Peel

A gem for token authorization of Grape APIs.

Peel is a gem to make token based authentication in Grape APIs easier. It uses warden under the hood to handle authentication of the requests. Finally, it leverages JSON web tokens for the API tokens. It is particularly geared towards clients that can't keep secrets, namely single-page apps.

Installation

Add this line to your application's Gemfile:

gem 'peel'

And then execute:

$ bundle

Or install it yourself as:

$ gem install peel

Usage

API Side

To create an API with the methods protected by token authentication, subclass the Peel::API :

class ProtectedAPI < Peel::API
  get '/protected' do
    'secret stuff'
  end
end

To get access to warden related helpers throughout your API mixin the Peel::ApiInclude like so:

class YourAPI < Grape::API
  include Peel::ApiInclude
end

You can mount the protected API within your base Grape::API (or mount it seprately via Rails or other):

class YourAPI < Grape::API
  include Peel::ApiInclude
  mount ProtectedAPI

  get '/' do
    'Not secret'
  end
end

Now GETting '/protected' will fail when proper authentication tokens are not presented. GETtting '/' is unprotected and freely accessible.

Client-Side

  • Add the tokens in the header as 'Authorization' => token
  • You can store the tokens in localStorage, session storage, or client cookies. See here for more

Other Important Info

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request