
183
|
+
- lib/grape/tokeeo/version.rb
|
184
|
+
- spec/factories/car_factory.rb
|
185
|
+
- spec/factories/user_factory.rb
|
186
|
+
- spec/lib/grape/tokeeo_spec.rb
|
187
|
+
- spec/spec_helper.rb
|
188
|
+
- spec/support/examples/api_example.rb
|
189
|
+
- spec/support/models/user.rb
|
190
|
+
- spec/support/schema.rb
|
191
|
+
homepage: https://github.com/wawandco/grape-tokeeo
|
192
|
+
licenses:
|
193
|
+
- MIT
|
194
|
+
metadata: {}
|
195
|
+
post_install_message:
|
196
|
+
rdoc_options: []
|
197
|
+
require_paths:
|
198
|
+
- lib
|
199
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
200
|
+
requirements:
|
201
|
+
- - ">="
|
202
|
+
- !ruby/object:Gem::Version
|
203
|
+
version: '0'
|
204
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
205
|
+
requirements:
|
206
|
+
- - ">="
|
207
|
+
- !ruby/object:Gem::Version
|
208
|
+
version: '0'
|
209
|
+
requirements: []
|
210
|
+
rubyforge_project:
|
211
|
+
rubygems_version: 2.4.1
|
212
|
+
signing_key:
|
213
|
+
specification_version: 4
|
214
|
+
summary: Grape resources provides simple API token auth for grape
|
215
|
+
test_files:
|
216
|
+
- spec/factories/car_factory.rb
|
217
|
+
- spec/factories/user_factory.rb
|
218
|
+
- spec/lib/grape/tokeeo_spec.rb
|
219
|
+
- spec/spec_helper.rb
|
220
|
+
- spec/support/examples/api_example.rb
|
221
|
+
- spec/support/models/user.rb
|
222
|
+
- spec/support/schema.rb
|