Project

jwt-rest

0.0
No commit activity in last 3 years
No release in over 3 years
A security layer for any API REST in Rails with JWT tokens.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

>= 0
>= 0
>= 0

Runtime

~> 2.1.0
~> 5.1.6
 Project Readme

jwt-rest

Installation

Add this line to your application's Gemfile:

gem 'jwt-rest'

And then execute:

$ bundle

Usage

First you will need to provide a way to find if the ApiKey is valid or not, and a way to retrieve the RSA private key to sign JWT tokens. For this, lets create a initializer config/initializers/jwt_rest.rb.

require "jwt_rest"

module JwtRest
  module Secrets
    def self.rsa_private_key
      # return he Base64 encoded of your RSA private key
    end

    def self.valid_api_key?(api_key)
      # return true if the api_key is valid
    end
  end
end

Then in your API's base controller do this

class ApiController < ActionController::API
  include JwtRest::Authenticable

  before_action :demand_api_key

  def handle_user_identity(jwt_payload)
    return false unless @current_user = User.find_by(email: jwt_payload.dig("email"))
    true
  end
end

This will ensure that every call to your API i s made with a valid api key. You could use the method demand_current_user for those endpoins where you need to authenticate the user with the JWT token.

class UsersController < ApiController
  before_action :demand_current_user, only: [:profile]

  def profile
    # here we have the @current_user variable
  end
end

Contributing

Contribution directions go here.

TODO

  • Multiple RSA algorithm types for the JWT token

License

The gem is available as open source under the terms of the MIT License.