Skip to content

Instantly share code, notes, and snippets.

@AstraL
Last active June 17, 2022 10:28
Show Gist options
  • Save AstraL/8632fe6606b9578c398d34efe98598a4 to your computer and use it in GitHub Desktop.
Save AstraL/8632fe6606b9578c398d34efe98598a4 to your computer and use it in GitHub Desktop.
Rails login
def current_user
headers = request.headers
cookies[:jwt] = headers['X-Token'] if !cookies[:jwt] && headers['X-Token'].present?
result = Cookies::Decode.({}, cookies: cookies)
return unless result.success? && result[:decoded_jwt]
@current_user ||= User.includes(:user_identities)
.find_by(auth_token: result[:decoded_jwt][:auth_token])
end
class Cookies::Encode < Trailblazer::Operation
success :set_jwt_cookies
def set_jwt_cookies(options, params:, **)
jwt = ::JsonWebToken.encode(auth_token: params[:model].auth_token)
params[:cookies][:jwt] = {
value: jwt,
expires: 30.days.from_now,
httponly: true,
same_site: env ? false : :none
}
options[:jwt] = jwt
end
private
def env
env = Rails.env
env.test? || env.development?
end
end
class Session::Create < Trailblazer::Base
step :model
failure :unauthorized!, fail_fast: true
step :authenticate
failure :unauthorized!, fail_fast: true
success :set_cookies
def model(options, params:, **)
options[:model] = User.find_by('lower(email) = ?', params[:email].downcase)
end
def authenticate(options, params:, **)
return true if Rails.env.development?
options[:model].authenticate(params[:password])
end
def set_cookies(options, **)
Cookies::Encode.(options)
end
# =======================================================
def unauthorized!(options, *)
add_error(
options,
I18n.t('session.errors.incorrect_password'),
:unauthorized
)
end
end
class Api::SessionsController < Api::ApiController
after_action :set_frame_options
def create
@result = Session::Create.(create_params, cookies: cookies)
result_success? do
render 'sessions/create', status: 201
end
end
def show
@result = Session::Show.({}, current_user: current_user)
result_success? do
render 'users/user', status: 200
end
end
def destroy
@result = Session::Destroy.({}, current_user: current_user, cookies: cookies)
result_success? do
render json: {}, status: 204
end
end
private
def create_params
params.require(:session).permit(:email, :password)
end
def set_frame_options
response.headers['X-Frame-Options'] = 'ALLOWALL'
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment