Skip to content

jpgeek/rails_api

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits

app

app

 
 

bin

bin

 
 

config

config

 
 

db

db

 
 

docs

docs

 
 

lib

lib

 
 

log

log

 
 

public

public

 
 

spec

spec

 
 

storage

storage

 
 

tmp

tmp

 
 

vendor

vendor

 
 

.byebug_history

.byebug_history

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

.rspec

.rspec

 
 

.rubocop.yml

.rubocop.yml

 
 

.ruby-version

.ruby-version

 
 

Gemfile

Gemfile

 
 

Gemfile.lock

Gemfile.lock

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Rakefile

Rakefile

 
 

config.ru

config.ru

 
 

Repository files navigation

Rails Api

A Ruby On Rails template for an API only application. Contains authorization, authentication and test framework setup.

Rails

Version 7.0

Database

MySQL

Style

Style is enforced with Rubocop with Rubocop Rails configuration.

JSON

HATEOAS Why HATEOAS is Useless and what that means for REST

Might consider this in the future: Follows JSON:API formatting. JSON:API

Testing

Rspec, included via rspec-rails. factory-bot shoulda-matchers pundit-matchers

Authorization

pundit

Authentication

bcrypt + has_secure_password

jwt

OWASP indicates that JWT is an emerging standard for security tokens: OWASP

Using HMAC with SHA-512 ("alg" value = "HS512"). Application is a single verifier, so don't need asymmetric keys.

ref

JWT implementation

JWT is handled by jwt_rails Wrapped by JwtManager to set defaults, add revocation.

TODO

Add Pundit auth to controllers Add json response for auth errors render_error_payload(...)

Add Authentication, specs

User, Token responses Pagination, filtering on resources

About

A Ruby On Rails template for an API only application.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages