Skip to content

x1wins/jwt-rails

Repository files navigation

README

jwt-rails project developed for helping Authenticate your rails rest-api project
you can fast develop project with jwt-rails
I used reference following websites
https://guides.rubyonrails.org/generators.html#creating-generators-with-generators
https://medium.com/binar-academy/rails-api-jwt-authentication-a04503ea3248

Require

Getting Started

  1. Add gem in Gemfile

    gem 'jwt-rails', '~> 0.0.1'

    OR

    gem 'jwt-rails', :git => "git://github.com/x1wins/jwt-rails.git"
  2. Generate JWT class, User Model, Endpoint

    rails generate jwt_rails
    rake db:migrate
  3. Endpoint

    1. Create User
        curl -d '{"user": {"name":"ChangWoo", "username":"helloworld", "email":"x1wins@changwoo.org", "password":"hello1234", "password_confirmation":"hello1234"}}' -H "Content-Type: application/json" -X POST -i http://localhost:3000/users
    2. Login
        curl -d '{"email":"x1wins@changwoo.org", "password":"hello1234"}' -H "Content-Type: application/json" -X POST http://localhost:3000/auth/login | jq
        {
          "token": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1NzcyMjkwOTl9.an-cp7gWzEuufwvWPo3SFXzpxL_G1wvNpm6g7W_gdQU",
          "exp": "12-24-2019 15:11",
          "username": "helloworld"
        }
    3. Token Usage
      If you have Post scaffold. you can use following curl command
      1. Fail Case - Wrong token
        curl -X GET -i http://localhost:3000/posts
        HTTP/1.1 401 Unauthorized
      2. Success Case
        curl -X GET -i http://localhost:3000/posts -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1NzcyMjkwOTl9.an-cp7gWzEuufwvWPo3SFXzpxL_G1wvNpm6g7W_gdQU"
        HTTP/1.1 200 OK
  4. Scaffold Example

    1. Use user:references in scaffold code
        rails g scaffold post body:string user:references published:boolean
    2. model serierize
      https://itnext.io/a-quickstart-guide-to-using-serializer-with-your-ruby-on-rails-api-d5052dea52c5
      1. Gemfile
           gem 'active_model_serializers'
      2. Command
           rails g serializer user name:string username:string email:string
           rails g serializer post body:string user:references published:boolean
    3. Authenticate
      Insert before_action :authorize_request code into Controller
        class PostsController < ApplicationController
          before_action :authorize_request
          
          //...other code
          
        end
    4. Authorize
      https://stackoverflow.com/questions/17594939/check-if-current-user-is-the-owner-of-a-resource-and-allow-edit-delete-actions/57279448#57279448
      1. Insert is_owner_object code into Controller
      2. Append merge(user_id: @current_user.id) to post_params method
          class PostsController < ApplicationController
            before_action :authorize_request
            before_action :set_post, only: [:show, :update, :destroy]
            before_action only: [:edit, :update, :destroy] do
              is_owner_object @post ##your object
            end
        
            //...other code
            
            def post_params
                params.require(:post).permit(:body).merge(user_id: @current_user.id)
            end
          end
    5. Test with CURL
      1. Create
           curl  -X POST -i http://localhost:3000/posts -d '{"post": {"body":"sample body text sample"}}' -H "Content-Type: application/json" -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1NzcyMzY1NTJ9.0pRv-wnQPdQd1WoaA5mSPDWagfGCk---kwO7pSmKkUg"
      2. Index
           curl -X GET -i http://localhost:3000/posts -H "Content-Type: application/json" -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1NzcyMzY1NTJ9.0pRv-wnQPdQd1WoaA5mSPDWagfGCk---kwO7pSmKkUg"

Contribute

How to build gem

gem build jwt-rails.gemspec
gem install jwt-rails-0.0.1.gem

About

jwt authentication code generate for rails

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published