summaryrefslogtreecommitdiff
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/api/authentications_controller/create_logic.rb5
-rw-r--r--app/controllers/authenticated_controller.rb41
-rw-r--r--app/controllers/services/token_generation_service.rb3
3 files changed, 46 insertions, 3 deletions
diff --git a/app/controllers/api/authentications_controller/create_logic.rb b/app/controllers/api/authentications_controller/create_logic.rb
index 743eed9..c62c300 100644
--- a/app/controllers/api/authentications_controller/create_logic.rb
+++ b/app/controllers/api/authentications_controller/create_logic.rb
@@ -14,7 +14,8 @@ module Api
return unless @user_account&.authenticate(@password)
@user_account.session_key = SecureRandom.hex(16)
- jwt = { token: service.call(DateTime.now + 30.minutes), refresh: service.call(DateTime.now + 3.days) }
+ @user_account.save
+ { token: service.call(DateTime.current + 30.minutes), refresh: service.call(DateTime.current + 3.days) }
end
private
@@ -24,7 +25,7 @@ module Api
end
def service_params
- { email: @email, role: @user_account.role }
+ { email: @email, role: @user_account.role, session_key: @user_account.session_key }
end
end
end
diff --git a/app/controllers/authenticated_controller.rb b/app/controllers/authenticated_controller.rb
new file mode 100644
index 0000000..2602064
--- /dev/null
+++ b/app/controllers/authenticated_controller.rb
@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+# The father class of all the controllers that require authentication.
+class AuthenticatedController < ApplicationController
+ before_action :validate_jwt
+
+ private
+
+ def validate_jwt
+ return if valid_token
+
+ render json: { error_message: 'Token inválido' }, status: :unauthorized
+ end
+
+ def decoded_token
+ @decoded_token ||= JWT.decode(authentication_token, ENV['HMAC_SECRET_KEY'], true, { algorithm: 'HS512' })
+ rescue JWT::ExpiredSignature
+ @decoded_token = nil
+ end
+
+ def current_user_account
+ return if decoded_token.nil?
+
+ email = decoded_token[0]['data']
+ @current_user_account ||= UserAccount.find_by(email:)
+ end
+
+ def authentication_token
+ @authentication_token ||= request.headers[:authorization]&.sub(/^Bearer /, '')
+ end
+
+ def valid_token
+ !(decoded_token.nil? || current_user_account&.session_key.nil? || invalid_jti)
+ end
+
+ def invalid_jti
+ return false if current_user_account.nil? || decoded_token.nil?
+
+ current_user_account.session_key != decoded_token[0]['jti']
+ end
+end
diff --git a/app/controllers/services/token_generation_service.rb b/app/controllers/services/token_generation_service.rb
index b1bc10a..94f9907 100644
--- a/app/controllers/services/token_generation_service.rb
+++ b/app/controllers/services/token_generation_service.rb
@@ -6,6 +6,7 @@ module Services
def initialize(params)
@email = params[:email]
@role = params[:role]
+ @session_key = params[:session_key]
end
def call(expiration)
@@ -15,7 +16,7 @@ module Services
private
def payload
- { data: @email, aud: @role }
+ { data: @email, aud: @role, jti: @session_key }
end
end
end