This app was adopted from the Rails Example App.
Clone the repo and run the following commands to set up the project:
bundle install
bundle exec rails db:setup
bundle exec rails db:seed
You can then run bundle exec rails s to start the local server.
- acts_as_follower - For implementing followers/following
- acts_as_taggable - For implementing tagging functionality
- Devise - For implementing authentication
- Jbuilder - Default JSON rendering gem that ships with Rails, used for making reusable templates for JSON output.
- JWT - For generating and validating JWTs for authentication
config/initializers/jbuilder.rb- Jbuilder configuration for camelCase outputapp/controllers/application_controller.rb#underscore_params!- Convert camelCase params into snake_case params
By default Ruby on Rails will throw an exception when a request doesn't contain a valid CSRF token. Since we're using JWT's to authenticate users instead of sessions, we can tell Rails to use an empty session instead of throwing an exception for requests by specifying :null_session in app/controllers/application_controller.rb.
Requests are authenticated using the Authorization header with a valid JWT. The application_controller.rb#authenticate_user! filter is used like the one provided by Devise, it will respond with a 401 status code if the request requires authentication that hasn't been provided. The application_controller.rb#authenticate_user filter is called on every request to try and authenticate the Authorization header. It will only interrupt the request if a JWT is present and invalid. The user's id is then parsed from the JWT and stored in an instance variable called @current_user_id. @current_user_id can be used in any controller when we only need the user's id to save a trip to the database. Otherwise, we can call current_user to fetch the authenticated user from the database.
Devise only requires an email and password upon registration. To allow additional parameters on sign up, we use application_controller#configure_permitted_parameters to allow additional parameters.