jwt-rails project developed for helping Authenticate your rails rest-api project
you can fast develop project with jwt-rails
I used reference following websites
https://guides.rubyonrails.org/generators.html#creating-generators-with-generators
https://medium.com/binar-academy/rails-api-jwt-authentication-a04503ea3248
- rails api only project
rails new my_api --api
https://guides.rubyonrails.org/api_app.html - You don't have User Model, It will generate User Model
- 'rails', '~> 3.2.0'
-
Add gem in Gemfile
gem 'jwt-rails', '~> 0.0.1'
OR
gem 'jwt-rails', :git => "git://github.com/x1wins/jwt-rails.git"
-
Generate JWT class, User Model, Endpoint
rails generate jwt_rails rake db:migrate
-
Endpoint
- Create User
curl -d '{"user": {"name":"ChangWoo", "username":"helloworld", "email":"x1wins@changwoo.org", "password":"hello1234", "password_confirmation":"hello1234"}}' -H "Content-Type: application/json" -X POST -i http://localhost:3000/users
- Login
curl -d '{"email":"x1wins@changwoo.org", "password":"hello1234"}' -H "Content-Type: application/json" -X POST http://localhost:3000/auth/login | jq { "token": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1NzcyMjkwOTl9.an-cp7gWzEuufwvWPo3SFXzpxL_G1wvNpm6g7W_gdQU", "exp": "12-24-2019 15:11", "username": "helloworld" }
- Token Usage
If you have Post scaffold. you can use following curl command- Fail Case - Wrong token
curl -X GET -i http://localhost:3000/posts HTTP/1.1 401 Unauthorized
- Success Case
curl -X GET -i http://localhost:3000/posts -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1NzcyMjkwOTl9.an-cp7gWzEuufwvWPo3SFXzpxL_G1wvNpm6g7W_gdQU" HTTP/1.1 200 OK
- Fail Case - Wrong token
- Create User
-
Scaffold Example
- Use
user:references
in scaffold coderails g scaffold post body:string user:references published:boolean
- model serierize
https://itnext.io/a-quickstart-guide-to-using-serializer-with-your-ruby-on-rails-api-d5052dea52c5
- Gemfile
gem 'active_model_serializers'
- Command
rails g serializer user name:string username:string email:string rails g serializer post body:string user:references published:boolean
- Gemfile
- Authenticate
Insertbefore_action :authorize_request
code into Controllerclass PostsController < ApplicationController before_action :authorize_request //...other code end
- Authorize
https://stackoverflow.com/questions/17594939/check-if-current-user-is-the-owner-of-a-resource-and-allow-edit-delete-actions/57279448#57279448
- Insert
is_owner_object
code into Controller - Append
merge(user_id: @current_user.id)
to post_params methodclass PostsController < ApplicationController before_action :authorize_request before_action :set_post, only: [:show, :update, :destroy] before_action only: [:edit, :update, :destroy] do is_owner_object @post ##your object end //...other code def post_params params.require(:post).permit(:body).merge(user_id: @current_user.id) end end
- Insert
- Test with CURL
- Create
curl -X POST -i http://localhost:3000/posts -d '{"post": {"body":"sample body text sample"}}' -H "Content-Type: application/json" -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1NzcyMzY1NTJ9.0pRv-wnQPdQd1WoaA5mSPDWagfGCk---kwO7pSmKkUg"
- Index
curl -X GET -i http://localhost:3000/posts -H "Content-Type: application/json" -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1NzcyMzY1NTJ9.0pRv-wnQPdQd1WoaA5mSPDWagfGCk---kwO7pSmKkUg"
- Create
- Use
How to build gem
gem build jwt-rails.gemspec
gem install jwt-rails-0.0.1.gem