Añade autenticación

author: HombreLaser <sebastian-440@live.com> 2023-02-24 23:25:26 -0600
committer: HombreLaser <sebastian-440@live.com> 2023-02-24 23:25:26 -0600
commit: e1a240c563b0e10e0ceae7c167fdcde752f3d865 (patch)
tree: 05408f95e5896f243bcd010dd01153ad78f35d7d /app
parent: 0307ed7be55784cc54a2055c22bc5465405832ea (diff)
3 files changed, 46 insertions, 3 deletions
diff --git a/app/controllers/api/authentications_controller/create_logic.rb b/app/controllers/api/authentications_controller/create_logic.rb
index 743eed9..c62c300 100644
--- a/app/controllers/api/authentications_controller/create_logic.rb
+++ b/app/controllers/api/authentications_controller/create_logic.rb
@@ -14,7 +14,8 @@ module Api
         return unless @user_account&.authenticate(@password)
 
         @user_account.session_key = SecureRandom.hex(16)
-        jwt = { token: service.call(DateTime.now + 30.minutes), refresh: service.call(DateTime.now + 3.days) }
+        @user_account.save
+        { token: service.call(DateTime.current + 30.minutes), refresh: service.call(DateTime.current + 3.days) }
       end
 
       private
@@ -24,7 +25,7 @@ module Api
       end
 
       def service_params
-        { email: @email, role: @user_account.role }
+        { email: @email, role: @user_account.role, session_key: @user_account.session_key }
       end
     end
   end
diff --git a/app/controllers/authenticated_controller.rb b/app/controllers/authenticated_controller.rb
new file mode 100644
index 0000000..2602064
--- /dev/null
+++ b/app/controllers/authenticated_controller.rb
@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+# The father class of all the controllers that require authentication.
+class AuthenticatedController < ApplicationController
+  before_action :validate_jwt
+
+  private
+
+  def validate_jwt
+    return if valid_token
+
+    render json: { error_message: 'Token inválido' }, status: :unauthorized
+  end
+
+  def decoded_token
+    @decoded_token ||= JWT.decode(authentication_token, ENV['HMAC_SECRET_KEY'], true, { algorithm: 'HS512' })
+  rescue JWT::ExpiredSignature
+    @decoded_token = nil
+  end
+
+  def current_user_account
+    return if decoded_token.nil?
+
+    email = decoded_token[0]['data']
+    @current_user_account ||= UserAccount.find_by(email:)
+  end
+
+  def authentication_token
+    @authentication_token ||= request.headers[:authorization]&.sub(/^Bearer /, '')
+  end
+
+  def valid_token
+    !(decoded_token.nil? || current_user_account&.session_key.nil? || invalid_jti)
+  end
+
+  def invalid_jti
+    return false if current_user_account.nil? || decoded_token.nil?
+
+    current_user_account.session_key != decoded_token[0]['jti']
+  end
+end
diff --git a/app/controllers/services/token_generation_service.rb b/app/controllers/services/token_generation_service.rb
index b1bc10a..94f9907 100644
--- a/app/controllers/services/token_generation_service.rb
+++ b/app/controllers/services/token_generation_service.rb
@@ -6,6 +6,7 @@ module Services
     def initialize(params)
       @email = params[:email]
       @role = params[:role]
+      @session_key = params[:session_key]
     end
 
     def call(expiration)
@@ -15,7 +16,7 @@ module Services
     private
 
     def payload
-      { data: @email, aud: @role }
+      { data: @email, aud: @role, jti: @session_key }
     end
   end
 end
author	HombreLaser <sebastian-440@live.com>	2023-02-24 23:25:26 -0600
committer	HombreLaser <sebastian-440@live.com>	2023-02-24 23:25:26 -0600
commit	e1a240c563b0e10e0ceae7c167fdcde752f3d865 (patch)
tree	05408f95e5896f243bcd010dd01153ad78f35d7d /app
parent	0307ed7be55784cc54a2055c22bc5465405832ea (diff)