Add secure OAuth2-based mobile authentication

- Replace API keys with OAuth2 tokens for mobile apps - Add device tracking and management for mobile sessions - Implement 30-day token expiration with refresh tokens - Add MFA/2FA support for mobile login - Create dedicated auth endpoints (signup/login/refresh) - Skip CSRF protection for API endpoints - Return plaintext tokens (not hashed) in responses - Track devices with unique IDs and metadata - Enable seamless native mobile experience without OAuth redirects This provides enterprise-grade security for the iOS/Android apps while maintaining a completely native authentication flow. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-05 13:35:21 +02:00 · 2025-06-18 08:20:22 -05:00 · 2025-06-18 08:20:22 -05:00 · 9336719242
commit 9336719242
parent cba0bdf0e2
15 changed files with 761 additions and 6 deletions
--- a/db/migrate/20250618104425_add_source_to_api_keys.rb
+++ b/db/migrate/20250618104425_add_source_to_api_keys.rb
@ -0,0 +1,6 @@
+class AddSourceToApiKeys < ActiveRecord::Migration[7.2]
+  def change
+    add_column :api_keys, :source, :string, default: "web"
+    add_index :api_keys, [:user_id, :source]
+  end
+end
--- a/db/migrate/20250618110104_create_mobile_devices.rb
+++ b/db/migrate/20250618110104_create_mobile_devices.rb
@ -0,0 +1,17 @@
+class CreateMobileDevices < ActiveRecord::Migration[7.2]
+  def change
+    create_table :mobile_devices, id: :uuid do |t|
+      t.references :user, null: false, foreign_key: true, type: :uuid
+      t.string :device_id
+      t.string :device_name
+      t.string :device_type
+      t.string :os_version
+      t.string :app_version
+      t.datetime :last_seen_at
+
+      t.timestamps
+    end
+    add_index :mobile_devices, :device_id, unique: true
+    add_index :mobile_devices, [:user_id, :device_id], unique: true
+  end
+end
--- a/db/migrate/20250618110736_add_owner_to_oauth_applications.rb
+++ b/db/migrate/20250618110736_add_owner_to_oauth_applications.rb
@ -0,0 +1,7 @@
+class AddOwnerToOauthApplications < ActiveRecord::Migration[7.2]
+  def change
+    add_column :oauth_applications, :owner_id, :uuid
+    add_column :oauth_applications, :owner_type, :string
+    add_index :oauth_applications, [:owner_id, :owner_type]
+  end
+end
--- a/db/migrate/20250618120703_add_oauth_application_to_mobile_devices.rb
+++ b/db/migrate/20250618120703_add_oauth_application_to_mobile_devices.rb
@ -0,0 +1,6 @@
+class AddOauthApplicationToMobileDevices < ActiveRecord::Migration[7.2]
+  def change
+    add_column :mobile_devices, :oauth_application_id, :integer
+    add_index :mobile_devices, :oauth_application_id
+  end
+end