jwt_rails_api_auth 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: dad33cdca353eeb19fdeaa43506aac4b0befd645b12ec11dd7a961a22b2b0ed9
+  data.tar.gz: 17d215ffa73a2edf08b86a26821455259143c1be15a69ae25b0b3dfc429121ed
+SHA512:
+  metadata.gz: 178edb954c6e849d1980995027749630e5fa555e53878d555f13f37ec886c8e54739225bcc08e15e9e690a811290d5adf1dfdef80d6a4c692e7ac2faaa4ef968
+  data.tar.gz: ba2fe26f98fcaa7287fbf28ba8fea2dabfca18368f96d816c25c63540eacba18a02a9a3462c252b47ca1524f9d551fdd8ed55dc69dc06ae4c1cd76922bfb3295

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+## [Unreleased]
+
+## [0.1.0] - 2025-08-18
+
+- Initial release

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,132 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[INSERT CONTACT METHOD].
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations

data/Gemfile

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in jwt_rails_api_auth.gemspec
+gemspec
+
+gem "irb"
+gem "rake", "~> 13.0"
+
+gem "rspec", "~> 3.0"
+
+gem "rubocop", "~> 1.21"

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2025 Zeyad Hassan
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,128 @@
+
+
+
+[![Gem Version](https://badge.fury.io/rb/jwt_rails_api_auth.svg?icon=si%3Arubygems)](https://badge.fury.io/rb/jwt_rails_api_auth)
+
+
+# JWT Rails-api auth
+
+**JWTRailsAPIAuth** is a Rails generator that scaffolds a **JWT-based authentication system for rails API** with user management, password resets, refresh token rotation, and secure cookie handling. It saves you weeks of setup by providing all the models, controllers, serializers, and mailers you need for a robust, production-ready authentication flow.
+
+## Features
+
+- 🔑 **JWT Authentication**
+    - Access tokens (short-lived, default 15 min)
+    - Refresh tokens (stored securely in HttpOnly cookies)
+    - Token rotation + reuse detection
+    - Logout everywhere
+- 👤 **User management**
+    - User model with secure password
+    - Role support (admin, user)
+- ✉️ **Password reset**
+    - Password reset tokens (sent in response until now, you can surly sent via email)
+- 🛠️ **Rails Generators**
+    - models (`user`,`refresh_token`)
+    - controllers (`auth`, `users`, `password_resets`)
+    - serializers (`user`)
+    - mailers (`user`)
+    - concern (`Authenticatable`)
+    - initializers (`jwt_rails_api_auth`)
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```bash
+gem 'jwt_rails_api_auth', '~> 1.0'
+```
+
+and then run :
+```bash
+bundle Install
+```
+Or install it using :
+```bash
+gem install jwt_rails_api_auth
+```
+
+## Usage/Examples
+Generate the full authentication system:  
+```bash
+rails generate auth
+```
+
+Then run:  
+```bash
+bundle install  
+rails db:migrate  
+```
+
+### What’s Scaffolded
+
+- **controllers/concerns**
+  - `authenticatable.rb`:  
+    Provides JWT-based authentication methods for controllers, including token encoding/decoding, user authorization, and admin checks.
+
+- **controllers**
+  - `auth_controller.rb`:  
+    Handles login, logout, and refresh token actions.
+  - `users_controller.rb`:  
+    Manages user creation and allows admins to promote users.
+  - `password_resets_controller.rb`:  
+    Handles password reset functionality.
+
+- **models**
+  - `user.rb`
+  - `refresh_token.rb`
+
+- **initializers**
+  - `jwt_rails_api_auth.rb`:  
+    Template for configuring JwtRailsApiAuth (JWT secret, token expiry, role-based access).
+
+- **serializers**
+  - `user_serializer.rb`
+
+- **mailers**
+  - `user_mailer.rb`
+  - `application_mailer.rb`
+
+- **migrations**
+  - `create_user.rb`
+  - `create_refresh_token.rb`
+
+- **Also insert required gems in your gemfile and add cors**
+## API Routes & Request Details
+
+- **signup**
+    - header: Content-Type application/json
+    - ![alt text](docs/image.png)
+<!-- ![alt text](docs/image-1.png) signup bad username taken -->
+<!-- ![alt text](docs/image-2.png) username null -->
+- **login**
+    - header: Content-Type application/json
+    - ![alt text](docs/image-3.png)
+<!-- ![alt text](docs/image-4.png) login bad -->
+ header
+- **me (current user)**
+    - ![alt text](docs/image-6.png)
+- **expired or invalid token**
+    - ![alt text](docs/image-7.png)
+- **refresh** 
+    - ![alt text](docs/image-8.png)
+- **password resets**
+    - ![alt text](docs/image-9.png)
+    - ![alt text](docs/image-10.png)
+- **Logout**
+    - ![alt text](docs/image-11.png)
+
+
+## 🤝 Contributing
+
+Bug reports and pull requests are welcome on GitHub at [https://github.com/Zeyad-Hassan-1/authJWT](https://github.com/Zeyad-Hassan-1/authJWT).  
+
+This project follows a [Code of Conduct](CODE_OF_CONDUCT.md). Please respect it in all interactions.
+
+
+## Authors
+
+- [@Zeyad Hassan](https://https://github.com/Zeyad-Hassan-1)

data/Rakefile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+require "rubocop/rake_task"
+
+RuboCop::RakeTask.new
+
+task default: %i[spec rubocop]

data/bin/console

@@ -0,0 +1,11 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "jwt_rails_api_auth"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/generators/auth/USAGE

@@ -0,0 +1,8 @@
+Description:
+    Explain the generator
+
+Example:
+    bin/rails generate auth Thing
+
+    This will create:
+        what/will/it/create

data/lib/generators/auth/auth_generator.rb

@@ -0,0 +1,87 @@
+class AuthGenerator < Rails::Generators::Base
+  include Rails::Generators::Migration
+  source_root File.expand_path("templates", __dir__)
+
+def modify_gemfile
+    insert_into_file "Gemfile",  after: /^source ['"].*['"]\n/ do
+    <<~RUBY
+      gem 'bcrypt', '~> 3.1', '>= 3.1.12'
+      gem 'jwt', '~> 2.5'
+      gem 'rack-cors'
+      gem 'active_model_serializers', '~> 0.10.12'
+    RUBY
+    end
+end
+
+  def modify_application_rb
+    insert_into_file "config/application.rb", after: "config.api_only = true\n" do
+      <<~RUBY
+        config.middleware.use ActionDispatch::Cookies
+      RUBY
+    end
+
+  end
+
+  def add_routes
+    route <<~RUBY
+      # config/routes.rb
+        post '/login', to: 'auth#login'
+        post '/refresh', to: 'auth#refresh'
+        post '/logout', to: 'auth#logout'
+        post '/signup', to: 'users#create'
+        get '/me', to: 'users#me'
+        resources :password_resets, only: [:create] do
+          collection do
+            put '/', to: 'password_resets#update'  # PUT /password_resets
+          end
+        end
+    RUBY
+  end
+
+  def create_auth_files
+    template "controllers/auth_controller.rb", "app/controllers/auth_controller.rb"
+    template "serializers/user_serializer.rb", "app/serializers/user_serializer.rb"
+    template "controllers/users_controller.rb", "app/controllers/users_controller.rb"
+    template "controllers/password_resets_controller.rb", "app/controllers/password_resets_controller.rb"
+    template "models/user.rb", "app/models/user.rb"
+    template "models/refresh_token.rb", "app/models/refresh_token.rb"
+    template "mailers/user_mailer.rb", "app/mailers/user_mailer.rb"
+    template "mailers/application_mailer.rb", "app/mailers/application_mailer.rb"
+    template "concerns/authenticatable.rb", "app/controllers/concerns/authenticatable.rb"
+    template "initializers/jwt_rails_api_auth.rb", "config/initializers/jwt_rails_api_auth.rb"
+  end
+
+  def modify_application_controller
+    inject_into_class "app/controllers/application_controller.rb", "ApplicationController" do
+      "  include Authenticatable\n"
+    end
+  end
+
+
+  def self.next_migration_number(dirname)
+    @prev_migration_nr ||= Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
+    @prev_migration_nr += 1
+    @prev_migration_nr.to_s
+  end
+
+  def copy_migration
+    migration_template "migrations/create_user.rb", "db/migrate/create_users.rb"
+    migration_template "migrations/create_refresh_token.rb", "db/migrate/create_refresh_tokens.rb"
+  end
+
+  def enable_cors
+    insert_into_file "config/application.rb"do
+      <<~RUBY
+        Rails.application.config.middleware.insert_before 0, Rack::Cors do
+          allow do
+            origins "example.com"
+
+            resource "*",
+              headers: :any,
+              methods: [:get, :post, :put, :patch, :delete, :options, :head]
+          end
+        end
+      RUBY
+    end
+  end
+end

data/lib/generators/auth/templates/concerns/authenticatable.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+module Authenticatable
+  extend ActiveSupport::Concern
+
+  included do
+    include ActionController::Cookies
+    before_action :authorized
+
+    SECRET_KEY = JwtRailsApiAuth.configuration.jwt_secret
+
+def encode_token(payload, exp = JwtRailsApiAuth.configuration.access_token_expiry.from_now)
+
+  
+  payload[:exp] = exp.to_i
+  payload[:admin] = @user.admin? if @user.is_a?(User) && JwtRailsApiAuth.configuration.enable_roles
+  
+  token = JWT.encode(payload, SECRET_KEY)
+  
+end
+
+    def decoded_token
+      header = request.headers['Authorization']
+      return nil unless header
+
+      token = header.split(" ")[1]
+      puts "🔍 DECODE_TOKEN DEBUG: Token: #{token}"
+      
+      begin
+        decoded = JWT.decode(token, SECRET_KEY, true, { algorithm: 'HS256', verify_expiration: true })
+        puts "   Token valid, expires at: #{Time.at(decoded[0]['exp'])}" if decoded[0]['exp']
+        decoded
+      rescue JWT::ExpiredSignature => e
+        puts "   ❌ Token expired: #{e.message}"
+        @token_expired = true
+        nil
+      rescue JWT::DecodeError => e
+        puts "   ❌ Token decode error: #{e.message}"
+        nil
+      end
+    end
+
+    def current_user
+      return @current_user if defined?(@current_user)
+      
+      if decoded_token
+        user_id = decoded_token[0]['user_id']
+        @current_user = User.find_by(id: user_id)
+      else
+        @current_user = nil
+      end
+    end
+
+    def current_admin
+      current_user && (current_user.admin? || (decoded_token && decoded_token[0]['admin']))
+    end
+
+    def authorized
+      # Check if token is expired first
+      if @token_expired
+        render json: { error: 'Token has expired' }, status: :unauthorized
+        return false
+      end
+      
+      unless current_user
+        render json: { message: 'Please log in' }, status: :unauthorized
+        return false
+      end
+      
+      true
+    end
+
+    def admin_authorized
+      authorized && current_admin
+    end
+  end
+end

data/lib/generators/auth/templates/controllers/auth_controller.rb

@@ -0,0 +1,84 @@
+require "digest"
+
+class AuthController < ApplicationController
+  skip_before_action :authorized, only: [:login, :refresh, :logout]
+  rescue_from ActiveRecord::RecordNotFound, with: :handle_record_not_found
+
+  def login
+    user = User.find_by!(username: params[:username])
+    if user.authenticate(params[:password])
+      access_token  = encode_token({ user_id: user.id }, 15.minutes.from_now)
+      refresh_raw   = user.generate_refresh_token
+
+      set_refresh_cookie(refresh_raw, 7.days.from_now)
+
+      render json: {
+        user: UserSerializer.new(user),
+        access_token: access_token
+        # (we're NOT returning refresh in JSON for security)
+      }, status: :ok
+    else
+      render json: { error: "Invalid credentials" }, status: :unauthorized
+    end
+  end
+
+  def refresh
+  raw = cookies.encrypted[:refresh_token] || params[:refresh_token]
+  return render json: { error: "missing refresh token" }, status: :unauthorized if raw.blank?
+
+  digest = Digest::SHA256.hexdigest(raw)
+  rt = RefreshToken.find_by(token_digest: digest)
+
+  if rt.nil? || rt.revoked_at.present? || rt.expires_at.past?
+    rt&.user&.revoke_all_refresh_tokens!
+    cookies.delete(:refresh_token)
+    return render json: { error: "Invalid or reused refresh token. Logged out everywhere." }, status: :unauthorized
+  end
+
+  # Issue new access + refresh token
+  new_access_token  = encode_token({ user_id: rt.user_id })
+  new_refresh_token = rt.user.generate_refresh_token
+
+  # revoke the old token
+  rt.update!(revoked_at: Time.current)
+
+  # 🔑 store new refresh token in HttpOnly cookie
+  set_refresh_cookie(new_refresh_token, 7.days.from_now)
+
+  render json: { access_token: new_access_token }, status: :ok
+end
+
+
+
+  def logout
+    raw = cookies.encrypted[:refresh_token] || params[:refresh_token]
+    if raw.present?
+      digest = Digest::SHA256.hexdigest(raw)
+      RefreshToken.find_by(token_digest: digest)&.destroy
+      cookies.delete(:refresh_token)
+    end
+    render json: { message: "Logged out" }, status: :ok
+  end
+
+
+  private 
+
+    def set_refresh_cookie(raw_token, expires_at)
+    cookies.encrypted[:refresh_token] = {
+      value:     raw_token,
+      httponly:  true,
+      secure:    Rails.env.production?,
+      same_site: :lax,
+      expires:   expires_at
+    }
+  end
+
+  def login_params 
+    params.permit(:username, :password)
+  end
+
+  def handle_record_not_found(e)
+    render json: { message: "User doesn't exist" }, status: :unauthorized
+  end
+
+end

data/lib/generators/auth/templates/controllers/password_resets_controller.rb

@@ -0,0 +1,34 @@
+# app/controllers/password_resets_controller.rb
+class PasswordResetsController < ApplicationController
+  skip_before_action :authorized
+
+  # Request reset (step 1)
+# New version using username
+  def create
+    user = User.find_by(email: params[:email])
+    if user
+      user.generate_password_reset_token!
+      # Send token via your preferred method (API response, SMS, etc.)
+      render json: { 
+        message: "Reset instructions sent",
+        token: user.reset_token # In production, send this via email/SMS instead
+      }
+    else
+      render json: { error: "Username not found" }, status: :not_found
+    end
+  end
+
+  # Actual reset (step 2)
+  def update
+    user = User.find_by(reset_token: params[:token])
+    if user&.reset_sent_at && !user.password_reset_expired?
+      if user.update(password: params[:password], reset_token: nil)
+        render json: { message: "Password updated" }
+      else
+        render json: { errors: user.errors.full_messages }, status: :unprocessable_entity
+      end
+    else
+      render json: { error: "Invalid or expired token" }, status: :unprocessable_entity
+    end
+  end
+end

data/lib/generators/auth/templates/controllers/users_controller.rb

@@ -0,0 +1,28 @@
+class UsersController < ApplicationController
+  skip_before_action :authorized, only: [:create]
+  rescue_from ActiveRecord::RecordInvalid, with: :handle_invalid_record
+
+# app/controllers/users_controller.rb
+    def create 
+        user = User.create!(user_params)
+        @token = encode_token(user_id: user.id)
+        render json: {
+            user: UserSerializer.new(user), 
+            token: @token
+        }, status: :created
+    end
+
+  def me 
+    render json: current_user, status: :ok
+  end
+
+  private
+
+    def user_params 
+        params.permit(:username, :password, :bio, :email)
+    end
+
+  def handle_invalid_record(e)
+    render json: { errors: e.record.errors.full_messages }, status: :unprocessable_entity
+  end
+end

data/lib/generators/auth/templates/initializers/rails_auth_generator.rb

@@ -0,0 +1,6 @@
+JwtRailsApiAuth.configure do |config|
+  config.jwt_secret = "test_secret_key"
+  config.access_token_expiry = 10.minutes
+  config.refresh_token_expiry = 7.days
+  config.enable_roles = true
+end

data/lib/generators/auth/templates/mailers/application_mailer.rb

@@ -0,0 +1,4 @@
+class ApplicationMailer < ActionMailer::Base
+  default from: "from@example.com"
+  layout "mailer"
+end

data/lib/generators/auth/templates/mailers/user_mailer.rb

@@ -0,0 +1,6 @@
+class UserMailer < ApplicationMailer
+  def password_reset(user)
+    @user = user
+    mail to: user.email, subject: "Password Reset Instructions"
+  end
+end

data/lib/generators/auth/templates/migrations/create_refresh_token.rb

@@ -0,0 +1,14 @@
+class CreateRefreshTokens < ActiveRecord::Migration[8.0]
+  def change
+    create_table :refresh_tokens do |t|
+      t.references :user, null: false, foreign_key: true
+      t.string     :token_digest, null: false
+      t.datetime   :expires_at,   null: false
+      t.datetime   :revoked_at
+
+      t.timestamps
+    end
+
+    add_index :refresh_tokens, :token_digest, unique: true
+  end
+end

data/lib/generators/auth/templates/migrations/create_user.rb

@@ -0,0 +1,19 @@
+class CreateUsers < ActiveRecord::Migration[8.0]
+  def change
+    create_table :users do |t|
+      t.string :username, null: false
+      t.string :email
+      t.string :password_digest, null: false
+      t.string :bio
+      t.boolean :admin, default: false, null: false
+      t.string :reset_token
+      t.datetime :reset_sent_at
+
+      t.timestamps
+    end
+
+    add_index :users, :username, unique: true
+    add_index :users, :admin
+    add_index :users, :reset_token, unique: true
+  end
+end

data/lib/generators/auth/templates/models/refresh_token.rb

@@ -0,0 +1,9 @@
+class RefreshToken < ApplicationRecord
+  belongs_to :user
+  scope :active, -> { where("expires_at > ?", Time.current) }
+  validates :token_digest, presence: true, uniqueness: true
+
+  def expired?
+    Time.current >= expires_at
+  end
+end

data/lib/generators/auth/templates/models/user.rb

@@ -0,0 +1,33 @@
+require "digest"
+
+class User < ApplicationRecord
+    has_secure_password
+    has_many :refresh_tokens, dependent: :destroy
+    validates :username, uniqueness: true
+
+    # returns the RAW token (client uses this), stores only SHA256 digest
+    def generate_refresh_token
+        raw   = SecureRandom.hex(64)
+        digest = Digest::SHA256.hexdigest(raw)
+        refresh_tokens.create!(
+        token_digest: digest,
+        expires_at: 7.days.from_now
+        )
+        raw
+    end
+
+    # revoke all tokens for this user
+    def revoke_all_refresh_tokens!
+        refresh_tokens.update_all(revoked_at: Time.current)
+    end
+
+    def generate_password_reset_token!
+        self.reset_token = SecureRandom.urlsafe_base64
+        self.reset_sent_at = Time.now.utc
+        save!(validate: false) # Skip validations for password reset
+    end
+
+    def password_reset_expired?
+        reset_sent_at < 1.hour.ago
+    end
+end

data/lib/generators/auth/templates/serializers/user_serializer.rb

@@ -0,0 +1,3 @@
+class UserSerializer < ActiveModel::Serializer
+  attributes :username, :bio, :admin, :email
+end

data/lib/jwt_rails_api_auth/configuration.rb

@@ -0,0 +1,15 @@
+module JwtRailsApiAuth
+  class Configuration
+    attr_accessor :jwt_secret,
+                  :access_token_expiry,
+                  :refresh_token_expiry,
+                  :enable_roles
+
+    def initialize
+      @jwt_secret = nil
+      @access_token_expiry = 15.minutes
+      @refresh_token_expiry = 30.days
+      @enable_roles = false
+    end
+  end
+end

data/lib/jwt_rails_api_auth/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module JwtRailsApiAuth
+  VERSION = "1.0.0"
+end

data/lib/jwt_rails_api_auth.rb

@@ -0,0 +1,15 @@
+require "jwt_rails_api_auth/version"
+require "jwt_rails_api_auth/configuration"
+
+module JwtRailsApiAuth
+  class Error < StandardError; end
+
+  class << self
+    attr_accessor :configuration
+
+    def configure
+      self.configuration ||= Configuration.new
+      yield(configuration)
+    end
+  end
+end

metadata

@@ -0,0 +1,136 @@
+--- !ruby/object:Gem::Specification
+name: jwt_rails_api_auth
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Zeyad Hassan
+bindir: exe
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.0'
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.12
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.12
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+- !ruby/object:Gem::Dependency
+  name: rack-cors
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: active_model_serializers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.10.12
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.10.12
+email:
+- " studying.zezo@gmail.com"
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- README_NEW.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/generators/auth/USAGE
+- lib/generators/auth/auth_generator.rb
+- lib/generators/auth/templates/concerns/authenticatable.rb
+- lib/generators/auth/templates/controllers/auth_controller.rb
+- lib/generators/auth/templates/controllers/password_resets_controller.rb
+- lib/generators/auth/templates/controllers/users_controller.rb
+- lib/generators/auth/templates/initializers/rails_auth_generator.rb
+- lib/generators/auth/templates/mailers/application_mailer.rb
+- lib/generators/auth/templates/mailers/user_mailer.rb
+- lib/generators/auth/templates/migrations/create_refresh_token.rb
+- lib/generators/auth/templates/migrations/create_user.rb
+- lib/generators/auth/templates/models/refresh_token.rb
+- lib/generators/auth/templates/models/user.rb
+- lib/generators/auth/templates/serializers/user_serializer.rb
+- lib/jwt_rails_api_auth.rb
+- lib/jwt_rails_api_auth/configuration.rb
+- lib/jwt_rails_api_auth/version.rb
+homepage: https://github.com/Zeyad-Hassan-1/authJWT.git
+licenses:
+- MIT
+metadata: {}
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.2.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: Provides Rails generators for authentication, user management, password resets,
+  and mailers, streamlining the setup of secure user authentication in Rails applications.
+test_files: []