Protect endpoints

2026-01-11 18:54:33 +00:00 · 2023-02-18 11:17:08 +00:00
parent ff8a0e6260
commit a61c14893f
4 changed files with 36 additions and 0 deletions
--- a/lib/phoenix_api_template_web/auth/guardian_error_handler.ex
+++ b/lib/phoenix_api_template_web/auth/guardian_error_handler.ex
@@ -0,0 +1,11 @@
+defmodule PhoenixApiTemplateWeb.Auth.GuardianErrorHandler do
+  import Plug.Conn
+
+  def auth_error(conn, {type, _reason}, _opts) do
+    body = Jason.encode!(%{error: to_string(type)})
+
+    conn
+    |> put_resp_content_type("application/json")
+    |> send_resp(401, body)
+  end
+end
--- a/lib/phoenix_api_template_web/auth/pipeline.ex
+++ b/lib/phoenix_api_template_web/auth/pipeline.ex
@@ -0,0 +1,11 @@
+defmodule PhoenixApiTemplateWeb.Auth.Pipeline do
+  use Guardian.Plug.Pipeline,
+    otp_app: :phoenix_api_template,
+    module: PhoenixApiTemplateWeb.Auth.Guardian,
+    error_handler: PhoenixApiTemplateWeb.Auth.GuardianErrorHandler
+
+  plug Guardian.Plug.VerifySession
+  plug Guardian.Plug.VerifyHeader
+  plug Guardian.Plug.EnsureAuthenticated
+  plug Guardian.Plug.LoadResource
+end
--- a/lib/phoenix_api_template_web/router.ex
+++ b/lib/phoenix_api_template_web/router.ex
@@ -18,6 +18,10 @@ defmodule PhoenixApiTemplateWeb.Router do
    plug(:accepts, ["json"])
  end

+  pipeline :auth do
+    plug PhoenixApiTemplateWeb.Auth.Pipeline
+  end
+
  scope "/api", PhoenixApiTemplateWeb do
    pipe_through(:api)

@@ -25,4 +29,10 @@ defmodule PhoenixApiTemplateWeb.Router do
    post("/register", UserController, :create)
    post("/login", UserController, :sign_in)
  end
+
+  scope "/api", PhoenixApiTemplateWeb do
+    pipe_through([:api, :auth])
+
+    get "/users/by_id/:id", UserController, :show
+  end
 end