The latest articles on Forem by Mohammad Hossain (@mohhossain). https://forem.com/mohhossain https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F963292%2Fa0009263-55a5-4163-b2d3-618fc4217fa0.png https://forem.com/mohhossain en Mohammad Hossain Fri, 18 Nov 2022 19:08:46 +0000 https://forem.com/mohhossain/recursive-rendering-in-react-24b https://forem.com/mohhossain/recursive-rendering-in-react-24b <h3> What is Recursion? </h3> <p>In computer science, recursion is <strong>a method of solving a computational problem where the solution depends on solutions to more minor instances of the same problem</strong>. Recursion solves such recursive problems by using functions that call themselves from within their own code. </p> <p>For example, a factorial(5) is 5*4*3*2*1. If we want to solve it recursively, we can say a factorial(5) is 5 times the factorial(4): 5*4! </p> <p>And factorial(4) is 4*3! until we reach the number 1.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="mi">5</span><span class="o">!</span> <span class="mi">5</span> <span class="o">*</span> <span class="mi">4</span><span class="o">!</span> <span class="mi">5</span> <span class="o">*</span> <span class="mi">4</span> <span class="o">*</span> <span class="mi">3</span><span class="o">!</span> <span class="mi">5</span> <span class="o">*</span> <span class="mi">4</span> <span class="o">*</span> <span class="mi">3</span> <span class="o">*</span> <span class="mi">2</span><span class="o">!</span> <span class="mi">5</span> <span class="o">*</span> <span class="mi">4</span> <span class="o">*</span> <span class="mi">3</span> <span class="o">*</span> <span class="mi">2</span> <span class="o">*</span> <span class="mi">1</span> </code></pre> </div> <p>We eventually reach the same solution which is 5 * 4 * 3 * 2 * 1. If we have to write a function for factorial we can write the following:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="kd">function</span> <span class="nf">factorial</span><span class="p">(</span><span class="nx">n</span><span class="p">){</span> <span class="k">return</span> <span class="nx">n</span> <span class="o">*</span> <span class="nf">factorial</span><span class="p">(</span><span class="nx">n</span> <span class="err">‑</span> <span class="mi">1</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>If we invoke the factorial() function and pass an integer n, it will keep calling the factorial() * n, and in each invocation, n will be n-1. </p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmoimaklg0wxdy72fjamv.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmoimaklg0wxdy72fjamv.png" alt="Image description" width="800" height="350"></a></p> <p>However, we have a serious problem. We did not tell our function when to stop and therefore our factorial() function will end up in an infinite loop and we will never reach the solution. Telling the function when to terminate is called a <em>base case. Base case</em> is always required when defining a recursive function. The <strong>base case</strong> in this case would be n = 1. Since factorials of numbers that are less than 1 don't make any sense, we stop at the number 1 and return the factorial of 1 (which is 1).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="kd">function</span> <span class="nf">factorial</span><span class="p">(</span><span class="nx">n</span><span class="p">){</span> <span class="k">if</span><span class="p">(</span><span class="nx">n</span> <span class="o">===</span> <span class="mi">1</span><span class="p">)</span> <span class="k">return</span> <span class="mi">1</span><span class="p">;</span> <span class="k">else</span> <span class="k">return</span> <span class="nx">n</span> <span class="o">*</span> <span class="nf">factorial</span><span class="p">(</span><span class="nx">n</span> <span class="err">‑</span> <span class="mi">1</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Now if we pass 5 as n: factorial(5)</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj7isv9918ji0yqj8c0mz.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj7isv9918ji0yqj8c0mz.png" alt="Image description" width="800" height="166"></a></p> <h3> How do we handle recursion in React? </h3> <p>What would a recursive call look like in react? Let’s say you are making an API call and the response data has children that is also the same key and value format.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="err">text:</span><span class="w"> </span><span class="s2">"some text"</span><span class="p">,</span><span class="w"> </span><span class="err">data:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">text:</span><span class="w"> </span><span class="s2">"some text"</span><span class="p">,</span><span class="w"> </span><span class="err">data:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">text:</span><span class="w"> </span><span class="s2">"some text"</span><span class="p">,</span><span class="w"> </span><span class="err">data:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">text:</span><span class="w"> </span><span class="s2">"No more data here"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>As you can see the object <code>data</code> is continuously stacked on top of another <code>data</code> object. We can have indefinite amount of stacked data. Using recursion we will render the data. </p> <p>Say that our component is called <code>&lt;RecursivelyRenderComponent&gt;</code> which takes the <code>data</code> object as a prop and will render the <code>text</code> inside the <code>data</code> object.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="kd">function</span> <span class="nf">RecursivelyRenderComponent</span><span class="p">({</span> <span class="nx">data</span> <span class="p">})</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">h1</span><span class="p">&gt;</span><span class="si">{</span><span class="nx">data</span><span class="p">.</span><span class="nx">text</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">h1</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>This will return the first instance of the text. But what about the nested ones? </p> <p>We need to recursively return the same component within <em>itself</em> for the amount of time we encounter <code>data</code>. </p> <p>Our recursion will look like:</p> <ul> <li> <strong>Base case:</strong> If <code>data</code> does’t exist we stop recursion</li> <li> <strong>Recursion rule:</strong> If <code>data</code> exist render <code>&lt;RecursivelyRenderComponent&gt;</code> again and pass <code>data</code> as a prop.</li> </ul> <p>Our component will look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="kd">function</span> <span class="nf">RecursivelyRenderComponent</span><span class="p">({</span> <span class="nx">data</span> <span class="p">})</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">data</span><span class="p">)</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">h1</span><span class="p">&gt;</span><span class="si">{</span><span class="nx">data</span><span class="p">.</span><span class="nx">text</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">h1</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nc">RecursivelyRenderComponent</span> <span class="na">data</span><span class="p">=</span><span class="si">{</span><span class="nx">data</span><span class="p">.</span><span class="nx">data</span><span class="si">}</span> <span class="p">&gt;&lt;/</span><span class="nc">RecursivelyRenderComponent</span><span class="p">&gt;</span> <span class="si">{</span><span class="cm">/*calling the same component recursivly */</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">);</span> <span class="k">else</span> <span class="k">return</span> <span class="p">&lt;</span><span class="nt">h1</span><span class="p">&gt;</span><span class="si">{</span><span class="nx">data</span><span class="p">.</span><span class="nx">text</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">h1</span><span class="p">&gt;;</span> <span class="p">}</span> </code></pre> </div> <p>We can simplify it more using ternary:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="kd">function</span> <span class="nf">RecursivelyRenderComponent</span><span class="p">({</span> <span class="nx">data</span> <span class="p">})</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">h1</span><span class="p">&gt;</span><span class="si">{</span><span class="nx">data</span><span class="p">.</span><span class="nx">text</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">h1</span><span class="p">&gt;</span> <span class="si">{</span><span class="nx">data</span><span class="p">.</span><span class="nx">data</span> <span class="p">?</span> <span class="p">(</span> <span class="p">&lt;</span><span class="nc">RecursivelyRenderComponent</span> <span class="na">data</span><span class="p">=</span><span class="si">{</span><span class="nx">data</span><span class="p">.</span><span class="nx">data</span><span class="si">}</span> <span class="p">&gt;&lt;/</span><span class="nc">RecursivelyRenderComponent</span><span class="p">&gt;</span> <span class="p">{</span><span class="cm">/*calling the same component recursivly */</span><span class="p">}</span> <span class="p">)</span> <span class="p">:</span> <span class="kc">null</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>And our DOM will look like this: </p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvtm7xktpy5sek6d94a5i.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvtm7xktpy5sek6d94a5i.png" alt="Image description" width="800" height="220"></a></p> <h3> Let’s analyze a real-life scenario </h3> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faodim3ggd5cfinqg5sko.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faodim3ggd5cfinqg5sko.png" alt="Image description" width="800" height="1197"></a></p> <p>This is a thread from a random Reddit post. As seen in the picture a Reddit post can have multiple replies, and the replies can also have multiple replies. The replies to a post can be heavily nested. In this example, each new thread has a space and a line indicating the parent reply. Similar to our previous example of <code>&lt;RecursivelyRenderComponent/&gt;</code>, this type of data could be handled using recursion. </p> <h3> How do we render reddit style replies? </h3> <p>Sample response data:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span> <span class="na">post</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">author</span><span class="p">:</span> <span class="dl">"</span><span class="s2">goodKitty</span><span class="dl">"</span><span class="p">,</span> <span class="na">title</span><span class="p">:</span> <span class="dl">"</span><span class="s2">A day in a life of a kitten!</span><span class="dl">"</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Claws in your leg the best thing in the universe is a cardboard box lie on your belly and purr when you are asleep so chase ball of string yet i like big cats and i can not lie wake up human for food at 4am. Ask for petting stand with legs in litter box, but poop outside yet climb leg, yet favor packaging over toy. Stare at wall turn and meow stare at wall some more meow again continue staring the dog smells bad miaow then turn around and show you my bum and cry louder at reflection yet missing until dinner time lasers are tiny mice.</span><span class="dl">"</span><span class="p">,</span> <span class="na">reply</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">author</span><span class="p">:</span> <span class="dl">"</span><span class="s2">KittyLord</span><span class="dl">"</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Love it!</span><span class="dl">"</span><span class="p">,</span> <span class="na">reply</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">author</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Hungrycat22</span><span class="dl">"</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Meow To!</span><span class="dl">"</span><span class="p">,</span> <span class="na">reply</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">author</span><span class="p">:</span> <span class="dl">"</span><span class="s2">catnipDealer</span><span class="dl">"</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="dl">"</span><span class="s2">purrrrrrrr!!</span><span class="dl">"</span><span class="p">,</span> <span class="na">reply</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">author</span><span class="p">:</span> <span class="dl">"</span><span class="s2">KittyLord</span><span class="dl">"</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Purrfect!</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">],</span> <span class="p">},</span> <span class="p">],</span> <span class="p">},</span> <span class="p">{</span> <span class="na">author</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Hungrycat22</span><span class="dl">"</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Mice!!!</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">],</span> <span class="p">},</span> <span class="p">{</span> <span class="na">author</span><span class="p">:</span> <span class="dl">"</span><span class="s2">CatM0m</span><span class="dl">"</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="dl">"</span><span class="s2">I have a cat!</span><span class="dl">"</span><span class="p">,</span> <span class="na">reply</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">author</span><span class="p">:</span> <span class="dl">"</span><span class="s2">dirtyKitten</span><span class="dl">"</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="dl">"</span><span class="s2">I have 2 cats</span><span class="dl">"</span><span class="p">,</span> <span class="na">reply</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">author</span><span class="p">:</span> <span class="dl">"</span><span class="s2">CatM0m</span><span class="dl">"</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Hahahaha</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">],</span> <span class="p">},</span> <span class="p">],</span> <span class="p">},</span> <span class="p">],</span> <span class="p">},</span> <span class="p">},</span> <span class="p">]</span> </code></pre> </div> <p>This is similar data to a Reddit post. We have <code>post</code>s, which contains replies, and the replies contain more replies. The replies should be rendered under the post and should keep nesting under other replies until there are no replies in the data.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="kd">function</span> <span class="nf">Reply</span><span class="p">({</span> <span class="nx">reply</span> <span class="p">})</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">div</span><span class="p">&gt;</span> <span class="si">{</span><span class="nx">reply</span><span class="p">.</span><span class="nx">author</span><span class="si">}</span> replied <span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;</span> <span class="p">{</span><span class="nx">reply</span><span class="p">.</span><span class="nx">text</span><span class="p">}</span> <span class="p">&lt;</span><span class="err">/</span><span class="na">p</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">div</span><span class="p">&gt;</span> <span class="si">{</span><span class="nx">reply</span><span class="p">.</span><span class="nx">reply</span> <span class="p">?</span> <span class="nx">reply</span><span class="p">.</span><span class="nx">reply</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">reply</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">&lt;</span><span class="nc">Reply</span> <span class="na">reply</span><span class="p">=</span><span class="si">{</span><span class="nx">reply</span><span class="si">}</span><span class="p">&gt;&lt;/</span><span class="nc">Reply</span><span class="p">&gt;)</span> <span class="p">:</span> <span class="kc">null</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Our <code>&lt;Reply/&gt;</code> component takes a prop <code>reply</code>, it renders the author and text of the reply and check if the data has any <code>reply</code> inside. If there is a <code>reply</code> field, we map through it (since <code>reply</code> returns an array) and re-render the <code>&lt;Reply/&gt;</code> for each element of the array and pass the element as a prop: <code>reply.reply.map((reply) =&gt; &lt;Reply reply={reply}&gt;&lt;/Reply&gt;)</code>.</p> <p>If there is no <code>reply</code> we stop the recursion and <strong>that’s our base case.</strong></p> <p>Adding some forum style spacing to it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="kd">function</span> <span class="nf">Reply</span><span class="p">({</span> <span class="nx">reply</span> <span class="p">})</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">p</span> <span class="na">style</span><span class="p">=</span><span class="si">{</span><span class="p">{</span> <span class="na">marginLeft</span><span class="p">:</span> <span class="dl">"</span><span class="s2">10px</span><span class="dl">"</span><span class="p">,</span> <span class="na">textDecoration</span><span class="p">:</span> <span class="dl">"</span><span class="s2">underline</span><span class="dl">"</span><span class="p">,</span> <span class="na">color</span><span class="p">:</span> <span class="dl">"</span><span class="s2">grey</span><span class="dl">"</span><span class="p">,</span> <span class="na">fontStyle</span><span class="p">:</span> <span class="dl">"</span><span class="s2">italic</span><span class="dl">"</span><span class="p">,</span> <span class="p">}</span><span class="si">}</span> <span class="p">&gt;</span> <span class="si">{</span><span class="nx">reply</span><span class="p">.</span><span class="nx">author</span><span class="si">}</span> replied <span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">p</span> <span class="na">style</span><span class="p">=</span><span class="si">{</span><span class="p">{</span> <span class="na">marginLeft</span><span class="p">:</span> <span class="dl">"</span><span class="s2">10px</span><span class="dl">"</span><span class="p">,</span> <span class="na">backgroundColor</span><span class="p">:</span> <span class="dl">"</span><span class="s2">beige</span><span class="dl">"</span><span class="p">,</span> <span class="na">padding</span><span class="p">:</span> <span class="dl">'</span><span class="s1">20px</span><span class="dl">'</span> <span class="p">}</span><span class="si">}</span> <span class="p">&gt;</span> <span class="si">{</span><span class="nx">reply</span><span class="p">.</span><span class="nx">text</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">div</span> <span class="na">className</span><span class="p">=</span><span class="s">"forum"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">div</span> <span class="na">className</span><span class="p">=</span><span class="s">"break"</span><span class="p">&gt;&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">div</span><span class="p">&gt;</span> <span class="si">{</span><span class="nx">reply</span><span class="p">.</span><span class="nx">reply</span> <span class="p">?</span> <span class="nx">reply</span><span class="p">.</span><span class="nx">reply</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">reply</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">&lt;</span><span class="nc">Reply</span> <span class="na">reply</span><span class="p">=</span><span class="si">{</span><span class="nx">reply</span><span class="si">}</span><span class="p">&gt;&lt;/</span><span class="nc">Reply</span><span class="p">&gt;)</span> <span class="p">:</span> <span class="kc">null</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Css:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight css"><code><span class="nc">.forum</span><span class="p">{</span> <span class="nl">display</span><span class="p">:</span> <span class="n">flex</span><span class="p">;</span> <span class="nl">flex-direction</span><span class="p">:</span> <span class="n">row</span><span class="p">;</span> <span class="p">}</span> <span class="nc">.break</span><span class="p">{</span> <span class="c">/* this is the line */</span> <span class="nl">margin-left</span><span class="p">:</span> <span class="m">40px</span><span class="p">;</span> <span class="nl">background-color</span><span class="p">:</span> <span class="no">cadetblue</span><span class="p">;</span> <span class="nl">width</span><span class="p">:</span> <span class="m">2px</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Let’s also render the <code>post</code> data in our <code>&lt;App/&gt;</code> component and render the replies.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight css"><code><span class="nt">function</span> <span class="nt">App</span><span class="o">()</span> <span class="p">{</span> <span class="err">return</span> <span class="err">(</span> <span class="err">&lt;div</span> <span class="err">className="App"&gt;</span> <span class="err">&lt;h1&gt;{data[0].post.title</span><span class="p">}</span><span class="o">&lt;/</span><span class="nt">h1</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nt">p</span><span class="o">&gt;</span><span class="nt">By</span><span class="o">:</span> <span class="p">{</span><span class="err">data[0].post.author</span><span class="p">}</span><span class="o">&lt;/</span><span class="nt">p</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="nt">p</span><span class="o">&gt;</span><span class="p">{</span><span class="err">data[0].post.text</span><span class="p">}</span><span class="o">&lt;/</span><span class="nt">p</span><span class="o">&gt;</span> <span class="p">{</span><span class="err">data[0].post.reply</span> <span class="err">?</span> <span class="err">data[0].post.reply.map((reply)</span> <span class="err">=&gt;</span> <span class="err">&lt;Reply</span> <span class="err">reply={reply</span><span class="p">}</span><span class="o">&gt;&lt;/</span><span class="nt">Reply</span><span class="o">&gt;)</span> <span class="o">:</span> <span class="nt">null</span><span class="err">}</span> <span class="p">{</span><span class="c">/* we are mapping through the direct replies to the post */</span><span class="p">}</span> <span class="o">&lt;/</span><span class="nt">div</span><span class="o">&gt;</span> <span class="o">);</span> <span class="err">}</span> </code></pre> </div> <p>And finally our DOM will look like: </p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F87brtwfm7c0od6ffyov5.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F87brtwfm7c0od6ffyov5.png" alt="Image description" width="800" height="484"></a></p> <p>It’s as simple as that. This will work for indefinite amount of nested data without a problem.</p> react algorithms webdev javascript Mohammad Hossain Fri, 04 Nov 2022 15:42:30 +0000 https://forem.com/mohhossain/a-complete-guide-to-rails-authentication-using-jwt-403p https://forem.com/mohhossain/a-complete-guide-to-rails-authentication-using-jwt-403p <h1> Rails JWT authentication </h1> <p>A JSON web token(JWT) is a JSON Object that is used to securely transfer information between two parties. JWT is widely used for securely authenticate and authorize user from the client in a REST API. In this post, I will go over step by step how to implement authentication using JWT in a rails API. </p> <h3> The gems we need: </h3> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code> <span class="nx">gem</span> <span class="dl">'</span><span class="s1">bcrypt</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">~&gt; 3.1</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">&gt;= 3.1.12’ gem </span><span class="dl">'</span><span class="nx">jwt</span><span class="dl">'</span><span class="s1">, </span><span class="dl">'</span><span class="o">~&gt;</span> <span class="mf">2.5</span><span class="err">’</span> <span class="nx">gem</span> <span class="dl">'</span><span class="s1">rack-cors</span><span class="dl">'</span> <span class="nx">gem</span> <span class="dl">'</span><span class="s1">active_model_serializers</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">~&gt; 0.10.12’ </span></code></pre> </div> <p>After adding the gemfile run <code>bundle install</code> </p> <h3> Create the routes </h3> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code> <span class="n">post</span> <span class="s2">"/users"</span><span class="p">,</span> <span class="ss">to: </span><span class="s2">"users#create"</span> <span class="n">get</span> <span class="s2">"/me"</span><span class="p">,</span> <span class="ss">to: </span><span class="s2">"users#me"</span> <span class="n">post</span> <span class="s2">"/auth/login"</span><span class="p">,</span> <span class="ss">to: </span><span class="s2">"auth#login"</span> </code></pre> </div> <p>We will sign up new users making a POST request to /users. An existing user can log in by making a post request to “/auth/login” and a user can access user data by making a GET request to “/me”. We need 3 routes to the least, more routes can be added later as we go. </p> <h3> Add CORS </h3> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code> <span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">config</span><span class="p">.</span><span class="nf">middleware</span><span class="p">.</span><span class="nf">insert_before</span> <span class="mi">0</span><span class="p">,</span> <span class="no">Rack</span><span class="o">::</span><span class="no">Cors</span> <span class="k">do</span> <span class="n">allow</span> <span class="k">do</span> <span class="n">origins</span> <span class="s1">'*'</span> <span class="n">resource</span> <span class="s1">'*'</span><span class="p">,</span> <span class="ss">headers: :any</span><span class="p">,</span> <span class="ss">methods: </span><span class="p">[</span><span class="ss">:get</span><span class="p">,</span> <span class="ss">:post</span><span class="p">,</span> <span class="ss">:put</span><span class="p">,</span> <span class="ss">:patch</span><span class="p">,</span> <span class="ss">:delete</span><span class="p">,</span> <span class="ss">:options</span><span class="p">,</span> <span class="ss">:head</span><span class="p">]</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Cross-Origin Resource Sharing (CORS) is a middleware that will accept requests to the API from only one client URL. The client URL that we want to allow to make a request will go into the <code>origins</code>. We set * origins, for now, that will allow anyone to make requests to our API for now. </p> <h3> Create the user model: </h3> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code> <span class="n">rails</span> <span class="n">g</span> <span class="n">model</span> <span class="n">user</span> <span class="n">username</span> <span class="n">password_digest</span> <span class="n">bio</span> <span class="o">--</span><span class="n">no</span><span class="o">-</span><span class="nb">test</span><span class="o">-</span><span class="n">framework</span> </code></pre> </div> <p>Add the <code>has_secure_password</code> macro in the user model and validation for the username: </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code> <span class="k">class</span> <span class="nc">User</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="n">has_secure_password</span> <span class="n">validates</span> <span class="ss">:username</span><span class="p">,</span> <span class="ss">uniqueness: </span><span class="kp">true</span> <span class="k">end</span> </code></pre> </div> <p><code>has_secure_password</code> is a bcrypt method that encrypts the password for each user. For this method to work we add <code>password_digest</code> field to our database table. However, when we make a post request to our server we send <code>password</code>. Bcrypt handles the rest for us. </p> <p>Example request: </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code> <span class="n">fetch</span><span class="p">(</span><span class="s1">'URL/auth/login'</span><span class="p">,{</span> <span class="ss">method: </span><span class="no">POST</span><span class="p">,</span> <span class="ss">headers: </span><span class="p">{</span> <span class="s1">'Content-type'</span><span class="p">:</span> <span class="s1">'application/json'</span> <span class="p">},</span> <span class="ss">body: </span><span class="p">{</span> <span class="ss">username: </span><span class="s1">'randomUserName'</span><span class="p">,</span> <span class="ss">password: </span><span class="s1">'ask^dsk34'</span> <span class="p">})</span> </code></pre> </div> <h2> Adding JWT to our API </h2> <p><strong>JSON Web Tokens are an open, industry-standard RFC 7519 method for representing claims securely between two parties.</strong> A JWT token looks like this: <code>eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c</code> </p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F98cw53jjoju4gu5p0nze.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F98cw53jjoju4gu5p0nze.png" alt="Image description"></a></p> <p>Source - <a href="https://jwt.io/" rel="noopener noreferrer">JWT.io</a></p> <p>It has three parts. The first part is the header that contain the algorithm and token type. The second part is the payload, the data we want to store in the token. The third part is the signature, which contains the <em>secret key</em>. We are going to generate JWT tokens from the application_controller.rb</p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code> <span class="k">class</span> <span class="nc">ApplicationController</span> <span class="o">&lt;</span> <span class="no">ActionController</span><span class="o">::</span><span class="no">API</span> <span class="k">def</span> <span class="nf">encode_token</span><span class="p">(</span><span class="n">payload</span><span class="p">)</span> <span class="no">JWT</span><span class="p">.</span><span class="nf">encode</span><span class="p">(</span><span class="n">payload</span><span class="p">,</span> <span class="s1">'hellomars1211'</span><span class="p">)</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">decoded_token</span> <span class="n">header</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="nf">headers</span><span class="p">[</span><span class="s1">'Authorization'</span><span class="p">]</span> <span class="k">if</span> <span class="n">header</span> <span class="n">token</span> <span class="o">=</span> <span class="n">header</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="s2">" "</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span> <span class="k">begin</span> <span class="no">JWT</span><span class="p">.</span><span class="nf">decode</span><span class="p">(</span><span class="n">token</span><span class="p">,</span> <span class="s1">'hellomars1211'</span><span class="p">)</span> <span class="k">rescue</span> <span class="no">JWT</span><span class="o">::</span><span class="no">DecodeError</span> <span class="kp">nil</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>The <code>encode_token</code> method takes the payload as an argument. We will pass the user id as a payload. Then we call the <code>JWT.encode(payload, 'hellomars1211')</code> method to encode our token. Our payload will be the user id which then we can use to find the correct user. Notice that we pass a string: <code>'hellomars1211'</code>, along with the payload as an argument, which will be our secret key, that we’ll also use to decode our token. A secret key can be any combination of chars, symbols, numbers, etc. We will call the <code>decoded_token</code> method to decode a JWT token. </p> <p>Whenever we make a request to a protected route or resource we pass the JWT token along with our data in the request, in the Authorization header using the Bearer schema. An example request: </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code> <span class="n">fetch</span><span class="p">(</span><span class="s2">"URL/me"</span><span class="p">,</span> <span class="p">{</span> <span class="ss">method: </span><span class="s2">"GET"</span><span class="p">,</span> <span class="ss">headers: </span><span class="p">{</span> <span class="no">Authorization</span><span class="p">:</span> <span class="sb">`Bearer &lt;token&gt;`</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0qrlfnflir3f2glr991f.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0qrlfnflir3f2glr991f.png" alt="Image description"></a></p> <p>We access the token from the header and decode the token using <code>JWT.decode(token, 'hellomars1211', true, algorithm: 'HS256')</code> method, we also need to pass the secret key in order to decode the token. </p> <p>We can now access the <code>user.id</code> from the decoded token. We will create a method <code>current_user</code> that takes the user id from the decoded token and find the user using the same user id. This will give us the user that is currently logged in. We will create another method <code>authorized</code> to check if we have a current_user that is logged in. </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code> <span class="k">def</span> <span class="nf">current_user</span> <span class="k">if</span> <span class="n">decoded_token</span> <span class="n">user_id</span> <span class="o">=</span> <span class="n">decoded_token</span><span class="p">[</span><span class="mi">0</span><span class="p">][</span><span class="s1">'user_id'</span><span class="p">]</span> <span class="vi">@user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">id: </span><span class="n">user_id</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">authorized</span> <span class="k">unless</span> <span class="o">!!</span><span class="n">current_user</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">message: </span><span class="s1">'Please log in'</span> <span class="p">},</span> <span class="ss">status: :unauthorized</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Finally we will add a <code>before_action</code> rule to the controller that will call the <code>authorized</code> method before doing anything and check if the user is logged in. For any unauthorized request we will render a message: <code>Please log in</code>. This is what our application_controller will look like: </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code> <span class="o">*</span><span class="n">app</span><span class="o">/</span><span class="n">controllers</span><span class="o">/</span><span class="n">application_controller</span><span class="p">.</span><span class="nf">rb</span><span class="o">*</span> <span class="k">class</span> <span class="nc">ApplicationController</span> <span class="o">&lt;</span> <span class="no">ActionController</span><span class="o">::</span><span class="no">API</span> <span class="n">before_action</span> <span class="ss">:authorized</span> <span class="k">def</span> <span class="nf">encode_token</span><span class="p">(</span><span class="n">payload</span><span class="p">)</span> <span class="no">JWT</span><span class="p">.</span><span class="nf">encode</span><span class="p">(</span><span class="n">payload</span><span class="p">,</span> <span class="s1">'hellomars1211'</span><span class="p">)</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">decoded_token</span> <span class="n">header</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="nf">headers</span><span class="p">[</span><span class="s1">'Authorization'</span><span class="p">]</span> <span class="k">if</span> <span class="n">header</span> <span class="n">token</span> <span class="o">=</span> <span class="n">header</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="s2">" "</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span> <span class="k">begin</span> <span class="no">JWT</span><span class="p">.</span><span class="nf">decode</span><span class="p">(</span><span class="n">token</span><span class="p">,</span> <span class="s1">'hellomars1211'</span><span class="p">,</span> <span class="kp">true</span><span class="p">,</span> <span class="ss">algorithm: </span><span class="s1">'HS256'</span><span class="p">)</span> <span class="k">rescue</span> <span class="no">JWT</span><span class="o">::</span><span class="no">DecodeError</span> <span class="kp">nil</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">current_user</span> <span class="k">if</span> <span class="n">decoded_token</span> <span class="n">user_id</span> <span class="o">=</span> <span class="n">decoded_token</span><span class="p">[</span><span class="mi">0</span><span class="p">][</span><span class="s1">'user_id'</span><span class="p">]</span> <span class="vi">@user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">id: </span><span class="n">user_id</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">authorized</span> <span class="k">unless</span> <span class="o">!!</span><span class="n">current_user</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">message: </span><span class="s1">'Please log in'</span> <span class="p">},</span> <span class="ss">status: :unauthorized</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h3> Create the users_controller </h3> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code> <span class="n">rails</span> <span class="n">g</span> <span class="n">controller</span> <span class="n">users</span> </code></pre> </div> <p>In the user controller, we will create an action for creating or signing up a new user. We will also create a token if a user signs up with valid data and send the token along with the response, this will make the user to be logged in right away when they sign up for our app. We will handle the sign up function in the create method inside the users_controller.rb. </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code> <span class="k">class</span> <span class="nc">UsersController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">rescue_from</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">RecordInvalid</span><span class="p">,</span> <span class="ss">with: :handle_invalid_record</span> <span class="k">def</span> <span class="nf">create</span> <span class="n">user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">create!</span><span class="p">(</span><span class="n">user_params</span><span class="p">)</span> <span class="vi">@token</span> <span class="o">=</span> <span class="n">encode_token</span><span class="p">(</span><span class="ss">user_id: </span><span class="n">user</span><span class="p">.</span><span class="nf">id</span><span class="p">)</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">user: </span><span class="no">UserSerializer</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="n">user</span><span class="p">),</span> <span class="ss">token: </span><span class="vi">@token</span> <span class="p">},</span> <span class="ss">status: :created</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">user_params</span> <span class="n">params</span><span class="p">.</span><span class="nf">permit</span><span class="p">(</span><span class="ss">:username</span><span class="p">,</span> <span class="ss">:password</span><span class="p">,</span> <span class="ss">:bio</span><span class="p">)</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">handle_invalid_record</span><span class="p">(</span><span class="n">e</span><span class="p">)</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">errors: </span><span class="n">e</span><span class="p">.</span><span class="nf">record</span><span class="p">.</span><span class="nf">errors</span><span class="p">.</span><span class="nf">full_messages</span> <span class="p">},</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>We serialized our data to only return the user id, username, and bio. It wouldn’t make sense for us to return the password to the client and also the password is encrypted in our database. </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code> <span class="k">class</span> <span class="nc">UserSerializer</span> <span class="o">&lt;</span> <span class="no">ActiveModel</span><span class="o">::</span><span class="no">Serializer</span> <span class="n">attributes</span> <span class="ss">:id</span><span class="p">,</span> <span class="ss">:username</span><span class="p">,</span> <span class="ss">:bio</span> <span class="k">end</span> </code></pre> </div> <p>Now, remember when we added the <code>before_action</code> rule to the application_controller? That will prevent us creating a new user if we are logged in. But that doesn’t make any sense. How can we log in when we didn’t even sign up yet or how can we log in when we can’t create a new user at all? Well, in order for us to bypass authorization we will add a <code>skip_before_action</code> to the user controller and make exception for only the <code>create</code> method. This will allow us to skip the authorization if we want to sign up a new user. </p> <p>Also, we will create method <code>me</code> to get the profile of the user that will return the <code>current_user</code> that we set in the application_controller. </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code> <span class="o">*</span><span class="n">app</span><span class="o">/</span><span class="n">controllers</span><span class="o">/</span><span class="n">users_controller</span><span class="p">.</span><span class="nf">rb</span><span class="o">*</span> <span class="k">class</span> <span class="nc">UsersController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">skip_before_action</span> <span class="ss">:authorized</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:create</span><span class="p">]</span> <span class="n">rescue_from</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">RecordInvalid</span><span class="p">,</span> <span class="ss">with: :handle_invalid_record</span> <span class="k">def</span> <span class="nf">create</span> <span class="n">user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">create!</span><span class="p">(</span><span class="n">user_params</span><span class="p">)</span> <span class="vi">@token</span> <span class="o">=</span> <span class="n">encode_token</span><span class="p">(</span><span class="ss">user_id: </span><span class="n">user</span><span class="p">.</span><span class="nf">id</span><span class="p">)</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">user: </span><span class="no">UserSerializer</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="n">user</span><span class="p">),</span> <span class="ss">token: </span><span class="vi">@token</span> <span class="p">},</span> <span class="ss">status: :created</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">me</span> <span class="n">render</span> <span class="ss">json: </span><span class="n">current_user</span><span class="p">,</span> <span class="ss">status: :ok</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">user_params</span> <span class="n">params</span><span class="p">.</span><span class="nf">permit</span><span class="p">(</span><span class="ss">:username</span><span class="p">,</span> <span class="ss">:password</span><span class="p">,</span> <span class="ss">:bio</span><span class="p">)</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">handle_invalid_record</span><span class="p">(</span><span class="n">e</span><span class="p">)</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">errors: </span><span class="n">e</span><span class="p">.</span><span class="nf">record</span><span class="p">.</span><span class="nf">errors</span><span class="p">.</span><span class="nf">full_messages</span> <span class="p">},</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Our sign-up is ready. Let’s try making some request it in the postman: </p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvml4gdejke9wadg18cec.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvml4gdejke9wadg18cec.png" alt="Image description"></a></p> <p>Let’s gooooooooooo!! Oh, wait! What else are we missing? The most important part of the auth: the <strong>LOGIN</strong>! </p> <p>To implement login we will create a new controller and we will call it auth_controller. </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code> <span class="n">rails</span> <span class="n">g</span> <span class="n">controller</span> <span class="n">auth</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code> <span class="o">*</span><span class="n">app</span><span class="o">/</span><span class="n">controllers</span><span class="o">/</span><span class="n">auth_controller</span><span class="p">.</span><span class="nf">rb</span><span class="o">*</span> <span class="k">class</span> <span class="nc">AuthController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">skip_before_action</span> <span class="ss">:authorized</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:login</span><span class="p">]</span> <span class="n">rescue_from</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">RecordNotFound</span><span class="p">,</span> <span class="ss">with: :handle_record_not_found</span> <span class="k">def</span> <span class="nf">login</span> <span class="vi">@user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">find_by!</span><span class="p">(</span><span class="ss">username: </span><span class="n">login_params</span><span class="p">[</span><span class="ss">:username</span><span class="p">])</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">authenticate</span><span class="p">(</span><span class="n">login_params</span><span class="p">[</span><span class="ss">:password</span><span class="p">])</span> <span class="vi">@token</span> <span class="o">=</span> <span class="n">encode_token</span><span class="p">(</span><span class="ss">user_id: </span><span class="vi">@user</span><span class="p">.</span><span class="nf">id</span><span class="p">)</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">user: </span><span class="no">UserSerializer</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="vi">@user</span><span class="p">),</span> <span class="ss">token: </span><span class="vi">@token</span> <span class="p">},</span> <span class="ss">status: :accepted</span> <span class="k">else</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span><span class="ss">message: </span><span class="s1">'Incorrect password'</span><span class="p">},</span> <span class="ss">status: :unauthorized</span> <span class="k">end</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">login_params</span> <span class="n">params</span><span class="p">.</span><span class="nf">permit</span><span class="p">(</span><span class="ss">:username</span><span class="p">,</span> <span class="ss">:password</span><span class="p">)</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">handle_record_not_found</span><span class="p">(</span><span class="n">e</span><span class="p">)</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">message: </span><span class="s2">"User doesn't exist"</span> <span class="p">},</span> <span class="ss">status: :unauthorized</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>In the <code>login</code> method we are first finding the user with the username, if the user is not found we return an error message: <code>"User doesn't exist"</code>. After we find the user we authenticate the user with the password using bcrypt’s authenticate method. Once the authentication is complete we create a token for the user and return the user along with token. In case the authentication is failed we return an error message: <code>'Incorrect password'</code>. We also added the <code>skip_before_action :authorized, only: [:login]</code> here just like for the create method in the users controller. </p> <p>Let’s make some calls in postman: </p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkavg7ib9u5kx1a914dqi.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkavg7ib9u5kx1a914dqi.png" alt="Image description"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpppzpi2be570gkce1cox.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpppzpi2be570gkce1cox.png" alt="Image description"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F23mu68nzg2ychrui99mm.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F23mu68nzg2ychrui99mm.png" alt="Image description"></a></p> <p><strong>Our auth is complete.</strong> </p> <p>User authentication is 3 fold. At first we validate the data, then we authenticate the user with correct username, and password, and finally we authorize the user. </p> <h3> Validation—————&gt;Authentication————&gt;Authorization </h3> <p>We cannot build a logout function if we authenticate using JWT. The JWT library doesn’t come with a destroy method for the token. So, how can we log out? That has to be handled in the client. If we have a react client, we can store the token when we login in the localStorage and remove it from the localStorage if we want to log out. </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code> <span class="n">fetch</span><span class="p">(</span><span class="s2">"http://localhost:3000/auth/login/"</span><span class="p">,</span> <span class="p">{</span> <span class="ss">method: </span><span class="s2">"POST"</span><span class="p">,</span> <span class="ss">headers: </span><span class="p">{</span> <span class="s2">"Content-type"</span><span class="p">:</span> <span class="s2">"application/json"</span><span class="p">,</span> <span class="p">},</span> <span class="ss">body: </span><span class="no">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="ss">username: </span><span class="n">username</span><span class="p">,</span> <span class="ss">password: </span><span class="n">password</span><span class="p">,</span> <span class="p">}),</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">((</span><span class="n">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="n">res</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="p">.</span><span class="nf">then</span><span class="p">((</span><span class="n">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="n">localStorage</span><span class="p">.</span><span class="nf">setItem</span><span class="p">(</span><span class="s2">"jwt"</span><span class="p">,</span> <span class="n">data</span><span class="p">.</span><span class="nf">jwt</span><span class="p">);</span> <span class="p">})</span> </code></pre> </div> <p>And we simply remove the jwt token from the localStorage to logout: </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code> <span class="n">localStorage</span><span class="p">.</span><span class="nf">removeItem</span><span class="p">(</span><span class="s2">"jwt"</span><span class="p">)</span> </code></pre> </div>