A simple way to authenticate in APIs
Add this line to your application's Gemfile:
gem 'pitbull', github: 'petlove/pitbull'and run:
rails pitbull:installTo use any strategy you need to set the configs on the initializer and include the strategy in your controller. You also can extend a Pitbull strategy controller.
Available strategies
| name | mixin | how it works |
|---|---|---|
| Static | Pitbull::Strategies::Static |
It needs to set before_action :authorize_by_static in your controller. It verifies if the request contains a header with the name defined in config.static.header with the value set in config.static.token. If the values are different it returns an unauthorized response (HTTP code 401). |
| Authorization Api | Pitbull::Strategies::AuthorizationApi |
It needs to set before_action :authorize_by_authorization_api in your controller. It makes a request to your authorization server through settings defined in initializer. If the response HTTP code is different of success HTTP code setting it returns an unauthorized response (HTTP code 401). If it has a successful response, the response will be set in @authorization_response. |
Set the settings in the file config/initializers/pitbull.rb:
# frozen_string_literal: true
Pitbull.configure do |config|
## --- Static Strategy ---
# Required - The application access token header's name for static authorization
# You can choose the name or use the helper Pitbull.static.default_header passing your app's name
# config.static.header = Pitbull.static.default_header('MyAppName') # X-MyAppName-Access-Token
# Required - The application access token header's value for static authorization
# config.static.token = '4c4074dc2243f7f00e98bce78547a67be3058bada3a6fbd4462c7684b2841e9b'
## --- Authorization Api Strategy ---
# Required - The authorization api's url of your authorization's server
# config.authorization_api.url = ENV['AUTHORIZATION_API_URL'] # https://my-authorization-api.domain.com/authorize
# Optional - The authorization api's protocol
# config.authorization_api.protocol = 'https'
# Optional - The authorization api's static access token header of your authorization's server
# config.authorization_api.access_token_header = 'X-MyAuthorizationApi-Access-Token'
# Optional - The authorization api's static access token value of your authorization's server
# config.authorization_api.access_token_value = '4c4074dc2243f7f00e98bce78547a67be3058bada3a6fbd4462c7684b2841e9b'
# Required - The authorization api's http success code
# config.authorization_api.success_http_code = 200
# Required - The header's name where it will send your jwt token to your authorization's server
# config.authorization_api.authorization_token_header = 'Authorization'
# Required - How to get your jwt token (it must be either Proc or Lambda)
# config.authorization_api.authorization_token_value = ->(request) { request.headers['Authorization'] }
end- Fork it
- Create your feature branch (git checkout -b my-new-feature)
- Commit your changes (git commit -am 'Add some feature')
- Push to the branch (git push origin my-new-feature)
- Create new Pull Request
The gem is available as open source under the terms of the MIT License.
Everyone interacting in the Rails::Healthcheck project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.