hexpreview

README.md

# Servicex

To start your Phoenix server:

  * Install dependencies with `mix deps.get`
  * Create and migrate your database with `mix ecto.create && mix ecto.migrate`
  * Start Phoenix endpoint with `mix phx.server`

Now you can visit [`localhost:4000`](http://localhost:4000) from your browser.

Ready to run in production? Please [check our deployment guides](http://www.phoenixframework.org/docs/deployment).


## Installation

add deps

mix.exs

```
 defp deps do
    [
      {:phoenix, "~> 1.3.2"},
      {:phoenix_pubsub, "~> 1.0"},
      {:phoenix_ecto, "~> 3.2"},
      {:mariaex, ">= 0.0.0"},
      {:phoenix_html, "~> 2.10"},
      {:phoenix_live_reload, "~> 1.0", only: :dev},
      {:gettext, "~> 0.11"},
      {:cowboy, "~> 1.0"},
      {:servicex, "~> 0.1.0"}, #<- add here
    ]
  end
```

add Guardian DB conf

is must do mix.deps.get before secret_key config.
so update later.

config/config.exs

```
# Configures Guardian
config :servicex, Servicex.Authenticator,
  issuer: "your_app_name",  #<- mod your app name
  # Generate mix task 
  # > mix phx.gen.secret
  secret_key: "your secusecret token"

# Configures GuardianDB
config :guardian, Guardian.DB,
  repo: YourApp.Repo,  #<- mod your app repo
  schema_name: "guardian_tokens", # default
  #token_types: ["refresh_token"], # store all token types if not set
  sweep_interval: 60 # default: 60 minutes
```

config/dev.exs

```
# Configure servicex repo
config :servicex, :repo, YourApp.Repo  #<- add your app repo
```

```
> mix deps.get
```

update secret_key config

```
> mix phx.gen.secret
```

config/config.exs

```
# Configures Guardian
config :servicex, Servicex.Authenticator,
  issuer: "your_app_name",  
  # Generate mix task 
  # > mix phx.gen.secret
  secret_key: "your secusecret token" #<- mod your token
```

add application config

lib/your_app/application.ex

```
  def start(_type, _args) do
    import Supervisor.Spec

    # Define workers and child supervisors to be supervised
    children = [
      # Start the Ecto repository
      supervisor(YourApp.Repo, []),
      # Start the endpoint when the application starts
      supervisor(YourAppWeb.Endpoint, []),
      # Start your own worker by calling: YourApp.Worker.start_link(arg1, arg2, arg3)
      # worker(YoutApp.Worker, [arg1, arg2, arg3]),
      worker(Guardian.DB.Token.SweeperServer, []), #<- if you wont auto sweep invalid token, you must add GuardianDB worker.
    ]

    # See https://hexdocs.pm/elixir/Supervisor.html
    # for other strategies and supported options
    opts = [strategy: :one_for_one, name: YourApp.Supervisor]
    Supervisor.start_link(children, opts)
  end
```

do generate migration file for servicex and migrate

```
> mix servicex.gen.migration
> mix ecto.create
> mix ecto.migrate
```

add guardian pipeline

lib/your_app_web/router.ex

```
  pipeline :guardian_auth do
    plug Servicex.AuthenticatePipeline #<-- guardian jwt token authentication by user model.
  end
  pipeline :grant_check do
    plug Servicex.Plug.GrantChecker, repo: YourApp.Repo #<-- Grant check by user ,role and grant model.
  end
```

add servicex user and grant model path.

lib/your_app_web/router.ex

```
  scope "/your-path", ServicexWeb do
    pipe_through [ :api]

    post "sign-in", AuthenticatorController, :sign_in
  end

  scope "/your-path", ServicexWeb do
    pipe_through [ :api]

    get "/show-me", UserController, :show_me
    post "sign-out", AuthenticatorController, :sign_out
  end

  scope "/your-path", ServicexWeb do
    pipe_through [ :api, :guardian_auth, :grant_check]

    resources "/users", UserController, except: [:edit, :new]
    resources "/grants", GrantController, except: [:new, :edit]
  end
```

## Usage

regiter grant record.
servicex grant is white list about user role and request mothod.

Servicex.Plug.GrantChecker provide simple role check function.

for example
user hogehoge is administrator.
user fugafuga is ordialy operator.

priv/repo/seed.exs

```
alias Servicex.Accounts

Accounts.create_user(%{ name: "hogehoge", email: "hogehoge@example.com", password: "hogehoge", role: "admin"})
Accounts.create_user(%{ name: "fugafuga", email: "fugafuga@example.com", password: "fugafuga", role: "operator"})
Accounts.create_grant(%{ role: "anybody", method: "ANY", request_path: "/your-path/users" })
Accounts.create_grant(%{ role: "admin", method: "GET", request_path: "/your-path/grants" })
```

※ grant.role "anybody" is a special reserved keyword by Servicex and its means all roles.
※ grant.method "ANY" is a special reserved keyword by Servicex and its means all request methods.

```
> mix run priv/repo/seeds.exs
```

any request for "/your-path/users" is arrowed all users.
get request for "/your-path/grants" is arrowed only administrators.
if other role user access "/your-path/grants" by GET mthod, its access denied.
other request method for "/your-path/grants" is not arrowed anyone.


request sample 

```
> mix phx.server
```

Request

```
POST http://lodalhost:4000/your-path/sign-in HTTP/1.1
Content-Type: application/json

{
    "email": "hogehoge@example.com", 
    "password": "hogehoge"
  }
```

Response

```
{
  "token": "your_jwd_token",
  "id": 1
}
```

Request

```
GET {{url}}/admin/show-me HTTP/1.1
Content-Type: application/json
Authorization: Bearer your_jwd_token
```

Responce

```
{
  "role": "admin",
  "name": "hogehoge",
  "id": 1,
  "email": "hogehoge@example.com"
}
```

## Learn more

  * Official website: http://www.phoenixframework.org/
  * Guides: http://phoenixframework.org/docs/overview
  * Docs: https://hexdocs.pm/phoenix
  * Mailing list: http://groups.google.com/group/phoenix-talk
  * Source: https://github.com/phoenixframework/phoenix