Sha256: 1492ce7d0058a72e82fc797405bd348389c225a78080f94be8411319a844b56f
Contents?: true
Size: 1.27 KB
Versions: 2
Compression:
Stored size: 1.27 KB
Contents
module RailsAuthApi extend ActiveSupport::Concern included do helper_method :current_user after_action :set_auth_token end def require_login_from_token return if login_from_token render(json: { error: @error || 'no user!' }, status: 401) end def current_user @current_user ||= login_from_token end def login_from_token return if request.headers['HTTP_AUTH_TOKEN'].blank? if verify_auth_token @access_token = AccessToken.find_by token: request.headers['HTTP_AUTH_TOKEN'] end if @access_token @current_user ||= @access_token.user end end private def set_auth_token headers['Auth-Token'] = @current_user.access_token.token if @current_user end def verify_auth_token token = request.headers['Auth-Token'] payload = decode_without_verification(token) return unless payload begin password_digest = User.find_by(id: payload['iss']).password_digest.to_s JWT.decode(token, password_digest, true, {'sub' => 'auth', verify_sub: true}) rescue => e @error = e.message end end def decode_without_verification(token) begin payload, _ = JWT.decode(token, nil, false, verify_expiration: false) rescue => e @error = e.message end payload end end
Version data entries
2 entries across 2 versions & 1 rubygems
Version | Path |
---|---|
rails_auth-1.0.5 | app/controllers/concerns/rails_auth_api.rb |
rails_auth-1.0.4 | app/controllers/concerns/rails_auth_api.rb |