I'm trying to build a RESTFul API with devise & jwt.
I can register, and login/logout using my jwt bear token, using Postman.
Now I have a problem when I want to POST an Article.
I dont understand why my console goes for a login after I POST an Article with Postman.
Also I dont understand why I get this 401 error. It's really hard to find some content with RESTFul + API + Devise + JWT.
Do you think it's better in the long term to run with or without Devise ? Cause there is actually some content without Devise.
What I try on Postman
Authorization : <Bearer token>
{
"title":"the title",
"content":"the content"
}
Returned ERROR message from the console when I post an Article with Postman ( and with a the same bear token as for login/logout
Started POST "/articles" for ::1 at 2021-09-01 18:07:41 +0200
Processing by ArticlesController#create as */*
Parameters: {"title"=>"the title", "content"=>"the content", "article"=>{"title"=>"the title", "content"=>"the content"}}
Completed 401 Unauthorized in 76ms (Allocations: 113)
Started GET "/api/login" for ::1 at 2021-09-01 18:07:41 +0200
Processing by SessionsController#new as JSON
Completed 200 OK in 71ms (Views: 2.5ms | Allocations: 179)
app/controllers/articles_controller.rb
class ArticlesController < ApplicationController
before_action :set_todo, only: [:show, :update, :destroy]
before_action :authenticate_user!
# GET /todos
def index
@articles = Article.all
json_response(@articles)
end
# POST /todos
def create
@article = Article.create!(article_params)
@article.user = current_user
end
# GET /todos/:id
def show
json_response(@article)
end
# PUT /todos/:id
def update
@article.update(article_params)
head :no_content
end
# DELETE /todos/:id
def destroy
@article.destroy
head :no_content
end
private
def article_params
# whitelist params
params.permit(:title, :content, :user_id)
end
def set_article
@article = Article.find(params[:id])
end
end
db/shema.rb
ActiveRecord::Schema.define(version: 2021_09_01_124211) do
# These are extensions that must be enabled in order to support this database
enable_extension "plpgsql"
create_table "articles", force: :cascade do |t|
t.string "title"
t.text "content"
t.datetime "created_at", precision: 6, null: false
t.datetime "updated_at", precision: 6, null: false
t.bigint "user_id", null: false
t.index ["user_id"], name: "index_articles_on_user_id"
end
create_table "jwt_denylist", force: :cascade do |t|
t.string "jti", null: false
t.datetime "expired_at", null: false
t.index ["jti"], name: "index_jwt_denylist_on_jti"
end
create_table "users", force: :cascade do |t|
t.string "email", default: "", null: false
t.string "encrypted_password", default: "", null: false
t.string "reset_password_token"
t.datetime "reset_password_sent_at"
t.datetime "remember_created_at"
t.datetime "created_at", precision: 6, null: false
t.datetime "updated_at", precision: 6, null: false
t.index ["email"], name: "index_users_on_email", unique: true
t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
end
add_foreign_key "articles", "users"
end
app/models/article.rb
class Article < ApplicationRecord
belongs_to :user
end
app/models/user.rb
class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
devise :database_authenticatable, :registerable,
:jwt_authenticatable, jwt_revocation_strategy: JwtDenylist
has_many :articles
end