Skip to content

Commit

Permalink
feat: configured sessions store
Browse files Browse the repository at this point in the history
  • Loading branch information
@noahdurbin
noahdurbin committed Aug 22, 2024
1 parent 8c03390 commit 09ddd12
Show file tree
Hide file tree
Showing 8 changed files with 57 additions and 24 deletions.
4 changes: 2 additions & 2 deletions Gemfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ gem 'puma', '>= 5.0'
# gem "kredis"

# Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]
gem "bcrypt", "~> 3.1.7"
gem 'bcrypt', '~> 3.1.7'

# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
gem 'tzinfo-data', platforms: %i[windows jruby]
Expand All @@ -33,7 +33,7 @@ gem 'bootsnap', require: false
# gem "image_processing", "~> 1.2"

# Use Rack CORS for handling Cross-Origin Resource Sharing (CORS), making cross-origin Ajax possible
# gem "rack-cors"
gem 'rack-cors'

# Use Faraday for making HTTP requests
gem 'faraday'
Expand Down
3 changes: 3 additions & 0 deletions Gemfile.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,8 @@ GEM
nio4r (~> 2.0)
racc (1.8.1)
rack (3.1.7)
rack-cors (2.0.2)
rack (>= 2.0.0)
rack-session (2.0.0)
rack (>= 3.0.0)
rack-test (2.1.0)
Expand Down Expand Up @@ -278,6 +280,7 @@ DEPENDENCIES
pg (~> 1.1)
pry (~> 0.14.2)
puma (>= 5.0)
rack-cors
rails (~> 7.1.3, >= 7.1.3.4)
rspec-rails (~> 6.1)
shoulda-matchers (~> 6.4)
Expand Down
11 changes: 11 additions & 0 deletions app/controllers/api/v1/sessions_controller.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
class Api::V1::SessionsController < ApplicationController
def create
user = User.find_by(email: params[:email])
if user && user.authenticate(params[:password])
session[:user_id] = user.id
render json: UserSerializer.new(user)
else
render json: { errors: [{ message: 'Invalid email or password' }] }, status: :unauthorized
end
end
end
1 change: 1 addition & 0 deletions app/controllers/application_controller.rb
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
class ApplicationController < ActionController::API
include ActionController::Cookies
end
27 changes: 14 additions & 13 deletions config/application.rb
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
require_relative "boot"
require_relative 'boot'

require "rails"
require 'rails'
# Pick the frameworks you want:
require "active_model/railtie"
require "active_job/railtie"
require "active_record/railtie"
require "active_storage/engine"
require "action_controller/railtie"
require "action_mailer/railtie"
require "action_mailbox/engine"
require "action_text/engine"
require "action_view/railtie"
require "action_cable/engine"
require 'active_model/railtie'
require 'active_job/railtie'
require 'active_record/railtie'
require 'active_storage/engine'
require 'action_controller/railtie'
require 'action_mailer/railtie'
require 'action_mailbox/engine'
require 'action_text/engine'
require 'action_view/railtie'
require 'action_cable/engine'
# require "rails/test_unit/railtie"

# Require the gems listed in Gemfile, including any gems
Expand All @@ -26,7 +26,7 @@ class Application < Rails::Application
# Please, add to the `ignore` list any other `lib` subdirectories that do
# not contain `.rb` files, or that should not be reloaded or eager loaded.
# Common ones are `templates`, `generators`, or `middleware`, for example.
config.autoload_lib(ignore: %w(assets tasks))
config.autoload_lib(ignore: %w[assets tasks])

# Configuration for the application, engines, and railties goes here.
#
Expand All @@ -40,5 +40,6 @@ class Application < Rails::Application
# Middleware like session, flash, cookies can be added back manually.
# Skip views, helpers and assets when generating a new resource.
config.api_only = true
config.middleware.use ActionDispatch::Session::CookieStore
end
end
18 changes: 9 additions & 9 deletions config/initializers/cors.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,12 @@

# Read more: https://github.com/cyu/rack-cors

# Rails.application.config.middleware.insert_before 0, Rack::Cors do
# allow do
# origins "example.com"
#
# resource "*",
# headers: :any,
# methods: [:get, :post, :put, :patch, :delete, :options, :head]
# end
# end
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins 'http://localhost:3000'

resource '*',
headers: :any,
methods: %i[get post put patch delete options head], credentials: true
end
end
1 change: 1 addition & 0 deletions config/routes.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
namespace :api do
namespace :v1 do
resources :users, only: %i[create]
resources :sessions, only: %i[create]
end
end
end
16 changes: 16 additions & 0 deletions spec/requests/api/v1/user_request_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,20 @@
expect(error[:errors].first[:message]).to eq("Password confirmation doesn't match Password")
end
end

describe 'POST /sessions' do
it 'logs in a existing user' do
user = User.create(email: '[email protected]', password: 'password', password_confirmation: 'password')

post '/api/v1/sessions', params: { email: user.email, password: user.password }

expect(response).to have_http_status(:ok)

expect(session[:user_id]).to eq(user.id)

response_body = JSON.parse(response.body, symbolize_names: true)

expect(response_body[:data][:attributes][:email]).to eq(user.email)
end
end
end

0 comments on commit 09ddd12

Please sign in to comment.