initial commit

Author: ezekg

Diff for: .gitignore

@@ -0,0 +1,27 @@
+# See https://help.github.com/articles/ignoring-files for more about ignoring files.
+#
+# If you find yourself ignoring temporary files generated by your text editor
+# or operating system, you probably want to add a global ignore instead:
+#   git config --global core.excludesfile '~/.gitignore_global'
+
+# Ignore bundler config.
+/.bundle
+
+# Ignore the default SQLite database.
+/db/*.sqlite3
+/db/*.sqlite3-journal
+
+# Ignore all logfiles and tempfiles.
+/log/*
+/tmp/*
+!/log/.keep
+!/tmp/.keep
+
+# Ignore uploaded files in development
+/storage/*
+!/storage/.keep
+
+.byebug_history
+
+# Ignore master key for decrypting credentials and more.
+/config/master.key

Diff for: .ruby-version

@@ -0,0 +1 @@
+ruby-2.6.5

Diff for: Gemfile

@@ -0,0 +1,45 @@
+source 'https://rubygems.org'
+git_source(:github) { |repo| "https://github.com/#{repo}.git" }
+
+ruby '2.6.5'
+
+# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
+gem 'rails', '~> 5.2.5'
+# Use sqlite3 as the database for Active Record
+gem 'sqlite3'
+# Use Puma as the app server
+gem 'puma', '~> 3.11'
+# Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
+# gem 'jbuilder', '~> 2.5'
+# Use Redis adapter to run Action Cable in production
+# gem 'redis', '~> 4.0'
+# Use ActiveModel has_secure_password
+gem 'bcrypt', '~> 3.1.7'
+
+# Use ActiveStorage variant
+# gem 'mini_magick', '~> 4.8'
+
+# Use Capistrano for deployment
+# gem 'capistrano-rails', group: :development
+
+# Reduces boot times through caching; required in config/boot.rb
+gem 'bootsnap', '>= 1.1.0', require: false
+
+# Use Rack CORS for handling Cross-Origin Resource Sharing (CORS), making cross-origin AJAX possible
+# gem 'rack-cors'
+
+group :development, :test do
+  # Call 'byebug' anywhere in the code to stop execution and get a debugger console
+  gem 'byebug', platforms: [:mri, :mingw, :x64_mingw]
+end
+
+group :development do
+  gem 'listen', '>= 3.0.5', '< 3.2'
+  # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
+  gem 'spring'
+  gem 'spring-watcher-listen', '~> 2.0.0'
+end
+
+
+# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
+gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]

Diff for: Gemfile.lock

@@ -0,0 +1,151 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (5.2.5)
+      actionpack (= 5.2.5)
+      nio4r (~> 2.0)
+      websocket-driver (>= 0.6.1)
+    actionmailer (5.2.5)
+      actionpack (= 5.2.5)
+      actionview (= 5.2.5)
+      activejob (= 5.2.5)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (5.2.5)
+      actionview (= 5.2.5)
+      activesupport (= 5.2.5)
+      rack (~> 2.0, >= 2.0.8)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (5.2.5)
+      activesupport (= 5.2.5)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    activejob (5.2.5)
+      activesupport (= 5.2.5)
+      globalid (>= 0.3.6)
+    activemodel (5.2.5)
+      activesupport (= 5.2.5)
+    activerecord (5.2.5)
+      activemodel (= 5.2.5)
+      activesupport (= 5.2.5)
+      arel (>= 9.0)
+    activestorage (5.2.5)
+      actionpack (= 5.2.5)
+      activerecord (= 5.2.5)
+      marcel (~> 1.0.0)
+    activesupport (5.2.5)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    arel (9.0.0)
+    bcrypt (3.1.12)
+    bootsnap (1.7.3)
+      msgpack (~> 1.0)
+    builder (3.2.4)
+    byebug (11.1.3)
+    concurrent-ruby (1.1.8)
+    crass (1.0.6)
+    erubi (1.10.0)
+    ffi (1.15.0)
+    globalid (0.4.2)
+      activesupport (>= 4.2.0)
+    i18n (1.8.10)
+      concurrent-ruby (~> 1.0)
+    listen (3.1.5)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+      ruby_dep (~> 1.2)
+    loofah (2.9.1)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
+    marcel (1.0.1)
+    method_source (1.0.0)
+    mini_mime (1.1.0)
+    mini_portile2 (2.5.0)
+    minitest (5.14.4)
+    msgpack (1.4.2)
+    nio4r (2.5.7)
+    nokogiri (1.11.3)
+      mini_portile2 (~> 2.5.0)
+      racc (~> 1.4)
+    puma (3.12.6)
+    racc (1.5.2)
+    rack (2.2.3)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rails (5.2.5)
+      actioncable (= 5.2.5)
+      actionmailer (= 5.2.5)
+      actionpack (= 5.2.5)
+      actionview (= 5.2.5)
+      activejob (= 5.2.5)
+      activemodel (= 5.2.5)
+      activerecord (= 5.2.5)
+      activestorage (= 5.2.5)
+      activesupport (= 5.2.5)
+      bundler (>= 1.3.0)
+      railties (= 5.2.5)
+      sprockets-rails (>= 2.0.0)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    railties (5.2.5)
+      actionpack (= 5.2.5)
+      activesupport (= 5.2.5)
+      method_source
+      rake (>= 0.8.7)
+      thor (>= 0.19.0, < 2.0)
+    rake (13.0.3)
+    rb-fsevent (0.10.4)
+    rb-inotify (0.10.1)
+      ffi (~> 1.0)
+    ruby_dep (1.5.0)
+    spring (2.1.1)
+    spring-watcher-listen (2.0.1)
+      listen (>= 2.7, < 4.0)
+      spring (>= 1.2, < 3.0)
+    sprockets (4.0.2)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.2)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    sqlite3 (1.4.2)
+    thor (1.1.0)
+    thread_safe (0.3.6)
+    tzinfo (1.2.9)
+      thread_safe (~> 0.1)
+    websocket-driver (0.7.3)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.5)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bcrypt (~> 3.1.7)
+  bootsnap (>= 1.1.0)
+  byebug
+  listen (>= 3.0.5, < 3.2)
+  puma (~> 3.11)
+  rails (~> 5.2.5)
+  spring
+  spring-watcher-listen (~> 2.0.0)
+  sqlite3
+  tzinfo-data
+
+RUBY VERSION
+   ruby 2.6.5p114
+
+BUNDLED WITH
+   1.17.3

Diff for: README.md

@@ -0,0 +1,3 @@
+# API Key Authentication in Rails Without Devise
+
+See: https://keygen.sh/blog/how-to-implement-api-key-authentication-in-rails-without-devise/

Diff for: Rakefile

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require_relative 'config/application'
+
+Rails.application.load_tasks

Diff for: app/channels/application_cable/channel.rb

@@ -0,0 +1,4 @@
+module ApplicationCable
+  class Channel < ActionCable::Channel::Base
+  end
+end

Diff for: app/channels/application_cable/connection.rb

@@ -0,0 +1,4 @@
+module ApplicationCable
+  class Connection < ActionCable::Connection::Base
+  end
+end

Diff for: app/controllers/api_keys_controller.rb

@@ -0,0 +1,30 @@
+class ApiKeysController < ApplicationController
+  include ApiKeyAuthenticatable
+
+  # Require API key authentication
+  prepend_before_action :authenticate_with_api_key!, only: %i[index destroy]
+
+  def index
+    render json: current_bearer.api_keys
+  end
+
+  def create
+    authenticate_with_http_basic do |email, password|
+      user = User.find_by email: email
+
+      if user&.authenticate(password)
+        api_key = user.api_keys.create! token: SecureRandom.hex
+
+        render json: api_key, status: :created and return
+      end
+    end
+
+    render status: :unauthorized
+  end
+
+  def destroy
+    api_key = current_bearer.api_keys.find(params[:id])
+
+    api_key.destroy
+  end
+end

Diff for: app/controllers/application_controller.rb

@@ -0,0 +1,2 @@
+class ApplicationController < ActionController::API
+end

Diff for: app/controllers/concerns/.keep

@@ -0,0 +1,31 @@
+module ApiKeyAuthenticatable
+  include ActionController::HttpAuthentication::Basic::ControllerMethods
+  include ActionController::HttpAuthentication::Token::ControllerMethods
+
+  extend ActiveSupport::Concern
+
+  attr_reader :current_api_key
+  attr_reader :current_bearer
+
+  # Use this to raise an error and automatically respond with a 401 HTTP status
+  # code when API key authentication fails
+  def authenticate_with_api_key!
+    @current_bearer = authenticate_or_request_with_http_token &method(:authenticator)
+  end
+
+  # Use this for optional API key authentication
+  def authenticate_with_api_key
+    @current_bearer = authenticate_with_http_token &method(:authenticator)
+  end
+
+  private
+
+  attr_writer :current_api_key
+  attr_writer :current_bearer
+
+  def authenticator(token, options)
+    @current_api_key = ApiKey.authenticate_by_token token
+
+    current_api_key&.bearer
+  end
+end

Diff for: app/controllers/concerns/api_key_authenticatable.rb

@@ -0,0 +1,2 @@
+class ApplicationJob < ActiveJob::Base
+end

Diff for: app/jobs/application_job.rb

@@ -0,0 +1,4 @@
+class ApplicationMailer < ActionMailer::Base
+  default from: '[email protected]'
+  layout 'mailer'
+end

Diff for: app/mailers/application_mailer.rb

@@ -0,0 +1,41 @@
+class ApiKey < ApplicationRecord
+  HMAC_SECRET_KEY = ENV.fetch('API_KEY_HMAC_SECRET_KEY')
+
+  # Virtual attribute for raw token value, allowing us to respond with the
+  # API key's non-hashed token value. but only directly after creation.
+  attr_accessor :token
+
+  belongs_to :bearer, polymorphic: true
+
+  before_create :generate_token_hmac
+
+  def self.authenticate_by_token!(token)
+    digest = OpenSSL::HMAC.hexdigest 'SHA256', HMAC_SECRET_KEY, token
+
+    find_by! token_digest: digest
+  end
+
+  def self.authenticate_by_token(token)
+    authenticate_by_token! token
+  rescue ActiveRecord::RecordNotFound
+    nil
+  end
+
+  # Add virtual token attribute to serializable attributes, and exclude
+  # the token's HMAC digest
+  def serializable_hash(options = nil)
+    h = super options.merge(except: 'token_digest')
+    h.merge! 'token' => token if token.present?
+    h
+  end
+
+  private
+
+  def generate_token_hmac
+    raise ActiveRecord::RecordInvalid, 'token is required' unless token.present?
+
+    digest = OpenSSL::HMAC.hexdigest 'SHA256', HMAC_SECRET_KEY, token
+
+    self.token_digest = digest
+  end
+end

Diff for: app/models/api_key.rb

@@ -0,0 +1,3 @@
+class ApplicationRecord < ActiveRecord::Base
+  self.abstract_class = true
+end

Diff for: app/models/application_record.rb

@@ -0,0 +1,5 @@
+class User < ApplicationRecord
+  has_many :api_keys, as: :bearer
+
+  has_secure_password
+end

Diff for: app/models/concerns/.keep

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <style>
+      /* Email styles need to be inline */
+    </style>
+  </head>
+
+  <body>
+    <%= yield %>
+  </body>
+</html>

Diff for: app/models/user.rb

@@ -0,0 +1 @@
+<%= yield %>