User session feature
This is basic user session feature. It consists of 3 endpoints:
The point of this endpoint is create user session (sign in) by auth user credentials.
module Api::V1::Users
class SessionsController < ApiController
def create
endpoint Api::V1::Users::Sessions::Operation::Create
end
end
endmodule Api::V1::Users::Sessions::Operation
class Create < ApplicationOperation
step Macro::Contract::Schema(Api::V1::Users::Sessions::Contract::Create)
step Contract::Validate(), fail_fast: true
step Model(Account, :find_by_email, :email)
fail Macro::Semantic(failure: :not_found)
fail Macro::AddContractError(base: 'errors.session.not_found'), fail_fast: true
step :authenticate
fail Macro::Semantic(failure: :unauthorized)
fail Macro::AddContractError(base: 'errors.session.wrong_credentials'), fail_fast: true
step :set_user_tokens # sets session tokens bundle into ctx[:tokens]
step Macro::Semantic(success: :created)
step Macro::Renderer(serializer: Api::V1::Lib::Serializer::Account, meta: :tokens)
end
endThe point of this endpoint is destroy user session (sign out) by X-Refresh-Token.
module Api::V1::Users
class SessionsController < ApiController
def destroy
authorize_refresh_request! # authorize by X-Refresh-Token in headers
endpoint Api::V1::Users::Sessions::Operation::Destroy,
options: { found_token: found_token } # passes refresh token to operation
end
end
endmodule Api::V1::Users::Sessions::Operation
class Destroy < ApplicationOperation
step Rescue(JWTSessions::Errors::Unauthorized) {
step :destroy_user_session # destroy current user session
}
step Macro::Semantic(success: :destroyed)
end
endThe point of this endpoint is refresh user session by X-Refresh-Token.
class RefreshesController < ApiController
def create
authorize_refresh_request! # authorize by X-Refresh-Token in headers
endpoint Api::V1::Users::Sessions::Refreshes::Operation::Create,
options: { found_token: found_token, payload: payload } # passes refresh token and payload to operation
end
end
endmodule Api::V1::Users::Sessions::Refreshes::Operation
class Create < ApplicationOperation
step Rescue(JWTSessions::Errors::Unauthorized) {
step :refresh_user_tokens # also user session will be destroyed if detected attempt to refresh unexpired access
}
fail Macro::Semantic(failure: :forbidden)
step Macro::Semantic(success: :created)
step Macro::Renderer(meta: :tokens)
end
end
RubyGarage is a leading software development and consulting company in Eastern Europe. Our main expertise includes Ruby and Ruby on Rails, but we successfully employ other technologies to deliver the best results to our clients. Check out our portfolio for even more exciting works!