RubyGems - rails_auth_generator - Versions diffs - 0.1.0 → 1.0.0 - Mend

rails_auth_generator 0.1.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 85d77a6bc6b301f548d4b32df46624745643fca4c44549abac11c9ed1649b3c6
-  data.tar.gz: da6497b98e1fb6e88ebd045d7879f4be199242f7ef5339617ef62c69b56f505f
+  metadata.gz: bf69a30ca1854528205157aa7d45cf0138f78b50dc87b86e3db9a803e1368443
+  data.tar.gz: de809c1c82d18fae7af04964caf5d07c26db2178cd4e4cd40407a7debaf78d7f
 SHA512:
-  metadata.gz: ad1a93631c931470ba58429e00d42148945806ae6bef329097c69128d6858f34232b47ecfefd0f903795028222fa1f5027a79b05a1e7d009cb87876396a2db25
-  data.tar.gz: f11d8ed3bf418bf57574db49f40ff9a3b96a7b80439f272ba23a2596d205dc7fda006599efb7f7c2e6d193c8286676d31673938719844aac7e1836fe8cfe3005
+  metadata.gz: 0203aa88a66a391c60837ecd69dee7a69b813b407e840256cdbd891e10b3f29a354450811dcbeaca3f50588e48b369aba92b41c96cf781ce130aae1630a35717
+  data.tar.gz: c3fbeee8f0b7f1ba781d14872b43e33571826866c868a51df2c5e316ac2471a6b2e564555bc854be9f0691076f5e795125e3f9457541449a87bb63941cd2c086

data/README.md CHANGED Viewed

@@ -1,43 +1,149 @@
 # RailsAuthGenerator
-TODO: Delete this and the text below, and describe your gem
+**RailsAuthGenerator** is a Rails generator that scaffolds a **JWT-based authentication system** with user management, password resets, refresh token rotation, and secure cookie handling. It saves you weeks of setup by providing all the models, controllers, serializers, and mailers you need for a robust, production-ready authentication flow.
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/rails_auth_generator`. To experiment with that code, run `bin/console` for an interactive prompt.
+---
-## Installation
+## ✨ Features
-TODO: Replace `UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG` with your gem name right after releasing it to RubyGems.org. Please do not do it earlier due to security reasons. Alternatively, replace this section with instructions to install your gem from git if you don't plan to release to RubyGems.org.
+- 🔑 **JWT Authentication**
+  - Access tokens (short-lived, default 15 min)
+  - Refresh tokens (stored securely in HttpOnly cookies)
+  - Token rotation + reuse detection
+  - Logout everywhere
+- 👤 **User management**
+  - User model with secure password
+  - Role support (admin, user)
+- ✉️ **Password reset**
+  - Password reset tokens sent via email
+- 🛠️ **Rails Generators**
+  - User model + migrations
+  - Auth controllers (`auth`, `users`, `password_resets`)
+  - Serializers and mailers
+- ⚡ Works with **Rails 6.0+**
-Install the gem and add to the application's Gemfile by executing:
+---
-```bash
-bundle add UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG
-```
+## 📦 Installation
-If bundler is not being used to manage dependencies, install the gem by executing:
+Add this line to your application's Gemfile:
+`gem 'rails_auth_generator', '~> 0.2.1'`
-```bash
-gem install UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG
-```
+and then run:
+`bundle install`
-## Usage
+Or install it manually:
+`gem install rails_auth_generator`
-TODO: Write usage instructions here
+If you want the latest version from GitHub:
+`gem 'rails_auth_generator', git: 'https://github.com/Zeyad-Hassan-1/authJWT.git'`
-## Development
+---
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+## 🚀 Usage
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+Generate the full authentication system:
+`rails generate auth`
-## Contributing
+Then run:
+`bundle install`
+`rails db:migrate`
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/rails_auth_generator. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/rails_auth_generator/blob/master/CODE_OF_CONDUCT.md).
+This scaffolds:
+- User model & migrations
+- Controllers for authentication, users, and password resets
+- Mailers for password reset
+- Serializers for user data
-## License
+You can freely customize the generated files to match your app’s requirements.
-The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+---
-## Code of Conduct
+## 🔧 Additional Setup
-Everyone interacting in the RailsAuthGenerator project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/rails_auth_generator/blob/master/CODE_OF_CONDUCT.md).
+### 1. Enable CORS
+Uncomment the CORS config in `config/initializers/cors.rb` if building an API:
+`Rails.application.config.middleware.insert_before 0, Rack::Cors do
+  allow do
+    origins '*'
+    resource '*',
+      headers: :any,
+      methods: [:get, :post, :put, :patch, :delete, :options, :head],
+      credentials: true
+  end
+end`
+### 2. Set JWT Secret
+Edit your Rails credentials:
+`VISUAL="code --wait" bin/rails credentials:edit`
+Add:
+`jwt:
+  secret: <your_generated_secret>`
+Generate a secret key:
+`rails secret`
+Replace `<your_generated_secret>` with the generated key.
+---
+## 📚 API Overview
+| Route             | Method | Description |
+|-------------------|--------|-------------|
+| `/signup`         | POST   | Create a new user |
+| `/login`          | POST   | Authenticate user, return JWT + set refresh cookie |
+| `/me`             | GET    | Get current logged-in user |
+| `/refresh`        | POST   | Rotate refresh token + issue new JWT |
+| `/logout`         | DELETE | Revoke refresh token + clear cookie |
+| `/password_resets`| POST   | Request a password reset |
+| `/password_resets` | PUT | Reset password with token |
+---
+## 🧪 Example Usage
+1. Sign up:
+`curl -X POST http://localhost:3000/signup -H "Content-Type: application/json" -d '{"user": {"email":"test@example.com","password":"secret123"}}'`
+2. Login:
+`curl -X POST http://localhost:3000/login -H "Content-Type: application/json" -d '{"email":"test@example.com","password":"secret123"}'`
+➡️ Returns `{ "token": "...", "user": {...} }`
+Refresh token is stored in an **HttpOnly cookie**.
+3. Access protected route:
+`curl -H "Authorization: Bearer <your_token>" http://localhost:3000/me`
+4. Refresh token:
+`curl -X POST http://localhost:3000/refresh`
+➡️ Returns new access token, rotates refresh cookie.
+5. Logout:
+`curl -X DELETE http://localhost:3000/logout`
+➡️ Revokes refresh token + clears cookie.
+---
+## 🛡️ Security Defaults
+- Access tokens expire after **15 minutes**
+- Refresh tokens expire after **7 days**
+- Refresh tokens are **rotated on every use**
+- Reused tokens trigger **global logout**
+---
+## 🤝 Contributing
+Bug reports and pull requests are welcome on GitHub at [https://github.com/Zeyad-Hassan-1/authJWT](https://github.com/Zeyad-Hassan-1/authJWT).
+This project follows a [Code of Conduct](CODE_OF_CONDUCT.md). Please respect it in all interactions.
+---
+## 📄 License
+This gem is available as open source under the terms of the [MIT License](LICENSE.txt).

data/README_NEW.md CHANGED Viewed

@@ -1,59 +0,0 @@
-# RailsAuthGenerator
-RailsAuthGenerator provides Rails generators for authentication, user management, password resets, and mailers, streamlining the setup of secure user authentication in Rails applications. It helps you quickly scaffold all necessary models, controllers, mailers, and migrations for a robust authentication system.
-## Features
-- User model and migration generator
-- Authentication controller and password reset controller
-- User serializer for API responses
-- Mailers for sending token to reset password
-- Easy integration with Rails 6.0+
-## Installation
-Add this line to your application's Gemfile:
-```ruby
-bundle add rails_auth_generator
-```
-Or install it manually:
-```bash
-gem install rails_auth_generator
-```
-If you want to use the latest version from GitHub:
-```ruby
-gem 'rails_auth_generator', git: 'https://github.com/Zeyad-Hassan-1/authJWT.git'
-```
-## Usage
-Run the generator to scaffold authentication features:
-```bash
-rails generate auth
-```
-This will create:
-- User model and migration
-- Authentication controllers (auth, password resets, users)
-- Mailers for sending token to reset password
-- Serializers for user data
-You can customize the generated files as needed for your application.
-## Contributing
-Bug reports and pull requests are welcome on GitHub at [https://github.com/Zeyad-Hassan-1/authJWT](https://github.com/Zeyad-Hassan-1/authJWT). This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](CODE_OF_CONDUCT.md).
-## License
-The gem is available as open source under the terms of the [MIT License](LICENSE.txt).
-## Code of Conduct
-Everyone interacting in the RailsAuthGenerator project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](CODE_OF_CONDUCT.md).

data/lib/generators/auth/auth_generator.rb CHANGED Viewed

@@ -2,99 +2,88 @@ class AuthGenerator < Rails::Generators::Base
   include Rails::Generators::Migration
   source_root File.expand_path("templates", __dir__)
-  def modify_gemfile
-insert_into_file "Gemfile",  after: /^source ['"].*['"]\n/ do
-  <<~RUBY
-    gem 'bcrypt', '~> 3.1', '>= 3.1.12'
-    gem 'jwt', '~> 2.5'
-    gem 'rack-cors'
-    gem 'active_model_serializers', '~> 0.10.12'
-  RUBY
+def modify_gemfile
+    insert_into_file "Gemfile",  after: /^source ['"].*['"]\n/ do
+    <<~RUBY
+      gem 'bcrypt', '~> 3.1', '>= 3.1.12'
+      gem 'jwt', '~> 2.5'
+      gem 'rack-cors'
+      gem 'active_model_serializers', '~> 0.10.12'
+    RUBY
+    end
 end
+  def modify_application_rb
+    insert_into_file "config/application.rb", after: "config.api_only = true\n" do
+      <<~RUBY
+        config.middleware.use ActionDispatch::Cookies
+      RUBY
+    end
   end
   def add_routes
     route <<~RUBY
-    # config/routes.rb
-      post '/login', to: 'auth#login'
-      post '/signup', to: 'users#create'
-      get '/me', to: 'users#me'
-      resources :password_resets, only: [:create] do
-        collection do
-          put '/', to: 'password_resets#update'  # PUT /password_resets
+      # config/routes.rb
+        post '/login', to: 'auth#login'
+        post '/refresh', to: 'auth#refresh'
+        post '/logout', to: 'auth#logout'
+        post '/signup', to: 'users#create'
+        get '/me', to: 'users#me'
+        resources :password_resets, only: [:create] do
+          collection do
+            put '/', to: 'password_resets#update'  # PUT /password_resets
+          end
         end
-      end
-      # Admin routes
-      post '/users/:id/make_admin', to: 'users#make_admin'
+        # Admin routes
+        post '/users/:id/make_admin', to: 'users#make_admin'
     RUBY
   end
   def create_auth_files
-    template "auth_controller.rb", "app/controllers/auth_controller.rb"
-    template "user_serializer.rb", "app/serializers/user_serializer.rb"
-    template "users_controller.rb", "app/controllers/users_controller.rb"
-    template "password_resets_controller.rb", "app/controllers/password_resets_controller.rb"
-    template "user.rb", "app/models/user.rb"
+    template "controllers/auth_controller.rb", "app/controllers/auth_controller.rb"
+    template "serializers/user_serializer.rb", "app/serializers/user_serializer.rb"
+    template "controllers/users_controller.rb", "app/controllers/users_controller.rb"
+    template "controllers/password_resets_controller.rb", "app/controllers/password_resets_controller.rb"
+    template "models/user.rb", "app/models/user.rb"
+    template "models/refresh_token.rb", "app/models/refresh_token.rb"
     template "mailers/user_mailer.rb", "app/mailers/user_mailer.rb"
     template "mailers/application_mailer.rb", "app/mailers/application_mailer.rb"
+    template "concerns/authenticatable.rb", "app/controllers/concerns/authenticatable.rb"
+    template "initializers/rails_auth_generator.rb", "config/initializers/rails_auth_generator.rb"
   end
   def modify_application_controller
     inject_into_class "app/controllers/application_controller.rb", "ApplicationController" do
-      <<~RUBY
-        before_action :authorized
-        def encode_token(payload)
-          # Add admin status to the payload if user is admin
-          payload[:admin] = @user.admin? if @user.is_a?(User)
-          JWT.encode(payload, 'hellomars1211')
-        end
+      "  include Authenticatable\n"
+    end
+  end
-        def decoded_token
-          header = request.headers['Authorization']
-          if header
-            token = header.split(" ")[1]
-            begin
-              JWT.decode(token, 'hellomars1211', true, algorithm: 'HS256')
-            rescue JWT::DecodeError
-              nil
-            end
-          end
-        end
-        def current_user
-          if decoded_token
-            user_id = decoded_token[0]['user_id']
-            @user = User.find_by(id: user_id)
-          end
-        end
+  def self.next_migration_number(dirname)
+    @prev_migration_nr ||= Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
+    @prev_migration_nr += 1
+    @prev_migration_nr.to_s
+  end
-        def current_admin
-          current_user && (current_user.admin? || decoded_token[0]['admin'])
-        end
+  def copy_migration
+    migration_template "migrations/create_user.rb", "db/migrate/create_users.rb"
+    migration_template "migrations/create_refresh_token.rb", "db/migrate/create_refresh_tokens.rb"
+  end
-        def authorized
-          unless !!current_user
-            render json: { message: 'Please log in' }, status: :unauthorized
-          end
-        end
+  def enable_cors
+    insert_into_file "config/application.rb"do
+      <<~RUBY
+        Rails.application.config.middleware.insert_before 0, Rack::Cors do
+          allow do
+            origins "example.com"
-        def admin_authorized
-          unless current_admin
-            render json: { message: 'Admin access required' }, status: :forbidden
+            resource "*",
+              headers: :any,
+              methods: [:get, :post, :put, :patch, :delete, :options, :head]
           end
         end
       RUBY
     end
   end
-  def self.next_migration_number(dirname)
-    Time.now.utc.strftime("%Y%m%d%H%M%S")
-  end
-  def copy_migration
-    migration_template "migrations/create_user.rb", "db/migrate/create_users.rb"
-  end
 end

data/lib/generators/auth/templates/concerns/authenticatable.rb ADDED Viewed

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+module Authenticatable
+  extend ActiveSupport::Concern
+  included do
+    include ActionController::Cookies
+    before_action :authorized
+    SECRET_KEY = RailsAuthGenerator.configuration.jwt_secret
+def encode_token(payload, exp = RailsAuthGenerator.configuration.access_token_expiry.from_now)
+  payload[:exp] = exp.to_i
+  payload[:admin] = @user.admin? if @user.is_a?(User) && RailsAuthGenerator.configuration.enable_roles
+  token = JWT.encode(payload, SECRET_KEY)
+end
+    def decoded_token
+      header = request.headers['Authorization']
+      return nil unless header
+      token = header.split(" ")[1]
+      puts "🔍 DECODE_TOKEN DEBUG: Token: #{token}"
+      begin
+        decoded = JWT.decode(token, SECRET_KEY, true, { algorithm: 'HS256', verify_expiration: true })
+        puts "   Token valid, expires at: #{Time.at(decoded[0]['exp'])}" if decoded[0]['exp']
+        decoded
+      rescue JWT::ExpiredSignature => e
+        puts "   ❌ Token expired: #{e.message}"
+        @token_expired = true
+        nil
+      rescue JWT::DecodeError => e
+        puts "   ❌ Token decode error: #{e.message}"
+        nil
+      end
+    end
+    def current_user
+      return @current_user if defined?(@current_user)
+      if decoded_token
+        user_id = decoded_token[0]['user_id']
+        @current_user = User.find_by(id: user_id)
+      else
+        @current_user = nil
+      end
+    end
+    def current_admin
+      current_user && (current_user.admin? || (decoded_token && decoded_token[0]['admin']))
+    end
+    def authorized
+      # Check if token is expired first
+      if @token_expired
+        render json: { error: 'Token has expired' }, status: :unauthorized
+        return false
+      end
+      unless current_user
+        render json: { message: 'Please log in' }, status: :unauthorized
+        return false
+      end
+      true
+    end
+    def admin_authorized
+      authorized && current_admin
+    end
+  end
+end

data/lib/generators/auth/templates/controllers/auth_controller.rb ADDED Viewed

@@ -0,0 +1,84 @@
+require "digest"
+class AuthController < ApplicationController
+  skip_before_action :authorized, only: [:login, :refresh, :logout]
+  rescue_from ActiveRecord::RecordNotFound, with: :handle_record_not_found
+  def login
+    user = User.find_by!(username: params[:username])
+    if user.authenticate(params[:password])
+      access_token  = encode_token({ user_id: user.id }, 15.minutes.from_now)
+      refresh_raw   = user.generate_refresh_token
+      set_refresh_cookie(refresh_raw, 7.days.from_now)
+      render json: {
+        user: UserSerializer.new(user),
+        access_token: access_token
+        # (we're NOT returning refresh in JSON for security)
+      }, status: :ok
+    else
+      render json: { error: "Invalid credentials" }, status: :unauthorized
+    end
+  end
+  def refresh
+  raw = cookies.encrypted[:refresh_token] || params[:refresh_token]
+  return render json: { error: "missing refresh token" }, status: :unauthorized if raw.blank?
+  digest = Digest::SHA256.hexdigest(raw)
+  rt = RefreshToken.find_by(token_digest: digest)
+  if rt.nil? || rt.revoked_at.present? || rt.expires_at.past?
+    rt&.user&.revoke_all_refresh_tokens!
+    cookies.delete(:refresh_token)
+    return render json: { error: "Invalid or reused refresh token. Logged out everywhere." }, status: :unauthorized
+  end
+  # Issue new access + refresh token
+  new_access_token  = encode_token({ user_id: rt.user_id })
+  new_refresh_token = rt.user.generate_refresh_token
+  # revoke the old token
+  rt.update!(revoked_at: Time.current)
+  # 🔑 store new refresh token in HttpOnly cookie
+  set_refresh_cookie(new_refresh_token, 7.days.from_now)
+  render json: { access_token: new_access_token }, status: :ok
+end
+  def logout
+    raw = cookies.encrypted[:refresh_token] || params[:refresh_token]
+    if raw.present?
+      digest = Digest::SHA256.hexdigest(raw)
+      RefreshToken.find_by(token_digest: digest)&.destroy
+      cookies.delete(:refresh_token)
+    end
+    render json: { message: "Logged out" }, status: :ok
+  end
+  private
+    def set_refresh_cookie(raw_token, expires_at)
+    cookies.encrypted[:refresh_token] = {
+      value:     raw_token,
+      httponly:  true,
+      secure:    Rails.env.production?,
+      same_site: :lax,
+      expires:   expires_at
+    }
+  end
+  def login_params
+    params.permit(:username, :password)
+  end
+  def handle_record_not_found(e)
+    render json: { message: "User doesn't exist" }, status: :unauthorized
+  end
+end

data/lib/generators/auth/templates/{users_controller.rb → controllers/users_controller.rb} RENAMED Viewed

@@ -26,7 +26,7 @@ class UsersController < ApplicationController
   private
     def user_params
-        params.permit(:username, :password, :bio)
+        params.permit(:username, :password, :bio, :email)
     end
   def handle_invalid_record(e)

data/lib/generators/auth/templates/initializers/rails_auth_generator.rb ADDED Viewed

@@ -0,0 +1,6 @@
+RailsAuthGenerator.configure do |config|
+  config.jwt_secret = "test_secret_key"
+  config.access_token_expiry = 10.minutes
+  config.refresh_token_expiry = 7.days
+  config.enable_roles = true
+end

data/lib/generators/auth/templates/migrations/create_refresh_token.rb ADDED Viewed

@@ -0,0 +1,14 @@
+class CreateRefreshTokens < ActiveRecord::Migration[8.0]
+  def change
+    create_table :refresh_tokens do |t|
+      t.references :user, null: false, foreign_key: true
+      t.string     :token_digest, null: false
+      t.datetime   :expires_at,   null: false
+      t.datetime   :revoked_at
+      t.timestamps
+    end
+    add_index :refresh_tokens, :token_digest, unique: true
+  end
+end

data/lib/generators/auth/templates/models/refresh_token.rb ADDED Viewed

@@ -0,0 +1,9 @@
+class RefreshToken < ApplicationRecord
+  belongs_to :user
+  scope :active, -> { where("expires_at > ?", Time.current) }
+  validates :token_digest, presence: true, uniqueness: true
+  def expired?
+    Time.current >= expires_at
+  end
+end

data/lib/generators/auth/templates/models/user.rb ADDED Viewed

@@ -0,0 +1,33 @@
+require "digest"
+class User < ApplicationRecord
+    has_secure_password
+    has_many :refresh_tokens, dependent: :destroy
+    validates :username, uniqueness: true
+    # returns the RAW token (client uses this), stores only SHA256 digest
+    def generate_refresh_token
+        raw   = SecureRandom.hex(64)
+        digest = Digest::SHA256.hexdigest(raw)
+        refresh_tokens.create!(
+        token_digest: digest,
+        expires_at: 7.days.from_now
+        )
+        raw
+    end
+    # revoke all tokens for this user
+    def revoke_all_refresh_tokens!
+        refresh_tokens.update_all(revoked_at: Time.current)
+    end
+    def generate_password_reset_token!
+        self.reset_token = SecureRandom.urlsafe_base64
+        self.reset_sent_at = Time.now.utc
+        save!(validate: false) # Skip validations for password reset
+    end
+    def password_reset_expired?
+        reset_sent_at < 1.hour.ago
+    end
+end

data/lib/generators/auth/templates/serializers/user_serializer.rb ADDED Viewed

@@ -0,0 +1,3 @@
+class UserSerializer < ActiveModel::Serializer
+  attributes :username, :bio, :admin, :email
+end

data/lib/rails_auth_generator/configuration.rb ADDED Viewed

@@ -0,0 +1,15 @@
+module RailsAuthGenerator
+  class Configuration
+    attr_accessor :jwt_secret,
+                  :access_token_expiry,
+                  :refresh_token_expiry,
+                  :enable_roles
+    def initialize
+      @jwt_secret = nil
+      @access_token_expiry = 15.minutes
+      @refresh_token_expiry = 30.days
+      @enable_roles = false
+    end
+  end
+end

data/lib/rails_auth_generator/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module RailsAuthGenerator
-  VERSION = "0.1.0"
+  VERSION = "1.0.0"
 end

data/lib/rails_auth_generator.rb CHANGED Viewed

@@ -1,5 +1,15 @@
 require "rails_auth_generator/version"
+require "rails_auth_generator/configuration"
 module RailsAuthGenerator
   class Error < StandardError; end
+  class << self
+    attr_accessor :configuration
+    def configure
+      self.configuration ||= Configuration.new
+      yield(configuration)
+    end
+  end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rails_auth_generator
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Zeyad Hassan
@@ -29,6 +29,48 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '9.0'
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.9'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
 email:
 - " studying.zezo@gmail.com"
 executables: []
@@ -46,15 +88,20 @@ files:
 - bin/setup
 - lib/generators/auth/USAGE
 - lib/generators/auth/auth_generator.rb
-- lib/generators/auth/templates/auth_controller.rb
+- lib/generators/auth/templates/concerns/authenticatable.rb
+- lib/generators/auth/templates/controllers/auth_controller.rb
+- lib/generators/auth/templates/controllers/password_resets_controller.rb
+- lib/generators/auth/templates/controllers/users_controller.rb
+- lib/generators/auth/templates/initializers/rails_auth_generator.rb
 - lib/generators/auth/templates/mailers/application_mailer.rb
 - lib/generators/auth/templates/mailers/user_mailer.rb
+- lib/generators/auth/templates/migrations/create_refresh_token.rb
 - lib/generators/auth/templates/migrations/create_user.rb
-- lib/generators/auth/templates/password_resets_controller.rb
-- lib/generators/auth/templates/user.rb
-- lib/generators/auth/templates/user_serializer.rb
-- lib/generators/auth/templates/users_controller.rb
+- lib/generators/auth/templates/models/refresh_token.rb
+- lib/generators/auth/templates/models/user.rb
+- lib/generators/auth/templates/serializers/user_serializer.rb
 - lib/rails_auth_generator.rb
+- lib/rails_auth_generator/configuration.rb
 - lib/rails_auth_generator/version.rb
 homepage: https://github.com/Zeyad-Hassan-1/authJWT.git
 licenses:

data/lib/generators/auth/templates/auth_controller.rb DELETED Viewed

@@ -1,27 +0,0 @@
-class AuthController < ApplicationController
-  skip_before_action :authorized, only: [:login]
-  rescue_from ActiveRecord::RecordNotFound, with: :handle_record_not_found
-  def login
-    @user = User.find_by!(username: login_params[:username])
-    if @user.authenticate(login_params[:password])
-      @token = encode_token(user_id: @user.id)
-      render json: {
-        user: UserSerializer.new(@user),
-        token: @token
-      }, status: :accepted
-    else
-      render json: {message: 'Incorrect password'}, status: :unauthorized
-    end
-  end
-  private
-  def login_params
-    params.permit(:username, :password)
-  end
-  def handle_record_not_found(e)
-    render json: { message: "User doesn't exist" }, status: :unauthorized
-  end
-end

data/lib/generators/auth/templates/user.rb DELETED Viewed

@@ -1,15 +0,0 @@
-class User < ApplicationRecord
-    has_secure_password
-    validates :username, uniqueness: true
-    # validates :email, presence: true, uniqueness: true
-    def generate_password_reset_token!
-        self.reset_token = SecureRandom.urlsafe_base64
-        self.reset_sent_at = Time.now.utc
-        save!(validate: false) # Skip validations for password reset
-    end
-    def password_reset_expired?
-        reset_sent_at < 1.hour.ago
-    end
-end

data/lib/generators/auth/templates/user_serializer.rb DELETED Viewed

@@ -1,3 +0,0 @@
-class UserSerializer < ActiveModel::Serializer
-  attributes :username, :bio, :admin
-end

/data/lib/generators/auth/templates/{password_resets_controller.rb → controllers/password_resets_controller.rb} RENAMED Viewed

File without changes