Add Authentication API

Gemfile

@@ -56,6 +56,10 @@ gem "redcarpet"
 # It is critical to not include any of the jquery gems when following this pattern or
 # else you might have multiple jQuery versions.
 
+gem "devise"
+
+gem 'jwt'
+
 group :development do
   # Access an IRB console on exceptions page and /console in development
   gem "web-console"

Gemfile.lock

@@ -85,6 +85,7 @@ GEM
       execjs (~> 2)
     awesome_print (1.9.2)
     base64 (0.2.0)
+    bcrypt (3.1.20)
     benchmark (0.4.0)
     bigdecimal (3.1.8)
     bindex (0.8.1)
@@ -134,6 +135,12 @@ GEM
       irb (~> 1.10)
       reline (>= 0.3.8)
     debug_inspector (1.2.0)
+    devise (4.9.4)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0)
+      responders
+      warden (~> 1.2.3)
     diff-lcs (1.5.1)
     docile (1.4.0)
     drb (2.2.1)
@@ -165,6 +172,8 @@ GEM
       actionview (>= 5.0.0)
       activesupport (>= 5.0.0)
     json (2.7.2)
+    jwt (2.10.1)
+      base64
     language_server-protocol (3.17.0.3)
     launchy (3.0.1)
       addressable (~> 2.8)
@@ -204,6 +213,7 @@ GEM
       racc (~> 1.4)
     nokogiri (1.16.6-x86_64-linux)
       racc (~> 1.4)
+    orm_adapter (0.5.0)
     package_json (0.1.0)
     parallel (1.26.3)
     parser (3.3.3.0)
@@ -304,6 +314,9 @@ GEM
     reline (0.5.9)
       io-console (~> 0.5)
     require_all (3.0.0)
+    responders (3.1.1)
+      actionpack (>= 5.2)
+      railties (>= 5.2)
     rexml (3.3.1)
       strscan
     rspec-core (3.13.0)
@@ -425,6 +438,8 @@ GEM
     unicode-emoji (4.0.4)
     uri (1.0.2)
     useragent (0.16.10)
+    warden (1.2.9)
+      rack (>= 2.0.9)
     web-console (4.2.1)
       actionview (>= 6.0.0)
       activemodel (>= 6.0.0)
@@ -454,10 +469,12 @@ DEPENDENCIES
   coveralls_reborn (~> 0.25.0)
   database_cleaner
   debug (>= 1.0.0)
+  devise
   factory_bot_rails
   foreman
   generator_spec
   jbuilder
+  jwt
   launchy
   listen
   net-pop!

app/controllers/api/authentication_controller.rb

@@ -0,0 +1,39 @@
+class Api::AuthenticationController < ApplicationController
+  def create
+    user = User.find_by(email: params[:email])
+
+    if user&.valid_password?(params[:password])
+      # Generate JWT or session token
+      token = user.generate_jwt
+
+      render json: { 
+        message: 'Login successful', 
+        token: token 
+      }, status: :ok
+    else
+      render json: { error: 'Invalid credentials' }, status: :unauthorized
+    end
+  end
+
+  def signup
+    user = User.new(user_params)
+
+    if user.save
+      token = user.generate_jwt
+      render json: { 
+        message: 'Signup successful', 
+        token: token 
+      }, status: :created
+    else
+      render json: { 
+        errors: user.errors.full_messages 
+      }, status: :unprocessable_entity
+    end
+  end
+
+  private
+
+  def user_params
+    params.require(:user).permit(:email, :password, :password_confirmation)
+  end
+end

app/controllers/application_controller.rb

@@ -3,6 +3,6 @@
 class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
-  protect_from_forgery with: :exception,
+  protect_from_forgery with: :null_session,
                        if: proc { request.headers["X-Auth"] != "tutorial_secret" }
 end

app/models/user.rb

@@ -0,0 +1,14 @@
+class User < ApplicationRecord
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :validatable
+
+  def generate_jwt
+    JWT.encode(
+      { 
+        id: id, 
+        exp: 60.days.from_now.to_i 
+      }, 
+      Rails.application.credentials.secret_key_base
+    )
+  end
+end