Skip to content

A Ruby On Rails template for an API only application.

License

Notifications You must be signed in to change notification settings

jpgeek/rails_api

Repository files navigation

Rails Api

A Ruby On Rails template for an API only application. Contains authorization, authentication and test framework setup.

Rails

Version 7.0

Database

MySQL

Style

Style is enforced with Rubocop with Rubocop Rails configuration.

JSON

HATEOAS Why HATEOAS is Useless and what that means for REST

Might consider this in the future: Follows JSON:API formatting. JSON:API

Testing

Rspec, included via rspec-rails. factory-bot shoulda-matchers pundit-matchers

Authorization

pundit

Authentication

bcrypt + has_secure_password

jwt

OWASP indicates that JWT is an emerging standard for security tokens: OWASP

Using HMAC with SHA-512 ("alg" value = "HS512"). Application is a single verifier, so don't need asymmetric keys.

ref

JWT implementation

JWT is handled by jwt_rails Wrapped by JwtManager to set defaults, add revocation.

TODO

Add Pundit auth to controllers Add json response for auth errors render_error_payload(...)

Add Authentication, specs

User, Token responses Pagination, filtering on resources

About

A Ruby On Rails template for an API only application.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published