{"id":14955906,"url":"https://github.com/rakvium/blog","last_synced_at":"2025-10-06T08:32:29.931Z","repository":{"id":14100403,"uuid":"16804788","full_name":"rakvium/blog","owner":"rakvium","description":"The first app from the Ruby on Rails Tutorial","archived":false,"fork":false,"pushed_at":"2024-12-26T05:16:37.000Z","size":2977,"stargazers_count":1,"open_issues_count":8,"forks_count":10,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-01-14T11:48:04.674Z","etag":null,"topics":["hacktoberfest","rails-tutorial","ruby"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rakvium.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-02-13T14:11:58.000Z","updated_at":"2024-12-26T05:16:33.000Z","dependencies_parsed_at":"2023-10-11T08:30:27.849Z","dependency_job_id":"6f9f407c-d3bb-4033-ac98-01327585dc85","html_url":"https://github.com/rakvium/blog","commit_stats":{"total_commits":339,"total_committers":15,"mean_commits":22.6,"dds":"0.47492625368731567","last_synced_commit":"2ce715989d3053a097c00bdad476dc994eebf3c6"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rakvium%2Fblog","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rakvium%2Fblog/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rakvium%2Fblog/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rakvium%2Fblog/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rakvium","download_url":"https://codeload.github.com/rakvium/blog/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":235515427,"owners_count":19002481,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","rails-tutorial","ruby"],"created_at":"2024-09-24T13:11:58.945Z","updated_at":"2025-10-06T08:32:29.920Z","avatar_url":"https://github.com/rakvium.png","language":"HTML","readme":"# My first blog web-application using Ruby on Rails Tutorial\n\n[![#StandWithUkraine](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/badges/StandWithUkraine.svg)](https://stand-with-ukraine.pp.ua)\n\nLink: https://hello-blog.herokuapp.com/\n\nThanks to:\n[*Ruby on Rails Tutorial*](http://railstutorial.org/)\n [Michael Hartl](http://michaelhartl.com/).\n\n### API documentation\n\nGraphQL API documentation should be available at\n`/graphql-docs` relative path after executing next rake tasks:\n\n- ```rake graphql:dump_schema```\n- ```rake graphql:generate_docs```\n\nAlso, you are allowed to play with GraphiQL IDE in the development environment,\nwhich is mounted by default at `/graphiql`.\n\n### Authentication\n\nAuthentication is built using regular tokens saved in the separate authentication_tokens DB table.\nUnfortunately, JSON Web Tokens (JWT) are not suitable for us, because we want to give the user\nthe opportunity to invalidate their token, view and manage all of their sessions at any time.\nTokens themselves are saved using SHA256 hash function with random `salt`, which is set\nvia `SECRET_ENCRYPTOR_KEY_SALT` environment variable.\n\n#### Security side\n\nYou may notice, that tokens aren't securely compared and are probably vulnerable to timing attacks (`example: an attacker computes tons of hashes and stores them looking for a hash that starts with 0x00. Upon finding a plaintext with that value, they send that plaintext, they listen for timing on response. They do this for 255 more values until one value takes slightly longer. That's the first byte value of the hash created from the plaintext`), but...\n\nThis will almost certainly not matter because to carry out the attack, the attacker must submit tokens whose hash value they know. The hash value depends on the salt. Thus, unless the attacker somehow already knows the salt, carrying out this attack is not possible.\n\nThus, while there's indeed a possibility of such an attack, it's extremely infeasible and it's not our case. The computation requirements for such an attack are also enormous, and they keep growing exponentially with every bit discovered from the hash.\n\n#### Authentication usage example\n\n1. Call API to sign the user up:\n\n- ```curl -X POST -H \"Content-Type: application/json\" --data '{ \"query\": \"mutation { signUp(email: \\\"test@example.com\\\", password: \\\"12345678\\\", passwordConfirmation: \\\"12345678\\\") { user { id email } token }}\" }' localhost:3000/graphql```\n\n- Expected response:\n```{\"data\":{\"signUp\":{\"user\":{\"id\":\"14\",\"email\":\"test@example.com\"},\"token\":\"fPP4M97tEBnuHX3FK6K6jF32\"}}}```\n\n2. Save the token and next time include its value with `X_AUTH_TOKEN` header to call all protected endpoints:\n- ```curl -X POST -H \"Content-Type: application/json\" -H \"X_AUTH_TOKEN: fPP4M97tEBnuHX3FK6K6jF32\" --data '{ \"query\": \"{ me { id email }}\" }' localhost:3000/graphql```\n\n- Expected response (with X_AUTH_TOKEN header):\n```{\"data\":{\"me\":{\"id\":\"14\",\"email\":\"test@example.com\"}}}```\n\n- Expected response (without provided auth token):\n```{\"data\":{\"me\":null},\"errors\":[{\"message\":\"You need to authenticate to perform this action.\",\"locations\":[{\"line\":1,\"column\":3}],\"path\":[\"me\"]}]}```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frakvium%2Fblog","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frakvium%2Fblog","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frakvium%2Fblog/lists"}