RubyGems - jwt-secure - Versions diffs - 0.1.3 → 0.1.6 - Mend

jwt-secure 0.1.3 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/lib/jwt_secure/controllers.rb +69 -0
data/lib/{jwt-secure → jwt_secure}/engine.rb +1 -0
data/lib/jwt_secure.rb +6 -0
metadata +5 -6
data/app/config/routes.rb +0 -3
data/app/controller/jwt-secure/jwt-secure_controller.rb +0 -7
data/lib/jwt-secure.rb +0 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4dbd8af8175209d5332f6084208ef0eb36d1a393be1d9950338e3b5e28b78b01
-  data.tar.gz: 51a095972461288b542a5d1170ce3bb5de5223760574ff5de9b39746e2423768
+  metadata.gz: 43d28a0811cdcfcbab6de745f66369d211f0e81bb10f29fd9c1d7c2547f32021
+  data.tar.gz: 8725be701d18c64342bddc30584c57995b5364fc25598160a21be1919f5459cc
 SHA512:
-  metadata.gz: b27a26ac3119cfff25d55c04ddf7a4f5d6f3c5ed73d57ae64604741a03dfafeb7b226c0fa4d5f6774930d9b0d8f274065cb263fc3ef0a5ac1cfc3eb01dac0f01
-  data.tar.gz: 85c7ff975f3656246e1d21bcf6ac5559b6cefb48fb3f7970f843358fa85393be5d0b02745fa798a531a21240c34ac65277fada4d2ebd8ed3476c84b3b94a9b44
+  metadata.gz: a491a39f3bf21ca112a19818afc1aadff133d31105310b4c8afa7dccaafa7664c5a0e5272ab509fab2c8ceb410cadea3506fb0b93b16be5ad4125dc205c541ac
+  data.tar.gz: fc815a37549eef245b718893d5dba562f0d1002f20c3ffd35115ee210f853328c49262d3df6b7545986aaa9b2fadc544582a9a8a9c6f45fb4d8c856a7908c175

data/lib/jwt_secure/controllers.rb ADDED Viewed

@@ -0,0 +1,69 @@
+require "jwt"
+class JsonWebToken
+  def self.encode(payload, key)
+    JWT.encode(payload,key)
+  end
+  def self.decode(token, key)
+    puts key
+    JWT.decode(token,key).first
+  end
+end
+module JwtSecure
+  class ApiJwtController < ApplicationController
+    before_action(:authenticate_jwtsecure)
+    def authenticate_jwtsecure()
+      begin
+        payload = JsonWebToken.decode(get_auth_token, @jwtsecure_secret)
+        if payload.present?
+          @current_user = User.find(payload["user_id"])
+        else
+          render json: {errors: ["Invalid Token, user not found!"]}, status: :unauthorized
+        end
+      rescue
+        render json: {errors: ["token not found!"]}, status: :unauthorized
+      end
+    end
+    def get_auth_token()
+      @auth_token ||= cookies.encrypted[@jwtsecure_cookiename]
+    end
+  end
+  class AuthController < ApplicationController
+    def login
+       # find user
+      user = @jwtsecure_usermodel.find_by(@jwtsecure_findby)
+      if user && user.authenticate(@jwtsecure_password)
+        # password is correct -> proced to login
+        # set toke inside httpOnly Cookie
+        jwt_token = JsonWebToken.encode({user_id: user.id},@jwtsecure_secret)
+        cookies.encrypted[@jwtsecure_cookiename] = {
+          value: jwt_token,
+          http_only: true,
+          same_site: :strict
+        }
+        render json: {message: "Successfull login!", success: true, user: user}, status: :ok
+      else
+        # password incorrect -> failed login
+        render json: {errors: ["Invalid email or password"], success: false}, status: :unauthorized
+      end
+    end
+    def logout
+      cookies.encrypted[@jwtsecure_cookiename] = {
+        value: "",
+        http_only: true,
+        same_site: :strict
+      }
+      render json: {message: "logged out, cookie removed", success: true}, status: :ok
+    end
+  end
+end

data/lib/{jwt-secure → jwt_secure}/engine.rb RENAMED Viewed

@@ -1,5 +1,6 @@
 module JwtSecure
   class Engine < ::Rails::Engine
+    paths.add "lib", eager_load: true
     isolate_namespace JwtSecure
   end
 end

data/lib/jwt_secure.rb ADDED Viewed

@@ -0,0 +1,6 @@
+require_relative "jwt_secure/engine"
+require_relative "jwt_secure/controllers"
+module JwtSecure
+end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: jwt-secure
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.1.6
 platform: ruby
 authors:
 - M Alvee
@@ -45,10 +45,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- app/config/routes.rb
-- app/controller/jwt-secure/jwt-secure_controller.rb
-- lib/jwt-secure.rb
-- lib/jwt-secure/engine.rb
+- lib/jwt_secure.rb
+- lib/jwt_secure/controllers.rb
+- lib/jwt_secure/engine.rb
 homepage: https://github.com/0xMALVEE/jwt-secure
 licenses:
 - MIT
@@ -71,5 +70,5 @@ requirements: []
 rubygems_version: 3.4.6
 signing_key:
 specification_version: 4
-summary: Secure JWT authentication for Ruby on Rails.
+summary: Secure JWT authentication for Ruby on Rails that uses http only cookies.
 test_files: []

data/app/config/routes.rb DELETED Viewed

@@ -1,3 +0,0 @@
-JwtSecure::Engine.routes.draw do
-  get '/api/token', to: 'tokens#generate'
-end

data/app/controller/jwt-secure/jwt-secure_controller.rb DELETED Viewed

@@ -1,7 +0,0 @@
-module JwtSecure
-  class TokensController < ApplicationController
-    def generate
-      render json: { token: 'kasdfuower' }
-    end
-  end
-end

data/lib/jwt-secure.rb DELETED Viewed

@@ -1,4 +0,0 @@
-require 'jwt-secure/engine'
-module JwtSecure
-end