DvelpApiAuth

This gem provides an ability to auth through api

Installation

Add this line to your application's Gemfile:

gem 'dvelp_api_auth'

And then execute:

$ bundle

Or install it yourself as:

$ gem install dvelp_api_auth

Usage

Set the secret key for the API:

# config/initializers/dvelp_api_auth.rb

DvelpApiAuth.configure do |config|
  config.api_auth_secret_key = 'strong secret'
end

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Integration with API

Example of generating headers on JS

In this example we used crypto-js javascript library.

// Require library
const CryptoJS = require("crypto-js");

// Secret key
const DVELP_API_AUTH_SECRET_KEY = 'dvelp-api-auth-secret-key';

// Value for AUTHORISATION header
const generateAuthHeader = (timestamp) => {
  const path = '/path-to-action'; // (URI) example '/api/resources/:id'
  const path_utf8 = CryptoJS.enc.Utf8.parse(path);
  const string = timestamp + CryptoJS.enc.Base64.stringify(path_utf8);

  return CryptoJS.HmacSHA256(string, DVELP_API_AUTH_SECRET_KEY);
};

// Time of the request
const timestamp = Math.floor(Date.now() / 1000);

// Headers which we send with every request
{
  'ACCEPT': 'application/vnd.api+json',
  'TIMESTAMP': timestamp,
  'AUTHORISATION': generateAuthHeader(timestamp)
}

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/dvelp_api_auth.