clerk-sdk-ruby 2.0.4 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/Gemfile.lock +4 -4
- data/README.md +11 -6
- data/lib/clerk/authenticatable.rb +2 -2
- data/lib/clerk/rack_middleware_v2.rb +87 -68
- data/lib/clerk/resources/users.rb +1 -1
- data/lib/clerk/sdk.rb +2 -1
- data/lib/clerk/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0beece8585345751d91279f43af6fc81ea3bed2274988ffcaf711cd9e6212203
|
4
|
+
data.tar.gz: fe3cda34f2c460f9b79a1da4a68d5931c4ca68454e869afa27676c72d68414c3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 94fdbacc63e4af0fc4084aad5db8a17904eda58c42f60b1f951e7dc351b3ea543299b12668bc96fad63a0afed7967f6d8e9eda4053b454a769601f4cee71a03b
|
7
|
+
data.tar.gz: 4fe7fee577704f10027ea812cacbbf7482b112b5a7423b041debfd332bb97cbc5cc2a2e026910aff8d7b0559e3d3132d7df4fc048e4c12c9507974a72d2ccec0
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,13 @@
|
|
1
1
|
## unreleased
|
2
2
|
|
3
|
+
## 2.1.2 - 2022-08-26
|
4
|
+
|
5
|
+
- fix: Gracefully handle invalid JSON in Authorization header [https://github.com/clerkinc/clerk-sdk-ruby/pull/16]
|
6
|
+
|
7
|
+
## 2.1.1 - 2022-02-24
|
8
|
+
|
9
|
+
- fix: Make Authv2 middleware thread-safe
|
10
|
+
|
3
11
|
## 2.0.0 - 2021-10-21
|
4
12
|
|
5
13
|
This release introduces the new networkless middleware which works with the new
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
clerk-sdk-ruby (
|
4
|
+
clerk-sdk-ruby (2.2.0)
|
5
5
|
faraday (~> 1.4.1)
|
6
6
|
jwt (~> 2.2)
|
7
7
|
|
@@ -22,9 +22,9 @@ GEM
|
|
22
22
|
faraday-excon (1.1.0)
|
23
23
|
faraday-net_http (1.0.1)
|
24
24
|
faraday-net_http_persistent (1.2.0)
|
25
|
-
jwt (2.
|
25
|
+
jwt (2.5.0)
|
26
26
|
minitest (5.14.2)
|
27
|
-
multipart-post (2.
|
27
|
+
multipart-post (2.2.3)
|
28
28
|
rake (13.0.3)
|
29
29
|
ruby2_keywords (0.0.5)
|
30
30
|
timecop (0.9.4)
|
@@ -40,4 +40,4 @@ DEPENDENCIES
|
|
40
40
|
timecop (~> 0.9.4)
|
41
41
|
|
42
42
|
BUNDLED WITH
|
43
|
-
2.2.
|
43
|
+
2.2.32
|
data/README.md
CHANGED
@@ -1,20 +1,25 @@
|
|
1
1
|
# Clerk Ruby SDK
|
2
2
|
|
3
|
+
|
3
4
|
Thank you for choosing [Clerk](https://clerk.dev/) for your authentication,
|
4
5
|
session & user management needs!
|
5
6
|
|
6
7
|
This SDK allows you to call the Clerk Backend API from Ruby code without having
|
7
8
|
to implement the calls yourself.
|
8
9
|
|
9
|
-
|
10
|
-
|
11
|
-
**Note**: This is the v2 branch, which requires that you use [Auth
|
10
|
+
**Note**: You're looking at the main branch, which requires that you use [Auth
|
12
11
|
v2](https://docs.clerk.dev/main-concepts/auth-v2).
|
13
12
|
|
14
|
-
If you're looking for the legacy authentication scheme
|
15
|
-
[`
|
13
|
+
If you're looking for the legacy authentication scheme, refer to the
|
14
|
+
[`v1`](https://github.com/clerkinc/clerk-sdk-ruby/tree/v1) branch.
|
15
|
+
|
16
|
+
---
|
17
|
+
|
18
|
+
**Clerk is Hiring!**
|
19
|
+
|
20
|
+
Would you like to work on Open Source software and help maintain this repository? Apply today https://apply.workable.com/clerk-dev/.
|
16
21
|
|
17
|
-
|
22
|
+
---
|
18
23
|
|
19
24
|
## Installation
|
20
25
|
|
@@ -10,7 +10,7 @@ module Clerk
|
|
10
10
|
# the Session object. Subsequent calls to this method will return the cached
|
11
11
|
# Session object.
|
12
12
|
#
|
13
|
-
# NOTE: For better performance, you can instead use `#
|
13
|
+
# NOTE: For better performance, you can instead use `#clerk_verified_session_claims`
|
14
14
|
# which already contains the verified claims as retrieved from the session
|
15
15
|
# token.
|
16
16
|
def clerk_session
|
@@ -20,7 +20,7 @@ module Clerk
|
|
20
20
|
# Makes a request to the Clerk API to verify the session again. Returns the
|
21
21
|
# session object as fetched from the API.
|
22
22
|
#
|
23
|
-
# NOTE: For better performance, you can instead use `#
|
23
|
+
# NOTE: For better performance, you can instead use `#clerk_verified_session_claims`
|
24
24
|
# which already contains the verified claims as retrieved from the session
|
25
25
|
# token.
|
26
26
|
#
|
@@ -1,94 +1,107 @@
|
|
1
1
|
require "clerk"
|
2
2
|
|
3
3
|
module Clerk
|
4
|
-
class
|
5
|
-
|
6
|
-
CACHE_TTL = 60 # seconds
|
4
|
+
class ProxyV2
|
5
|
+
CACHE_TTL = 60 # seconds
|
7
6
|
|
8
|
-
|
7
|
+
attr_reader :session_claims, :session_token
|
9
8
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
9
|
+
def initialize(session_claims: nil, session_token: nil)
|
10
|
+
@session_claims = session_claims
|
11
|
+
@session_token = session_token
|
12
|
+
@session = nil
|
13
|
+
end
|
15
14
|
|
16
|
-
|
17
|
-
|
15
|
+
def session
|
16
|
+
return nil if @session_claims.nil?
|
18
17
|
|
19
|
-
|
20
|
-
|
18
|
+
@session ||= verify_session
|
19
|
+
end
|
21
20
|
|
22
|
-
|
23
|
-
|
21
|
+
def verify_session
|
22
|
+
return nil if @session_claims.nil?
|
24
23
|
|
25
|
-
|
26
|
-
|
24
|
+
sdk.sessions.verify_token(@session_claims["sid"], @session_token)
|
25
|
+
end
|
27
26
|
|
28
|
-
|
29
|
-
|
27
|
+
def user
|
28
|
+
return nil if user_id.nil?
|
30
29
|
|
31
|
-
|
32
|
-
|
30
|
+
@user ||= fetch_user(user_id)
|
31
|
+
end
|
33
32
|
|
34
|
-
|
35
|
-
|
33
|
+
def user_id
|
34
|
+
return nil if @session_claims.nil?
|
36
35
|
|
37
|
-
|
38
|
-
|
36
|
+
@session_claims["sub"]
|
37
|
+
end
|
39
38
|
|
40
|
-
|
39
|
+
private
|
41
40
|
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
end
|
41
|
+
def fetch_user(user_id)
|
42
|
+
cached_fetch("clerk_user:#{user_id}") do
|
43
|
+
sdk.users.find(user_id)
|
46
44
|
end
|
45
|
+
end
|
47
46
|
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
end
|
47
|
+
def cached_fetch(key, &block)
|
48
|
+
if store = Clerk.configuration.middleware_cache_store
|
49
|
+
store.fetch(key, expires_in: CACHE_TTL, &block)
|
50
|
+
else
|
51
|
+
yield
|
54
52
|
end
|
53
|
+
end
|
55
54
|
|
56
|
-
|
57
|
-
|
58
|
-
end
|
55
|
+
def sdk
|
56
|
+
@sdk ||= Clerk::SDK.new
|
59
57
|
end
|
58
|
+
end
|
60
59
|
|
60
|
+
class RackMiddlewareV2
|
61
61
|
def initialize(app)
|
62
62
|
@app = app
|
63
63
|
end
|
64
64
|
|
65
65
|
def call(env)
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
66
|
+
env = env
|
67
|
+
req = Rack::Request.new(env)
|
68
|
+
env["clerk"] = Clerk::ProxyV2.new
|
69
|
+
header_token = req.env["HTTP_AUTHORIZATION"]
|
70
|
+
header_token = header_token.strip.sub(/\ABearer /, '') if header_token
|
71
|
+
cookie_token = req.cookies["__session"]
|
72
|
+
client_uat = req.cookies["__client_uat"]
|
73
73
|
|
74
74
|
##########################################################################
|
75
75
|
# #
|
76
76
|
# HEADER AUTHENTICATION #
|
77
77
|
# #
|
78
78
|
##########################################################################
|
79
|
-
if
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
79
|
+
if header_token
|
80
|
+
begin
|
81
|
+
return signed_out(env) if !sdk.decode_token(header_token) # malformed JWT
|
82
|
+
rescue JWT::DecodeError
|
83
|
+
return signed_out(env) # malformed JSON authorization header
|
84
|
+
end
|
85
|
+
|
86
|
+
token = verify_token(header_token)
|
87
|
+
return signed_in(env, token, header_token) if token
|
84
88
|
|
85
89
|
# Clerk.js should refresh the token and retry
|
86
90
|
return unknown(interstitial: false)
|
87
91
|
end
|
88
92
|
|
89
93
|
# in cross-origin XHRs the use of Authorization header is mandatory.
|
90
|
-
if cross_origin_request?(
|
91
|
-
return signed_out
|
94
|
+
if cross_origin_request?(req)
|
95
|
+
return signed_out(env)
|
96
|
+
end
|
97
|
+
|
98
|
+
if development_or_staging? && !browser_request?(req)
|
99
|
+
# the interstitial won't work if the user agent is not a browser, so
|
100
|
+
# short-circuit and avoid rendering it
|
101
|
+
#
|
102
|
+
# We only limit this to dev/stg because we're not yet sure how robust
|
103
|
+
# this strategy is, yet. In the future, we might enable it for prod too.
|
104
|
+
return signed_out(env)
|
92
105
|
end
|
93
106
|
|
94
107
|
##########################################################################
|
@@ -96,22 +109,22 @@ module Clerk
|
|
96
109
|
# COOKIE AUTHENTICATION #
|
97
110
|
# #
|
98
111
|
##########################################################################
|
99
|
-
if development_or_staging? && (
|
112
|
+
if development_or_staging? && (req.referrer.nil? || cross_origin_request?(req))
|
100
113
|
return unknown(interstitial: true)
|
101
114
|
end
|
102
115
|
|
103
|
-
if production? &&
|
104
|
-
return signed_out
|
116
|
+
if production? && client_uat.nil?
|
117
|
+
return signed_out(env)
|
105
118
|
end
|
106
119
|
|
107
|
-
if
|
108
|
-
return signed_out
|
120
|
+
if client_uat == "0"
|
121
|
+
return signed_out(env)
|
109
122
|
end
|
110
123
|
|
111
|
-
token = verify_token(
|
124
|
+
token = verify_token(cookie_token)
|
112
125
|
|
113
|
-
if token && token["iat"] &&
|
114
|
-
return signed_in(token,
|
126
|
+
if token && token["iat"] && client_uat && Integer(client_uat) <= token["iat"]
|
127
|
+
return signed_in(env, token, cookie_token)
|
115
128
|
end
|
116
129
|
|
117
130
|
unknown(interstitial: true)
|
@@ -120,15 +133,15 @@ module Clerk
|
|
120
133
|
private
|
121
134
|
|
122
135
|
# Outcome A
|
123
|
-
def signed_in(claims, token)
|
124
|
-
|
136
|
+
def signed_in(env, claims, token)
|
137
|
+
env["clerk"] = ProxyV2.new(session_claims: claims, session_token: token)
|
125
138
|
|
126
|
-
@app.call(
|
139
|
+
@app.call(env)
|
127
140
|
end
|
128
141
|
|
129
142
|
# Outcome B
|
130
|
-
def signed_out
|
131
|
-
@app.call(
|
143
|
+
def signed_out(env)
|
144
|
+
@app.call(env)
|
132
145
|
end
|
133
146
|
|
134
147
|
# Outcome C
|
@@ -165,18 +178,24 @@ module Clerk
|
|
165
178
|
origin != request_host
|
166
179
|
end
|
167
180
|
|
181
|
+
def browser_request?(req)
|
182
|
+
user_agent = req.env["HTTP_USER_AGENT"]
|
183
|
+
|
184
|
+
!user_agent.nil? && user_agent.starts_with?("Mozilla/")
|
185
|
+
end
|
186
|
+
|
168
187
|
def verify_token(token)
|
169
188
|
return false if token.nil? || token.strip.empty?
|
170
189
|
|
171
190
|
begin
|
172
|
-
|
191
|
+
sdk.verify_token(token)
|
173
192
|
rescue JWT::DecodeError, JWT::RequiredDependencyError => e
|
174
193
|
false
|
175
194
|
end
|
176
195
|
end
|
177
196
|
|
178
197
|
def sdk
|
179
|
-
|
198
|
+
Clerk::SDK.new
|
180
199
|
end
|
181
200
|
end
|
182
201
|
end
|
@@ -11,7 +11,7 @@ module Clerk
|
|
11
11
|
@resource = PluralResource.new(client, "users")
|
12
12
|
end
|
13
13
|
|
14
|
-
def_delegators :@resource, :all, :find, :update, :delete
|
14
|
+
def_delegators :@resource, :all, :find, :create, :update, :delete
|
15
15
|
|
16
16
|
def oauth_access_token(user_id, provider)
|
17
17
|
@client.request(:get, "#{@resource.resource_path(user_id)}/oauth_access_tokens/#{provider}")
|
data/lib/clerk/sdk.rb
CHANGED
@@ -20,7 +20,8 @@ require_relative "errors"
|
|
20
20
|
module Clerk
|
21
21
|
class SDK
|
22
22
|
DEFAULT_HEADERS = {
|
23
|
-
"User-Agent" => "Clerk/#{Clerk::VERSION}; Faraday/#{Faraday::VERSION}; Ruby/#{RUBY_VERSION}"
|
23
|
+
"User-Agent" => "Clerk/#{Clerk::VERSION}; Faraday/#{Faraday::VERSION}; Ruby/#{RUBY_VERSION}",
|
24
|
+
"X-Clerk-SDK" => "ruby/#{Clerk::VERSION}"
|
24
25
|
}
|
25
26
|
|
26
27
|
# How often (in seconds) should JWKs be refreshed
|
data/lib/clerk/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: clerk-sdk-ruby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0
|
4
|
+
version: 2.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Clerk
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-08-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: faraday
|
@@ -127,7 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
127
127
|
- !ruby/object:Gem::Version
|
128
128
|
version: '0'
|
129
129
|
requirements: []
|
130
|
-
rubygems_version: 3.2.
|
130
|
+
rubygems_version: 3.2.32
|
131
131
|
signing_key:
|
132
132
|
specification_version: 4
|
133
133
|
summary: Clerk SDK for Ruby.
|