hack on auth, add service accts

Author: sayhiben

app/controllers/api/v1/ignore_lists_controller.rb

@@ -1,8 +1,8 @@
 module Api
   module V1
-    class IgnoreListsController < ApplicationController
+    class IgnoreListsController < BaseController
       before_action :authenticate_user!
-      before_action :require_admin!, except: [:index]
+      before_action :require_admin!
       before_action :set_ignore_list, only: [:show, :update, :destroy]
 
       # GET /api/v1/ignore_lists

app/controllers/api/v1/sessions_controller.rb

@@ -1,31 +1,38 @@
 module Api
   module V1
-    class SessionsController < Devise::SessionsController
-      skip_before_action :verify_authenticity_token
-      respond_to :json
+    class SessionsController < BaseController
+      skip_before_action :authenticate_user!, only: [:create, :destroy]
 
-      private
-
-      def respond_with(resource, _opts = {})
-        render json: {
-          status: { code: 200, message: 'Logged in successfully.' },
-          data: UserSerializer.new(resource).serializable_hash[:data][:attributes]
-        }, status: :ok
-      end
-
-      def respond_to_on_destroy
-        if current_user
+      def create
+        user = User.find_by(email: params.dig(:user, :email))
+        
+        if user&.valid_password?(params.dig(:user, :password))
+          # Generate JWT token using our custom payload method
+          token_payload = user.jwt_payload
+          token = JWT.encode(token_payload, Rails.application.secret_key_base, 'HS256')
+          
+          serializer = UserSerializer.new(user)
+          user_data = serializer.serializable_hash
+          
           render json: {
-            status: 200,
-            message: "Logged out successfully."
+            status: { code: 200, message: 'Logged in successfully.' },
+            user: user_data[:data] ? user_data[:data][:attributes] : user_data,
+            token: token
           }, status: :ok
         else
           render json: {
-            status: 401,
-            message: "Couldn't find an active session."
+            error: 'Invalid email or password'
           }, status: :unauthorized
         end
       end
+
+      def destroy
+        # For JWT, logout is typically handled client-side by discarding the token
+        render json: {
+          status: 200,
+          message: "Logged out successfully."
+        }, status: :ok
+      end
     end
   end
 end

app/models/user.rb

@@ -34,6 +34,10 @@ def flipper_id
     admin: "admin",
   }, default: "default"
 
+  # Service account flag  
+  scope :service_accounts, -> { where(is_service_account: true) }
+  scope :regular_users, -> { where(is_service_account: false) }
+
   # Validations (Devise handles email and password validations)
   validates :role, inclusion: { in: roles.keys }
 
@@ -74,6 +78,28 @@ def premium?
     # Could check subscription status, role, etc.
     admin?
   end
+
+  # Custom JWT payload for Devise JWT
+  def jwt_payload
+    # Service accounts get longer token expiration (30 days)
+    # Regular users get standard expiration (1 day)
+    expiration = is_service_account? ? 30.days.from_now : 1.day.from_now
+    
+    {
+      'sub' => id.to_s,
+      'scp' => 'user',
+      'aud' => nil,
+      'iat' => Time.current.to_i,
+      'exp' => expiration.to_i,
+      'jti' => SecureRandom.uuid,
+      'service_account' => is_service_account?
+    }
+  end
+
+  # Helper method to identify service accounts
+  def service_account?
+    is_service_account?
+  end
 
   # Flipper actor
   def flipper_id

config/routes.rb

@@ -109,6 +109,9 @@
 
     root to: "streams#index"
   end
+  
+  # Redirect /admin to admin dashboard
+  get "/admin", to: redirect("/admin/streams")
 
   # Mount Flipper UI without authentication - we'll handle it via Rack middleware
   mount Flipper::UI.app(Flipper) => "/admin/flipper"

db/migrate/20250710203831_add_service_account_to_users.rb

@@ -0,0 +1,6 @@
+class AddServiceAccountToUsers < ActiveRecord::Migration[8.0]
+  def change
+    add_column :users, :is_service_account, :boolean, default: false, null: false
+    add_index :users, :is_service_account
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[8.0].define(version: 2025_07_10_200215) do
+ActiveRecord::Schema[8.0].define(version: 2025_07_10_203831) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "pg_catalog.plpgsql"
 
@@ -168,7 +168,9 @@
     t.string "reset_password_token"
     t.datetime "reset_password_sent_at"
     t.datetime "remember_created_at"
+    t.boolean "is_service_account", default: false, null: false
     t.index ["email"], name: "index_users_on_email", unique: true
+    t.index ["is_service_account"], name: "index_users_on_is_service_account"
     t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
     t.index ["role"], name: "index_users_on_role"
   end

db/seeds/feature_flags.rb

@@ -24,4 +24,8 @@
 Flipper.disable(ApplicationConstants::Features::MAINTENANCE_MODE)
 Rails.logger.debug "Disabled MAINTENANCE_MODE"
 
+# Disable location validation by default
+Flipper.disable(ApplicationConstants::Features::LOCATION_VALIDATION)
+Rails.logger.debug "Disabled LOCATION_VALIDATION"
+
 Rails.logger.debug "Feature flags setup complete!"