application.rb

require_relative 'boot'

require "rails"
require "active_model/railtie"
require "active_job/railtie"
require "active_record/railtie"
require "action_controller/railtie"
require "action_mailer/railtie"
require "action_view/railtie"
require "action_cable/engine"
require "sprockets/railtie"
require "rails/test_unit/railtie"

Bundler.require(*Rails.groups)

module InnovatorsApi
  class Application < Rails::Application
    config.load_defaults 5.1
    config.api_only = true
  end
end

application_controller.rb

class ApplicationController < ActionController::API
  include ActionController::Serialization
  respond_to :json
end

cors.rb

Rails.application.config.middleware.insert_before 0, Rack::Cors do
  
  allow do
    origins "*"
    resource "*",
      :headers => :any,
      :expose  => [
        "X-Requested-With",
        "Content-Type",
        "Authorization",
        "Accept",
        "Client-Security-Token",
        "Accept-Encoding",
        "iat",
        "exp",
        "jti"
      ],
      :methods => [:get, :post, :options, :delete, :put]
  end
  
end

devise.rb

Devise.setup do |config|

  # Removed extra default for visibility
  config.jwt do |jwt|
    jwt.secret = "d8f531be58ad478cc79d072d6c4ea777a0c6ca5fbd9a2194b6fbfcea5f4f122017092a593f31576a0c27d9478f1bd74d336945481d22c7f9af36fd2fa6061c3d"
    jwt.expiration_time = 3600
    jwt.request_formats = {
      user: [:json]
    }
  end

  config.mailer_sender = 'hello@example.com'

  require 'devise/orm/active_record'

  config.case_insensitive_keys = [:email]

  config.strip_whitespace_keys = [:email]

  config.skip_session_storage = [:http_auth]

  config.stretches = Rails.env.test? ? 1 : 11
  
  config.reconfirmable = true
  
  config.expire_all_remember_me_on_sign_out = true
  
  config.password_length = 6..128
  
  config.email_regexp = /\A[^@\s]+@[^@\s]+\z/

  config.reset_password_within = 6.hours

  config.sign_out_via = :delete
  
end

Gemfile

gem 'rails', github: "rails/rails"
gem 'arel', github: 'rails/arel'
gem 'devise'
gem 'devise-jwt', github: 'waiting-for-dev/devise-jwt'

routes.rb

Rails.application.routes.draw do
  mount Rswag::Ui::Engine => '/api-docs'
  mount Rswag::Api::Engine => '/api-docs'
  
  devise_for  :users,
              :path => '/api/v1/users',
              defaults: { format: :json }
  
  api_version(:module => "Api::V1", :path => {:value => "api/v1"}) do
    resources :clubs
    resources :events
    resource :galleries do
      resources :images, :only => [:create, :destroy]
    end           
  end
end

schema.rb

# Removed extra for visibility

ActiveRecord::Schema.define(version: 2017_08_20_125257) do
  
  enable_extension "plpgsql"

  create_table "jwt_blacklists", force: :cascade do |t|
    t.string "jti", null: false
    t.datetime "exp", null: false
    t.index ["jti"], name: "index_jwt_blacklists_on_jti"
  end

  create_table "users", force: :cascade do |t|
    t.string "email", default: "", null: false
    t.string "encrypted_password", default: "", null: false
    t.string "reset_password_token"
    t.datetime "reset_password_sent_at"
    t.datetime "remember_created_at"
    t.integer "sign_in_count", default: 0, null: false
    t.datetime "current_sign_in_at"
    t.datetime "last_sign_in_at"
    t.inet "current_sign_in_ip"
    t.inet "last_sign_in_ip"
    t.datetime "created_at", null: false
    t.datetime "updated_at", null: false
    t.index ["email"], name: "index_users_on_email", unique: true
    t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
  end

end

user.rb

class User < ApplicationRecord
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable,
         :jwt_authenticatable,
         jwt_revocation_strategy: JWTBlacklist

end