AstraL/current_user.rb

## current_user.rb
def current_user
    headers = request.headers
    cookies[:jwt] = headers['X-Token'] if !cookies[:jwt] && headers['X-Token'].present?

    result = Cookies::Decode.({}, cookies: cookies)

    return unless result.success? && result[:decoded_jwt]

    @current_user ||= User.includes(:user_identities)
                          .find_by(auth_token: result[:decoded_jwt][:auth_token])
  end

## encode.rb
class Cookies::Encode < Trailblazer::Operation
  success :set_jwt_cookies

  def set_jwt_cookies(options, params:, **)
    jwt = ::JsonWebToken.encode(auth_token: params[:model].auth_token)

    params[:cookies][:jwt] = {
      value: jwt,
      expires: 30.days.from_now,
      httponly: true,
      same_site: env ? false : :none
    }

    options[:jwt] = jwt
  end

  private

  def env
    env = Rails.env
    env.test? || env.development?
  end
end

## session_create.rb
class Session::Create < Trailblazer::Base
  step :model
  failure :unauthorized!, fail_fast: true

  step :authenticate
  failure :unauthorized!, fail_fast: true

  success :set_cookies

  def model(options, params:, **)
    options[:model] = User.find_by('lower(email) = ?', params[:email].downcase)
  end

  def authenticate(options, params:, **)
    return true if Rails.env.development?

    options[:model].authenticate(params[:password])
  end

  def set_cookies(options, **)
    Cookies::Encode.(options)
  end

  # =======================================================

  def unauthorized!(options, *)
    add_error(
      options,
      I18n.t('session.errors.incorrect_password'),
      :unauthorized
    )
  end
end

## sessions_controller.rb
class Api::SessionsController < Api::ApiController
  after_action :set_frame_options

  def create
    @result = Session::Create.(create_params, cookies: cookies)

    result_success? do
      render 'sessions/create', status: 201
    end
  end

  def show
    @result = Session::Show.({}, current_user: current_user)

    result_success? do
      render 'users/user', status: 200
    end
  end

  def destroy
    @result = Session::Destroy.({}, current_user: current_user, cookies: cookies)

    result_success? do
      render json: {}, status: 204
    end
  end

  private

  def create_params
    params.require(:session).permit(:email, :password)
  end

  def set_frame_options
    response.headers['X-Frame-Options'] = 'ALLOWALL'
  end
end
	def current_user
	headers = request.headers
	cookies[:jwt] = headers['X-Token'] if !cookies[:jwt] && headers['X-Token'].present?

	result = Cookies::Decode.({}, cookies: cookies)

	return unless result.success? && result[:decoded_jwt]

	@current_user \|\|= User.includes(:user_identities)
	.find_by(auth_token: result[:decoded_jwt][:auth_token])
	end
	class Cookies::Encode < Trailblazer::Operation
	success :set_jwt_cookies

	def set_jwt_cookies(options, params:, **)
	jwt = ::JsonWebToken.encode(auth_token: params[:model].auth_token)

	params[:cookies][:jwt] = {
	value: jwt,
	expires: 30.days.from_now,
	httponly: true,
	same_site: env ? false : :none
	}

	options[:jwt] = jwt
	end

	private

	def env
	env = Rails.env
	env.test? \|\| env.development?
	end
	end
	class Session::Create < Trailblazer::Base
	step :model
	failure :unauthorized!, fail_fast: true

	step :authenticate
	failure :unauthorized!, fail_fast: true

	success :set_cookies

	def model(options, params:, **)
	options[:model] = User.find_by('lower(email) = ?', params[:email].downcase)
	end

	def authenticate(options, params:, **)
	return true if Rails.env.development?

	options[:model].authenticate(params[:password])
	end

	def set_cookies(options, **)
	Cookies::Encode.(options)
	end

	# =======================================================

	def unauthorized!(options, *)
	add_error(
	options,
	I18n.t('session.errors.incorrect_password'),
	:unauthorized
	)
	end
	end
	class Api::SessionsController < Api::ApiController
	after_action :set_frame_options

	def create
	@result = Session::Create.(create_params, cookies: cookies)

	result_success? do
	render 'sessions/create', status: 201
	end
	end

	def show
	@result = Session::Show.({}, current_user: current_user)

	result_success? do
	render 'users/user', status: 200
	end
	end

	def destroy
	@result = Session::Destroy.({}, current_user: current_user, cookies: cookies)

	result_success? do
	render json: {}, status: 204
	end
	end

	private

	def create_params
	params.require(:session).permit(:email, :password)
	end

	def set_frame_options
	response.headers['X-Frame-Options'] = 'ALLOWALL'
	end
	end