Sha256: 1492ce7d0058a72e82fc797405bd348389c225a78080f94be8411319a844b56f

Contents?: true

Size: 1.27 KB

Versions: 2

Compression:

Stored size: 1.27 KB

Contents

module RailsAuthApi
  extend ActiveSupport::Concern

  included do
    helper_method :current_user
    after_action :set_auth_token
  end

  def require_login_from_token
    return if login_from_token

    render(json: { error: @error || 'no user!' }, status: 401)
  end

  def current_user
    @current_user ||= login_from_token
  end

  def login_from_token
    return if request.headers['HTTP_AUTH_TOKEN'].blank?

    if verify_auth_token
      @access_token = AccessToken.find_by token: request.headers['HTTP_AUTH_TOKEN']
    end
    if @access_token
      @current_user ||= @access_token.user
    end
  end

  private
  def set_auth_token
    headers['Auth-Token'] = @current_user.access_token.token if @current_user
  end

  def verify_auth_token
    token = request.headers['Auth-Token']
    payload = decode_without_verification(token)

    return unless payload

    begin
      password_digest = User.find_by(id: payload['iss']).password_digest.to_s
      JWT.decode(token, password_digest, true, {'sub' => 'auth', verify_sub: true})
    rescue => e
      @error = e.message
    end
  end

  def decode_without_verification(token)
    begin
      payload, _ = JWT.decode(token, nil, false, verify_expiration: false)
    rescue => e
      @error = e.message
    end

    payload
  end

end

Version data entries

2 entries across 2 versions & 1 rubygems

Version Path
rails_auth-1.0.5 app/controllers/concerns/rails_auth_api.rb
rails_auth-1.0.4 app/controllers/concerns/rails_auth_api.rb