machina-auth

Rails engine that integrates product apps with the Machina Console identity service.

What It Provides

• Authentication middleware — extracts session tokens from cookies, headers, or params and resolves them against the Console
• Machina::Authorized — frozen value object with can?, cannot?, authorize!, and permission query methods
• Machina::Current — thread-safe current attributes (user, org, workspace, session)
• Machina::ControllerHelpers — require_authorized! and authorize! for controllers
• Machina::WorkspaceScoped — concern that filters ActiveRecord queries to the current workspace
• Webhook receiver — verifies HMAC signatures and invalidates cached sessions on permission/membership changes
• Permission sync — pushes a YAML manifest of permissions and policies to the Console on boot

Installation

Add to your Gemfile:

gem 'machina-auth', path: '../gems/auth'

Run the install generator:

bin/rails generate machina:install

Configuration

Machina.configure do |config|
  config.identity_service_url = "http://localhost:3100"
  config.service_token = ENV["MACHINA_SERVICE_TOKEN"]
  config.product_slug = "my-app"
  config.manifest = Rails.root.join("config/machina.yml")
end

Development

cd gems/auth
bundle install
bundle exec rspec       # 79 specs
bundle exec rubocop     # lint

Tests use a dummy Rails app in spec/dummy/ with an in-memory SQLite database.

Dependencies

• rails ~> 8.0.4
• faraday (HTTP client for Console API calls)