Header Token Auth

Dead simple token auth for phoenix\other plug-based frameworks. This plug consists of 2 other, very simple plugs: HeaderTokenAuth.TokenAuth (which loads user using supplied finder function) and HeaderTokenAuth.RequireCurrentUser (which halts the connection if no current_user is present).

Usage

Token should be set in Authorization header like so: Token <actual token>

To use it, simply declare a plug in your router.ex file:

    pipeline :api_auth do
      plug :accepts, ["json"]
      plug HeaderTokenAuth, finder: &MyApp.Users.find_by_auth_token/1
    end

It is also possible to use plugs separately (e.g. if you want to set current user, but it's not required):

    pipeline :api_auth do
      plug :accepts, ["json"]
      plug HeaderTokenAuth.TokenAuth, finder: &MyApp.Users.find_by_auth_token/1
    end

or just require current_user if you don't trust me or already implemented some user loading(this plug is just few lines of code, so you'd better write it yourself)

    pipeline :api_auth do
      plug :accepts, ["json"]
      plug HeaderTokenAuth.RequireCurrentUser
    end

Requirements

In order for this plug to work, you need to supply finder function. This function should be of arity 1 and will receive token from header. Anything that will be returned is set to conn.assigns[:current_user]. So don't return strings if user could not be found - second plug will halt connection only if conn.assigns[:current_user] is false or nil! As already mentioned, token should be set in Authorization header like so: Token <actual token>.