Christopher Thornton cthornton
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class PostsController < ApiController | |
| def update | |
| @post = current_user.posts.find_by(id: params[:id]) | |
| # For error message | |
| if !@post | |
| return render json: { error: 'Unable to find blog post' }, status: :not_found | |
| end | |
| if [email protected]_attributes(param[:post]) | |
| return render json: { | |
| error: "Could not update post", |
cthornton
/ sample_posts_controller_5.rb
Created
July 3, 2014 03:53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # app/views/posts/index.jbuilder | |
| json.array! @posts, :id, :title, :description, :created_at, ... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def index | |
| @posts = current_user.posts | |
| end |
cthornton
/ sample_posts_controller_3.rb
Created
July 3, 2014 03:52
Blog: sample posts controller with to_json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class PostsController < ApiController | |
| def index | |
| @posts = current_user.posts | |
| render json: @posts.to_json(only: [:id, :title, :description]}) | |
| end | |
| end |
cthornton
/ sample_posts_controller_2.rb
Last active
August 29, 2015 14:03
Blog: Inheriting From Posts Controller
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class PostsController < ApiController | |
| def index | |
| @posts = current_user.posts | |
| render json: @posts.to_json | |
| end | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class ApiController < ActionController::Base | |
| attr_reader :current_user | |
| before_action :find_current_user | |
| protected | |
| def find_current_user | |
| @current_user = User.find_by(api_key: request.authorization) | |
| unless @current_user | |
| render json: { error: 'Cannot find user by API key' }, status: :unauthorized |
cthornton
/ sample_posts_controller_1.rb
Created
July 3, 2014 03:49
Dry your JSON API - What it probably looks like
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class PostsController < ActionController::Base | |
| def index | |
| @user = User.find_by(api_key: request.authorization) | |
| if !@user | |
| return render json: {error: 'invalid api key'}, status: :unauthorized | |
| end | |
| @posts = @user.posts | |
| # ... render JSON | |
| end | |
cthornton
/ jwt_authentication_2.rb
Created
July 3, 2014 03:38
Authentication with JWT and Redis (More Secure)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def set_current_user_from_jwt_token | |
| # Verification steps from the previous example | |
| payload = JWT.decode(request.authorization, nil, false) | |
| @current_user = User.find(payload['user_id']) | |
| JWT.decode(request.authorization, current_user.api_secret) | |
| now = Time.now.to_i | |
| if payload['iat'] > now || payload['exp'] < now | |
| # Render a 401 and do not continue | |
| end | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| auth_header = JWT.encode({ | |
| user_id: 123, | |
| jti: rand(2 << 64).to_s, # One-time use token | |
| iat: Time.now.to_i, # Specify the time the token was issued. | |
| exp: Time.now.to_i + 2 # Expire the token in 2 seconds | |
| }, "<my shared secret>") | |
| RestClient.get("http://api.example.com/", authorization: auth_header) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class ApiController < ActionController::Base | |
| attr_reader :current_user | |
| before_action :set_current_user_from_jwt_token | |
| def set_current_user_from_jwt_token | |
| # Step 1: decode the JWT and get the user ID without checking | |
| # the signature. Note JWT tokens are *not* encrypted, but signed. | |
| payload = JWT.decode(request.authorization, nil, false) | |
| # Step 2: See if the user exists in the database |