jwt_api 0.1.1 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/README.md +13 -12
- data/jwt_api-0.1.4.gem +0 -0
- data/jwt_api.gemspec +2 -2
- data/lib/generators/jwt_api/setup_generator.rb +0 -4
- data/lib/generators/jwt_api/templates/api/base_controller.rb +2 -7
- data/lib/generators/jwt_api/templates/initializers/json_web_token.rb +1 -1
- data/lib/jwt_api/version.rb +1 -1
- metadata +5 -5
- data/jwt_api-0.1.0.gem +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c5cbc0f093c852b43cdb8b003aa0c01626e3be9028bf6b81e321e25c34f8b3bd
|
|
4
|
+
data.tar.gz: 4eff6628212209e189a8949f13860d3125e1df30f85580848f94935b7bf1d4d1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2cf65ed0499db74943eb7004f442f928463ee58bf6b50bef9643d71c100a90cd36588acc5bf0954e0547e1aa64ee9baa41efc4616a8f663dd940c9be198763ba
|
|
7
|
+
data.tar.gz: '0304883cd1deccf26f4d256a5141e0735ef9ce7f548b2acc91bed2fa5d8a809f6da0ddc7cfd8b1bd0465437f3d3c5321dc77961b5986c924927d59d2ae9ee080'
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# JwtApi
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
Scaffold a JSON Web Token API.
|
|
4
4
|
|
|
5
5
|
## Installation
|
|
6
6
|
|
|
@@ -56,8 +56,17 @@ Running via Spring preloader in process 56250
|
|
|
56
56
|
|
|
57
57
|
1. Make sure that each user that needs access to the API has a JTI generated.
|
|
58
58
|
1. `User.first.jti = SecureRandom.uuid`
|
|
59
|
-
2.
|
|
60
|
-
|
|
59
|
+
2. From your Rails console run `SecureRandom.hex(64)` and make note of the output.
|
|
60
|
+
- Sample output:
|
|
61
|
+
```text
|
|
62
|
+
"0086870fb04cafbaa15b110cf78352fbca75537cc90e06892e206e07c24caa33ff5f6aadf2649cafac08c4acf6a1b7527b97bfa943481c282ba2480a0a922657"
|
|
63
|
+
```
|
|
64
|
+
3. Run `rails credentials:edit --environment=development` (and production, staging when applicable) and set your `jwt_secret` environment variable.
|
|
65
|
+
```yml
|
|
66
|
+
jwt_secret: 0086870fb04cafbaa15b110cf78352fbca75537cc90e06892e206e07c24caa33ff5f6aadf2649cafac08c4acf6a1b7527b97bfa943481c282ba2480a0a922657
|
|
67
|
+
```
|
|
68
|
+
3. Request a JWT at the `/api/authenticate/` endpoint.
|
|
69
|
+
4. Include that token as a `Bearer` token in all other requests.
|
|
61
70
|
|
|
62
71
|
|
|
63
72
|
[](https://app.getpostman.com/run-collection/6130650-059cc2e3-88f7-48a8-95d0-d7dca1d7caef?action=collection%2Ffork&collection-url=entityId%3D6130650-059cc2e3-88f7-48a8-95d0-d7dca1d7caef%26entityType%3Dcollection%26workspaceId%3D128e0ba1-898b-40bb-8006-a329fb1c28de)
|
|
@@ -67,11 +76,6 @@ Running via Spring preloader in process 56250
|
|
|
67
76
|
|
|
68
77
|
## Limitations
|
|
69
78
|
- Currently this will only work with a devise User model.
|
|
70
|
-
## Development
|
|
71
|
-
|
|
72
|
-
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
|
73
|
-
|
|
74
|
-
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
|
75
79
|
|
|
76
80
|
## Contributing
|
|
77
81
|
|
|
@@ -83,8 +87,5 @@ The gem is available as open source under the terms of the [MIT License](https:/
|
|
|
83
87
|
|
|
84
88
|
## Code of Conduct
|
|
85
89
|
|
|
86
|
-
Everyone interacting in the JwtApi project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/
|
|
87
|
-
|
|
90
|
+
Everyone interacting in the JwtApi project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/leopolicastro/jwt_api/blob/main/CODE_OF_CONDUCT.md).
|
|
88
91
|
|
|
89
|
-
## TODO
|
|
90
|
-
- Create test suite and add to generator to copy into users app.
|
data/jwt_api-0.1.4.gem
ADDED
|
Binary file
|
data/jwt_api.gemspec
CHANGED
|
@@ -8,8 +8,8 @@ Gem::Specification.new do |spec|
|
|
|
8
8
|
spec.authors = ['Leo Policastro']
|
|
9
9
|
spec.email = ['lpolicastro@pm.me']
|
|
10
10
|
|
|
11
|
-
spec.summary = '
|
|
12
|
-
spec.description = '
|
|
11
|
+
spec.summary = 'Scaffold a JSON Web Token API'
|
|
12
|
+
spec.description = 'Scaffold a JSON Web Token API.'
|
|
13
13
|
spec.homepage = 'https://github.com/leopolicastro/jwt_api/'
|
|
14
14
|
spec.license = 'MIT'
|
|
15
15
|
spec.required_ruby_version = '>= 2.4.0'
|
|
@@ -8,7 +8,7 @@ class Api::BaseController < ApplicationController
|
|
|
8
8
|
protected
|
|
9
9
|
|
|
10
10
|
def authenticate_request!
|
|
11
|
-
|
|
11
|
+
http_token && auth_token && jti_matches?
|
|
12
12
|
rescue JWT::VerificationError, JWT::DecodeError
|
|
13
13
|
render json: { errors: ['Unauthorized'] }, status: :unauthorized
|
|
14
14
|
end
|
|
@@ -21,8 +21,7 @@ class Api::BaseController < ApplicationController
|
|
|
21
21
|
|
|
22
22
|
def auth_token
|
|
23
23
|
@auth_token ||= jwt.decode(http_token)[0].to_h.symbolize_keys!
|
|
24
|
-
return
|
|
25
|
-
return @auth_token if @auth_token.present? && @auth_token[:user_id].present? && jti_matches?
|
|
24
|
+
return @auth_token if @auth_token.present? && @auth_token[:user_id].present? && !token_expired?
|
|
26
25
|
end
|
|
27
26
|
|
|
28
27
|
def token_expired?
|
|
@@ -34,10 +33,6 @@ class Api::BaseController < ApplicationController
|
|
|
34
33
|
@current_user&.jti == @auth_token[:jti]
|
|
35
34
|
end
|
|
36
35
|
|
|
37
|
-
def user_id_in_token?
|
|
38
|
-
http_token && auth_token
|
|
39
|
-
end
|
|
40
|
-
|
|
41
36
|
def user_reset_token_in_params?
|
|
42
37
|
params[:reset_password_token]
|
|
43
38
|
end
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
# JSON Web Token class
|
|
4
4
|
class JsonWebToken
|
|
5
|
-
def initialize(key = Rails.application.credentials[:
|
|
5
|
+
def initialize(key = Rails.application.credentials[:jwt_secret], algorithm = 'HS256')
|
|
6
6
|
@key = key
|
|
7
7
|
@algorithm = algorithm
|
|
8
8
|
end
|
data/lib/jwt_api/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jwt_api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Leo Policastro
|
|
@@ -30,7 +30,7 @@ dependencies:
|
|
|
30
30
|
- - ">="
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
32
|
version: 2.2.3
|
|
33
|
-
description:
|
|
33
|
+
description: Scaffold a JSON Web Token API.
|
|
34
34
|
email:
|
|
35
35
|
- lpolicastro@pm.me
|
|
36
36
|
executables: []
|
|
@@ -48,7 +48,7 @@ files:
|
|
|
48
48
|
- Rakefile
|
|
49
49
|
- bin/console
|
|
50
50
|
- bin/setup
|
|
51
|
-
- jwt_api-0.1.
|
|
51
|
+
- jwt_api-0.1.4.gem
|
|
52
52
|
- jwt_api.gemspec
|
|
53
53
|
- lib/generators/jwt_api/setup_generator.rb
|
|
54
54
|
- lib/generators/jwt_api/templates/api/base_controller.rb
|
|
@@ -84,8 +84,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
84
84
|
- !ruby/object:Gem::Version
|
|
85
85
|
version: '0'
|
|
86
86
|
requirements: []
|
|
87
|
-
rubygems_version: 3.3.
|
|
87
|
+
rubygems_version: 3.3.7
|
|
88
88
|
signing_key:
|
|
89
89
|
specification_version: 4
|
|
90
|
-
summary:
|
|
90
|
+
summary: Scaffold a JSON Web Token API
|
|
91
91
|
test_files: []
|
data/jwt_api-0.1.0.gem
DELETED
|
Binary file
|