jwt-rails 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: f6d25580486b96a786e98b4b0856526101e13451b66950f2980d6484b1dca293
+  data.tar.gz: 344c2bb6bcf75e9757d0b51afe6973c1f65aaba44a493427565ebe559052fae4
+SHA512:
+  metadata.gz: d427d22c40a1d1bb1e54ec1b00e2a0e7d13ad3f72a6faf79d6f90265518496bae6bdc58dd1d87477060e2130a541d36fed48a85768b1ee1e0e131fe32d3c5e92
+  data.tar.gz: 0dc9820ed2b37cb22dac5253104c675831080a7fa0889b11c3ad6f1f04c14541cd563ef76c4fc7320d771ee495302c6ecfae36457692abe3a0d14896895fd042

data/README.md

@@ -0,0 +1,106 @@
+# README
+jwt-rails project developed for helping Authenticate your rails rest-api project<br/>
+you can fast develop project with jwt-rails<br/>
+I used reference following websites<br/>
+https://guides.rubyonrails.org/generators.html#creating-generators-with-generators <br/>
+https://medium.com/binar-academy/rails-api-jwt-authentication-a04503ea3248 <br/>
+
+## Require
+* rails api only project ```rails new my_api --api``` https://guides.rubyonrails.org/api_app.html
+* You don't have User Model, It will generate User Model
+* 'rails', '~> 3.2.0'
+
+## Getting Started
+1. Add gem in Gemfile
+    ```yaml
+    gem 'jwt-rails', '~> 0.0.1'
+    ```
+    OR
+    ```yaml
+    gem 'jwt-rails', :git => "git://github.com/x1wins/jwt-rails.git"
+    ```
+
+2. Generate JWT class, User Model, Endpoint
+    ```bash
+    rails generate jwt_rails
+    rake db:migrate
+    ```
+
+3. Endpoint
+    1. Create User
+        ```bash
+          curl -d '{"user": {"name":"ChangWoo", "username":"helloworld", "email":"x1wins@changwoo.org", "password":"hello1234", "password_confirmation":"hello1234"}}' -H "Content-Type: application/json" -X POST -i http://localhost:3000/users
+        ```
+    2. Login
+        ```bash
+          curl -d '{"email":"x1wins@changwoo.org", "password":"hello1234"}' -H "Content-Type: application/json" -X POST http://localhost:3000/auth/login | jq
+          {
+            "token": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1NzcyMjkwOTl9.an-cp7gWzEuufwvWPo3SFXzpxL_G1wvNpm6g7W_gdQU",
+            "exp": "12-24-2019 15:11",
+            "username": "helloworld"
+          }
+        ```
+    3. Token Usage <br/>
+        If you have Post scaffold. you can use following curl command 
+        1. Fail Case - Wrong token
+            ```bash
+            curl -X GET -i http://localhost:3000/posts
+            HTTP/1.1 401 Unauthorized
+            ```
+        2. Success Case
+            ```bash
+            curl -X GET -i http://localhost:3000/posts -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1NzcyMjkwOTl9.an-cp7gWzEuufwvWPo3SFXzpxL_G1wvNpm6g7W_gdQU"
+            HTTP/1.1 200 OK
+            ```
+    
+4. Scaffold Example 
+    1. Use ```user:references``` in scaffold code 
+        ```bash
+          rails g scaffold post body:string user:references published:boolean
+        ```
+    2. Authenticate <br/>
+        Insert ```before_action :authorize_request``` code into Controller
+        ```ruby
+          class PostsController < ApplicationController
+            before_action :authorize_request
+            
+            //...other code
+            
+          end
+        ```
+    3. Authorize <br/>
+        https://stackoverflow.com/questions/17594939/check-if-current-user-is-the-owner-of-a-resource-and-allow-edit-delete-actions/57279448#57279448 <br/>
+        1. Insert ```is_owner_object``` code into Controller <br/>
+        2. Append ```merge(user_id: @current_user.id)``` to post_params method
+            ```ruby
+              class PostsController < ApplicationController
+                before_action :authorize_request
+                before_action :set_post, only: [:show, :update, :destroy]
+                before_action only: [:edit, :update, :destroy] do
+                  is_owner_object @post ##your object
+                end
+         
+                //...other code
+                
+                def post_params
+                    params.require(:post).permit(:body).merge(user_id: @current_user.id)
+                end
+              end
+            ```
+    4. Test with CURL
+        1. Create
+            ```bash
+               curl  -X POST -i http://localhost:3000/posts -d '{"post": {"body":"sample body text sample"}}' -H "Content-Type: application/json" -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1NzcyMzY1NTJ9.0pRv-wnQPdQd1WoaA5mSPDWagfGCk---kwO7pSmKkUg"
+            ```
+        2. Index
+            ```bash
+               curl -X GET -i http://localhost:3000/posts -H "Content-Type: application/json" -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1NzcyMzY1NTJ9.0pRv-wnQPdQd1WoaA5mSPDWagfGCk---kwO7pSmKkUg"
+            ```
+        
+
+## Contribute
+How to build gem
+```bash
+gem build jwt-rails.gemspec
+gem install jwt-rails-0.0.1.gem
+```

data/lib/generators/jwt_rails/USAGE

@@ -0,0 +1,8 @@
+Description:
+    JWT, user resource for Auth rest api generator
+
+Example:
+    rails generate jwt_rails
+
+    This will create:
+        what/will/it/create

data/lib/generators/jwt_rails/jwt_rails_generator.rb

@@ -0,0 +1,27 @@
+class JwtRailsGenerator < Rails::Generators::Base
+  source_root File.expand_path('templates', __dir__)
+
+  def copy_jwt_rails_file
+    # Use Json Web Token (JWT) for token based authentication
+    gem 'jwt'
+    # Use ActiveModel has_secure_password
+    gem 'bcrypt', '~> 3.1.7'
+
+    route "resources :users, param: :_username"
+    route "post '/auth/login', to: 'authentication#login'"
+    route "get '/*a', to: 'application#not_found'"
+
+    copy_file "json_web_token.rb", "lib/json_web_token.rb"
+    copy_file "application_controller.rb", "app/controllers/application_controller.rb"
+
+    generate "model", "user name:string username:string email:string password_digest:string"
+    copy_file "user.rb", "app/models/user.rb"
+    generate "controller", "users"
+    copy_file "users_controller.rb", "app/controllers/users_controller.rb"
+    generate "controller", "authentication"
+    copy_file "authentication_controller.rb", "app/controllers/authentication_controller.rb"
+
+    puts "Genenrate Finish"
+  end
+
+end

data/lib/generators/jwt_rails/templates/application_controller.rb

@@ -0,0 +1,37 @@
+require 'json_web_token'
+
+class ApplicationController < ActionController::API
+
+  def not_found
+    render json: { error: 'not_found' }
+  end
+
+  def authorize_request
+    header = request.headers['Authorization']
+    header = header.split(' ').last if header
+    begin
+      @decoded = JsonWebToken.decode(header)
+      @current_user = User.find(@decoded[:user_id])
+    rescue ActiveRecord::RecordNotFound => e
+      render json: { errors: e.message }, status: :unauthorized
+    rescue JWT::DecodeError => e
+      render json: { errors: e.message }, status: :unauthorized
+    end
+  end
+
+  def is_owner user_id
+    unless user_id == current_user.id
+      render json: nil, status: :forbidden
+      return
+    end
+  end
+
+  def is_owner_object data
+    if data.nil? or data.user_id.nil?
+      return render status: :not_found
+    else
+      is_owner data.user_id
+    end
+  end
+
+end

data/lib/generators/jwt_rails/templates/authentication_controller.rb

@@ -0,0 +1,22 @@
+class AuthenticationController < ApplicationController
+  before_action :authorize_request, except: :login
+
+  # POST /auth/login
+  def login
+    @user = User.find_by_email(params[:email])
+    if @user&.authenticate(params[:password])
+      token = JsonWebToken.encode(user_id: @user.id)
+      time = Time.now + 24.hours.to_i
+      render json: { token: token, exp: time.strftime("%m-%d-%Y %H:%M"),
+                     username: @user.username }, status: :ok
+    else
+      render json: { error: 'unauthorized' }, status: :unauthorized
+    end
+  end
+
+  private
+
+  def login_params
+    params.permit(:email, :password)
+  end
+end

data/lib/generators/jwt_rails/templates/json_web_token.rb

@@ -0,0 +1,13 @@
+class JsonWebToken
+  SECRET_KEY = Rails.application.secrets.secret_key_base.to_s
+
+  def self.encode(payload, exp = 24.hours.from_now)
+    payload[:exp] = exp.to_i
+    JWT.encode(payload, SECRET_KEY)
+  end
+
+  def self.decode(token)
+    decoded = JWT.decode(token, SECRET_KEY)[0]
+    HashWithIndifferentAccess.new decoded
+  end
+end

data/lib/generators/jwt_rails/templates/user.rb

@@ -0,0 +1,9 @@
+class User < ApplicationRecord
+  has_secure_password
+  validates :email, presence: true, uniqueness: true
+  validates :email, format: { with: URI::MailTo::EMAIL_REGEXP }
+  validates :username, presence: true, uniqueness: true
+  validates :password,
+            length: { minimum: 6 },
+            if: -> { new_record? || !password.nil? }
+end

data/lib/generators/jwt_rails/templates/users_controller.rb

@@ -0,0 +1,54 @@
+class UsersController < ApplicationController
+  before_action :authorize_request, except: :create
+  before_action :find_user, except: %i[create index]
+  before_action only: [:show, :update, :destroy] do
+    is_owner_object @user ##your object
+  end
+
+  # GET /users
+  def index
+    @users = User.all
+    render json: @users, status: :ok
+  end
+
+  # GET /users/{username}
+  def show
+    render json: @user, status: :ok
+  end
+
+  # POST /users
+  def create
+    @user = User.new(user_params)
+    if @user.save
+      render json: @user, status: :created
+    else
+      render json: { errors: @user.errors.full_messages },
+             status: :unprocessable_entity
+    end
+  end
+
+  # PUT /users/{username}
+  def update
+    unless @user.update(user_params)
+      render json: { errors: @user.errors.full_messages },
+             status: :unprocessable_entity
+    end
+  end
+
+  # DELETE /users/{username}
+  def destroy
+    @user.destroy
+  end
+
+  private
+
+  def find_user
+    @user = User.find_by_username!(params[:_username])
+  rescue ActiveRecord::RecordNotFound
+    render json: { errors: 'User not found' }, status: :not_found
+  end
+
+  def user_params
+    params.require(:user).permit(:name, :username, :email, :password, :password_confirmation)
+  end
+end

metadata

@@ -0,0 +1,66 @@
+--- !ruby/object:Gem::Specification
+name: jwt-rails
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Chang-Woo Rhee
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-12-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+description: Generate JWT, User model, controller
+email: x1wins@changwoo.net
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- lib/generators/jwt_rails/USAGE
+- lib/generators/jwt_rails/jwt_rails_generator.rb
+- lib/generators/jwt_rails/templates/application_controller.rb
+- lib/generators/jwt_rails/templates/authentication_controller.rb
+- lib/generators/jwt_rails/templates/json_web_token.rb
+- lib/generators/jwt_rails/templates/user.rb
+- lib/generators/jwt_rails/templates/users_controller.rb
+homepage: https://github.com/x1wins/jwt-rails
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://www.changwoo.org
+  source_code_uri: https://github.com/x1wins/jwt-rails
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.1
+signing_key: 
+specification_version: 4
+summary: JWT, user resource for Auth rest api generator
+test_files: []