diff options
-rw-r--r-- | app/controllers/api/authentications_controller/create_logic.rb | 5 | ||||
-rw-r--r-- | app/controllers/authenticated_controller.rb | 41 | ||||
-rw-r--r-- | app/controllers/services/token_generation_service.rb | 3 |
3 files changed, 46 insertions, 3 deletions
diff --git a/app/controllers/api/authentications_controller/create_logic.rb b/app/controllers/api/authentications_controller/create_logic.rb index 743eed9..c62c300 100644 --- a/app/controllers/api/authentications_controller/create_logic.rb +++ b/app/controllers/api/authentications_controller/create_logic.rb @@ -14,7 +14,8 @@ module Api return unless @user_account&.authenticate(@password) @user_account.session_key = SecureRandom.hex(16) - jwt = { token: service.call(DateTime.now + 30.minutes), refresh: service.call(DateTime.now + 3.days) } + @user_account.save + { token: service.call(DateTime.current + 30.minutes), refresh: service.call(DateTime.current + 3.days) } end private @@ -24,7 +25,7 @@ module Api end def service_params - { email: @email, role: @user_account.role } + { email: @email, role: @user_account.role, session_key: @user_account.session_key } end end end diff --git a/app/controllers/authenticated_controller.rb b/app/controllers/authenticated_controller.rb new file mode 100644 index 0000000..2602064 --- /dev/null +++ b/app/controllers/authenticated_controller.rb @@ -0,0 +1,41 @@ +# frozen_string_literal: true + +# The father class of all the controllers that require authentication. +class AuthenticatedController < ApplicationController + before_action :validate_jwt + + private + + def validate_jwt + return if valid_token + + render json: { error_message: 'Token inválido' }, status: :unauthorized + end + + def decoded_token + @decoded_token ||= JWT.decode(authentication_token, ENV['HMAC_SECRET_KEY'], true, { algorithm: 'HS512' }) + rescue JWT::ExpiredSignature + @decoded_token = nil + end + + def current_user_account + return if decoded_token.nil? + + email = decoded_token[0]['data'] + @current_user_account ||= UserAccount.find_by(email:) + end + + def authentication_token + @authentication_token ||= request.headers[:authorization]&.sub(/^Bearer /, '') + end + + def valid_token + !(decoded_token.nil? || current_user_account&.session_key.nil? || invalid_jti) + end + + def invalid_jti + return false if current_user_account.nil? || decoded_token.nil? + + current_user_account.session_key != decoded_token[0]['jti'] + end +end diff --git a/app/controllers/services/token_generation_service.rb b/app/controllers/services/token_generation_service.rb index b1bc10a..94f9907 100644 --- a/app/controllers/services/token_generation_service.rb +++ b/app/controllers/services/token_generation_service.rb @@ -6,6 +6,7 @@ module Services def initialize(params) @email = params[:email] @role = params[:role] + @session_key = params[:session_key] end def call(expiration) @@ -15,7 +16,7 @@ module Services private def payload - { data: @email, aud: @role } + { data: @email, aud: @role, jti: @session_key } end end end |