Add basic API

app/assets/stylesheets/access-tokens.css

@@ -0,0 +1,19 @@
+.access_tokens_table {
+  border-collapse: collapse;
+  inline-size: 100%;
+
+  td, th {
+    border-block-end: 1px solid var(--color-ink-light);
+    padding-inline: var(--inline-space);
+    text-align: start;
+  }
+
+  th {
+    font-size: var(--text-x-small);
+    text-transform: uppercase;
+  }
+
+  tr:nth-of-type(even) {
+    background-color: var(--color-ink-lightest);
+  }
+}

app/controllers/boards_controller.rb

@@ -1,9 +1,13 @@
 class BoardsController < ApplicationController
   include FilterScoped
 
-  before_action :set_board, except: %i[ new create ]
+  before_action :set_board, except: %i[ index new create ]
   before_action :ensure_permission_to_admin_board, only: %i[ update ]
 
+  def index
+    @boards = Current.user.boards
+  end
+
   def show
     if @filter.used?(ignore_boards: true)
       show_filtered_cards

app/controllers/concerns/authentication.rb

@@ -32,7 +32,7 @@ def disallow_account_scope(**options)
 
   private
     def authenticated?
-      Current.session.present?
+      Current.identity.present?
     end
 
     def require_account
@@ -42,7 +42,7 @@ def require_account
     end
 
     def require_authentication
-      resume_session || request_authentication
+      resume_session || authenticate_by_bearer_token || request_authentication
     end
 
     def resume_session
@@ -55,6 +55,18 @@ def find_session_by_cookie
       Session.find_signed(cookies.signed[:session_token])
     end
 
+    def authenticate_by_bearer_token
+      authorization_scheme, bearer_token = request.authorization.to_s.split(" ", 2)
+
+      if authorization_scheme == "Bearer" && bearer_token.present?
+        if access_token = Identity::AccessToken.find_by(token: bearer_token)
+          Current.identity = access_token.identity
+        else
+          head :unauthorized
+        end
+      end
+    end
+
     def request_authentication
       if Current.account.present?
         session[:return_to_after_authenticating] = request.url

app/controllers/users/access_tokens_controller.rb

@@ -0,0 +1,35 @@
+class Users::AccessTokensController < ApplicationController
+  before_action :set_user
+  before_action :set_access_token, except: %i[ index new create ]
+
+  def index
+    set_page_and_extract_portion_from @user.identity.access_tokens.order(created_at: :desc)
+  end
+
+  def new
+    @access_token = @user.identity.access_tokens.new
+  end
+
+  def create
+    @access_token = @user.identity.access_tokens.create!(access_token_params)
+    redirect_to user_access_tokens_path(@user)
+  end
+
+  def destroy
+    @access_token.destroy!
+    redirect_to user_access_tokens_path(@user)
+  end
+
+  private
+    def set_user
+      @user = Current.account.users.active.find(params[:user_id])
+    end
+
+    def set_access_token
+      @access_token = @user.identity.access_tokens.find(params[:id])
+    end
+
+    def access_token_params
+      params.expect(access_token: [ :description, :permission ])
+    end
+end

app/helpers/users_helper.rb

@@ -5,4 +5,8 @@ def role_display_name(user)
     else user.role.titleize
     end
   end
+
+  def access_token_permission_options
+    Identity::AccessToken.permissions.keys.map { [ it.humanize, it ] }
+  end
 end

app/models/current.rb

@@ -1,5 +1,5 @@
 class Current < ActiveSupport::CurrentAttributes
-  attribute :session, :user, :account
+  attribute :session, :user, :identity, :account
   attribute :http_method, :request_id, :user_agent, :ip_address, :referrer
 
   delegate :identity, to: :session, allow_nil: true
@@ -8,6 +8,14 @@ def session=(value)
     super(value)
 
     if value.present? && account.present?
+      self.identity = session.identity
+    end
+  end
+
+  def identity=(identity)
+    super(identity)
+
+    if identity.present?
       self.user = identity.users.find_by(account: account)
     end
   end

app/models/identity.rb

@@ -1,6 +1,7 @@
 class Identity < ApplicationRecord
   include Joinable, Transferable
 
+  has_many :access_tokens, dependent: :destroy
   has_many :magic_links, dependent: :destroy
   has_many :sessions, dependent: :destroy
   has_many :users, dependent: :nullify

app/models/identity/access_token.rb

@@ -0,0 +1,6 @@
+class Identity::AccessToken < ApplicationRecord
+  belongs_to :identity
+
+  has_secure_token
+  enum :permission, %w[ read write ].index_by(&:itself), default: :read
+end

app/views/boards/_board.json.jbuilder

@@ -1,6 +1,7 @@
 json.cache! board do
   json.(board, :id, :name, :all_access)
   json.created_at board.created_at.utc
+  json.url board_url(board)
 
   json.creator do
     json.partial! "users/user", user: board.creator

app/views/boards/index.json.jbuilder

@@ -0,0 +1 @@
+json.array! @boards, partial: "boards/board", as: :board

app/views/boards/show.json.jbuilder

@@ -0,0 +1 @@
+json.partial! "boards/board", board: @board

app/views/cards/index.json.jbuilder

@@ -0,0 +1,3 @@
+json.array! @page.records, partial: "cards/card", as: :card
+
+json.next_page_url cards_path(@board, page: @page.next_param) unless @page.last?

app/views/users/_developer.html.erb

@@ -0,0 +1,9 @@
+<div class="flex flex-column align-center gap margin-block-start-double">
+  <header class="full-width">
+    <h2 class="divider txt-large margin-none-block">Developer</h2>
+  </header>
+
+  <div class="flex align-center gap txt-normal">
+    <%= link_to "Personal access tokens", user_access_tokens_path(user), class: "btn" %>
+  </div>
+</div>

app/views/users/_transfer.html.erb

@@ -1,13 +1,13 @@
-<div class="flex flex-column align-center gap txt-medium--responsive txt-medium">
+<div class="flex flex-column align-center gap">
   <% url = session_transfer_url(user.identity.transfer_id, script_name: nil) %>
 
+  <header class="full-width">
+    <h2 class="divider txt-large">Link a device</h2>
+    <p class="margin-none-block" id="session_transfer_label">Use this link to sign-in on another device</p>
+  </header>
+
   <label class="flex flex-column gap full-width">
-    <div class="flex align-center gap justify-center">
-      <strong id="session_transfer_label" class="txt-medium">Link to automatically log in on another device</strong>
-    </div>
-    <span class="flex align-center gap margin-inline">
-      <input type="text" class="input fill-white" id="session_transfer_url" value="<%= url %>" aria-labelledby="session_transfer_label" readonly>
-    </span>
+    <input type="text" class="input fill-white" id="session_transfer_url" value="<%= url %>" aria-labelledby="session_transfer_label" readonly>
   </label>
 
   <div class="flex align-center gap">
@@ -34,4 +34,4 @@
       <span class="for-screen-reader">Copy auto-login link</span>
     <% end %>
   </div>
-</div>
+</div>

app/views/users/access_tokens/_access_token.html.erb

@@ -0,0 +1,13 @@
+<tr>
+  <td><strong><%= access_token.description %></strong></td>
+  <td><%= access_token.permission.humanize %></td>
+  <td><%= local_datetime_tag access_token.created_at, style: :datetime %></td>
+  <td>
+    <%= button_to user_access_token_path(@user, access_token), method: :delete,
+          class: "btn txt-negative btn--circle txt-x-small borderless fill-transparent",
+          data: { turbo_confirm: "Are you sure you want to permanently revoke this access token?" } do %>
+      <%= icon_tag "trash" %>
+      <span class="for-screen-reader">Edit this token</span>
+    <% end %>
+  </td>
+</tr>

app/views/users/access_tokens/index.html.erb

@@ -0,0 +1,37 @@
+<% @page_title = "Personal access tokens" %>
+
+<% content_for :header do %>
+  <div class="header__actions header__actions--start">
+    <%= back_link_to "My profile", user_path(@user), "keydown.left@document->hotkey#click keydown.esc@document->hotkey#click" %>
+  </div>
+
+  <h1 class="header__title"><%= @page_title %></h1>
+<% end %>
+
+<section class="panel panel--wide shadow center webhooks">
+  <% if @page.used? %>
+    <p class="margin-none-block-start">Tokens you have generated that can be used to access the Fizzy API.</p>
+    <table class="access_tokens_table margin-block-end-double max-width txt-small">
+      <thead>
+        <tr>
+          <th>Description</th>
+          <th>Permission</th>
+          <th>Created</th>
+          <th></th>
+        </tr>
+      </thead>
+      <tbody>
+        <%= with_automatic_pagination :access_tokens, @page do %>
+          <%= render partial: "users/access_tokens/access_token", collection: @page.records %>
+        <% end %>
+      </tbody>
+    </table>
+  <% else %>
+    <p class="margin-none-block-start">Personal access tokens can be used like a password to access the Fizzy developer API. You can have as many tokens as you need and revoke access to each one at any time.</p>
+  <% end %>
+
+  <%= link_to new_user_access_token_path(@user), class: "btn btn--link" do %>
+    <%= icon_tag "add" %>
+    <span>Generate a new access token</span>
+  <% end %>
+</section>

app/views/users/access_tokens/new.html.erb

@@ -0,0 +1,29 @@
+<% @page_title = "Generate a personal access token" %>
+
+<% content_for :header do %>
+  <div class="header__actions header__actions--start">
+    <%= back_link_to "tokens", user_access_tokens_path(@user), "keydown.left@document->hotkey#click keydown.esc@document->hotkey#click" %>
+  </div>
+
+  <h1 class="header__title"><%= @page_title %></h1>
+<% end %>
+
+<article class="panel panel--wide shadow center txt-align-start" style="view-transition-name: <%= dom_id(@access_token) %>">
+    <%= form_with model: @access_token, url: user_access_tokens_path(@user), scope: :access_token, data: { controller: "form" }, html: { class: "flex flex-column gap" } do |form| %>
+    <div class="flex flex-column gap-half">
+      <strong><%= form.label :description, "Access token description" %></strong>
+      <%= form.text_field :description, required: true, autofocus: true, class: "input", placeholder: "e.g. Github", data: { action: "keydown.esc@document->form#cancel" } %>
+    </div>
+
+    <div class="flex flex-column gap-half">
+      <strong><%= form.label :permission %></strong>
+      <%= form.select :permission, options_for_select(access_token_permission_options), {}, class: "input input--select" %>
+    </div>
+
+    <%= form.button type: :submit, class: "btn btn--link center txt-medium" do %>
+      <span>Generate access token</span>
+    <% end %>
+
+     <%= link_to "Cancel and go back", user_access_tokens_path(@user), data: { form_target: "cancel" }, hidden: true %>
+  <% end %>
+</article>

app/views/users/show.html.erb

@@ -28,20 +28,21 @@
 
       <div class="flex-inline center justify-center flex-wrap gap">
         <%= link_to "Which cards are assigned to #{me_or_you}?",
-              cards_path(assignee_ids: [ @user.id ], sorted_by: "newest"), class: "btn", data: { turbo_frame: "_top" } %>
+              cards_path(assignee_ids: [ @user.id ], sorted_by: "newest"), class: "btn btn--link", data: { turbo_frame: "_top" } %>
         <%= link_to "Which cards were added by #{me_or_you}?",
-              cards_path(creator_ids: [ @user.id ], sorted_by: "newest"), class: "btn", data: { turbo_frame: "_top" } %>
+              cards_path(creator_ids: [ @user.id ], sorted_by: "newest"), class: "btn btn--link", data: { turbo_frame: "_top" } %>
       </div>
     </div>
   </section>
 
   <% if Current.user == @user %>
     <section class="panel shadow" style="--panel-size: 45ch;">
       <%= render "users/transfer", user: @user %>
+      <%= render "users/developer", user: @user %>
 
       <div class="center margin-block-start-double">
         <%= button_to session_url(script_name: nil), method: :delete, class: "btn btn--plain txt-link txt-small", data: { turbo: false } do %>
-        <span>Sign out</span>
+        <span>Sign out of Fizzy</span>
       <% end %>
       </div>
     </section>

config/routes.rb

@@ -15,6 +15,7 @@
       resource :events
 
       resources :push_subscriptions
+      resources :access_tokens
 
       resources :email_addresses, param: :token do
         resource :confirmation, module: :email_addresses

db/cable_schema.rb

@@ -10,14 +10,5 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[8.2].define(version: 1) do
-  create_table "solid_cable_messages", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
-    t.binary "channel", limit: 1024, null: false
-    t.bigint "channel_hash", null: false
-    t.datetime "created_at", null: false
-    t.binary "payload", size: :long, null: false
-    t.index ["channel"], name: "index_solid_cable_messages_on_channel"
-    t.index ["channel_hash"], name: "index_solid_cable_messages_on_channel_hash"
-    t.index ["created_at"], name: "index_solid_cable_messages_on_created_at"
-  end
+ActiveRecord::Schema[8.2].define(version: 0) do
 end

db/migrate/20251201132341_create_identity_access_tokens.rb

@@ -0,0 +1,14 @@
+class CreateIdentityAccessTokens < ActiveRecord::Migration[8.2]
+  def change
+    create_table :identity_access_tokens, id: :uuid do |t|
+      t.uuid :identity_id, null: false
+      t.string :token
+      t.string :permission
+      t.text :description
+
+      t.timestamps
+
+      t.index ["identity_id"], name: "index_access_token_on_identity_id"
+    end
+  end
+end