Class: Auth::Token

Inherits:
Object
  • Object
show all
Defined in:
app/models/auth/token.rb

Constant Summary collapse

SECRET_KEY = 
Rails.application.credentials.secret_key_base
ALGORITHM = 
'HS256'
PURPOSES = 
{
  reset_password: :reset_password,
  verify_email: :verify_email,
  access_ressources: :access_ressources,
  create_password_and_verify_email: :create_password_and_verify_email
}.with_indifferent_access
EXP_BY_PURPOSE = 
{
  reset_password: 3.hours,
  verify_email: 3.days,
  access_ressources: 24.hours,
  create_password_and_verify_email: 7.days
}.with_indifferent_access

Class Method Summary collapse

Class Method Details

.decode(token:, purposes: []) ⇒ Object 



39
40
41
42
43
44
45
46
47
 
# File 'app/models/auth/token.rb', line 39

def decode(token:, purposes: [])
  decoded = JWT.decode(token, SECRET_KEY, true, { algorithm: ALGORITHM })[0]
  decoded = ActiveSupport::HashWithIndifferentAccess.new decoded

  lacks_purpose = (purposes.map(&:to_s) - decoded[:purposes].map(&:to_s)).any?
  raise 'Token lacks purpose' if lacks_purpose

  decoded
end

.encode(user_id:, purposes: []) ⇒ Object 



24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'app/models/auth/token.rb', line 24

def encode(
  user_id:,
  purposes: []
)
  exp = purposes.map { |purpose| EXP_BY_PURPOSE[purpose] }.max.from_now.to_i
  payload = {
    user_id: user_id,
    exp: exp || 24.hours.from_now.to_i,
    purposes: purposes
  }
  Rails.logger.info "Encode token with payload: #{payload} with secret key: #{SECRET_KEY} and algorithm: #{ALGORITHM} this way: JWT.encode(#{payload}, #{SECRET_KEY}, #{ALGORITHM})"

  JWT.encode(payload, SECRET_KEY, ALGORITHM)
end