clerk-sdk-ruby 2.8.0 → 2.9.0.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 055dee5554e9405faf7a77400bd0428eb2ddb6d869abf51af5dc698c69492eb9
-  data.tar.gz: '09e4d7369cda1a8630776a6308b326630e4ffbce8f9ac9b62977201bf774e8a7'
+  metadata.gz: 3bb75c4354d383821c456ef0e4a3da02d2dbb2404a89dddc6dab99190251c918
+  data.tar.gz: aea4736f0e1c16d94c2f081c32218280d84015282054cbd9a42b7518ab5590d0
 SHA512:
-  metadata.gz: c05c73eb36c646f37264b72c09c3101173c241acbda0a55c0c1d6a8ef10562b1cb244f1d977ecf19bd20ef9020eda8307fb9ddb2359c58ce8c65428ac88ba62d
-  data.tar.gz: 4825ec3bd309908efd7bb08553e68e7d5794701a098df9ad2a4aa8032d78f326c6809d13612a07e08ced54ebaa7768f8089d30213250e4f60299af5fd41ccf90
+  metadata.gz: 0b9b95ab6ba5d002b1a78eff6ad5af4a4c930ea4ae6ef553eab5a7965854a64624340b17ac1ac84348516920fc1b3aba880b459f2e2eb0e112d98018fefce043
+  data.tar.gz: 0caf5c13e253ef08e89b998f68630d7e67574286effa2aa4e8a6490b550dfba0a6f8444e9171fb0b24e3d428d3b1d34c616840926bb0b29260088e7935834bf9

data/CHANGELOG.md

@@ -1,5 +1,9 @@
 ## unreleased
 
+## 2.9.0.beta1 - 2022-12-23
+
+- fix: Make JWKS cache work across different SDK instances [https://github.com/clerkinc/clerk-sdk-ruby/pull/27]
+
 ## 2.8.0 - 2022-11-29
 
 - feat: Add support for the users.verify_totp endpoint

data/Gemfile.lock

@@ -1,14 +1,16 @@
 PATH
   remote: .
   specs:
-    clerk-sdk-ruby (2.7.0)
+    clerk-sdk-ruby (2.8.0)
+      concurrent-ruby (~> 1.1)
       faraday (~> 1.4.1)
-      jwt (~> 2.2)
+      jwt (~> 2.5)
 
 GEM
   remote: https://rubygems.org/
   specs:
     byebug (11.1.3)
+    concurrent-ruby (1.1.10)
     faraday (1.4.3)
       faraday-em_http (~> 1.0)
       faraday-em_synchrony (~> 1.0)
@@ -23,11 +25,11 @@ GEM
     faraday-net_http (1.0.1)
     faraday-net_http_persistent (1.2.0)
     jwt (2.5.0)
-    minitest (5.14.2)
+    minitest (5.16.3)
     multipart-post (2.2.3)
-    rake (13.0.3)
+    rake (13.0.6)
     ruby2_keywords (0.0.5)
-    timecop (0.9.4)
+    timecop (0.9.6)
 
 PLATFORMS
   universal-darwin-21

data/clerk-sdk-ruby.gemspec

@@ -28,7 +28,8 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency "faraday", "~> 1.4.1"
-  spec.add_dependency "jwt", '~> 2.2'
+  spec.add_dependency "jwt", '~> 2.5'
+  spec.add_dependency "concurrent-ruby", "~> 1.1"
 
   spec.add_development_dependency "byebug", "~> 11.1"
   spec.add_development_dependency "timecop", "~> 0.9.4"

data/lib/clerk/jwks_cache.rb

@@ -0,0 +1,32 @@
+class JWKSCache
+  def initialize(lifetime)
+    @lifetime = lifetime
+    @jwks = nil
+    @last_update = nil
+    @lock = Concurrent::ReadWriteLock.new
+  end
+
+  def fetch(sdk, force_refresh: false, kid_not_found: false)
+    should_refresh = @lock.with_read_lock do
+      @jwks.nil? || @last_update.nil? || force_refresh ||
+        (Time.now.to_i-@last_update > @lifetime) ||
+        (kid_not_found && Time.now.to_i-@last_update > 300)
+    end
+
+    if should_refresh
+      @lock.with_write_lock do
+        @last_update = Time.now.to_i
+
+        @jwks = begin
+          sdk.jwks.all["keys"]
+        rescue Clerk::Errors::Base
+          nil
+        end
+      end
+    end
+
+    @lock.with_read_lock do
+      @jwks
+    end
+  end
+end

data/lib/clerk/rack_middleware_v2.rb

@@ -194,7 +194,8 @@ module Clerk
     end
 
     def development_or_staging?
-      Clerk.configuration.api_key.start_with?("test_")
+      Clerk.configuration.api_key.start_with?("test_") ||
+        Clerk.configuration.api_key.start_with?("sk_test_")
     end
 
     def production?
@@ -202,7 +203,7 @@ module Clerk
     end
 
     def cross_origin_request?(req)
-      # origin contains scheme+host and optionally port (ommitted if 80 or 443)
+      # origin contains scheme+host and optionally port (omitted if 80 or 443)
       # ref. https://www.rfc-editor.org/rfc/rfc6454#section-6.1
       origin = req.env["HTTP_ORIGIN"]
       return false if origin.nil?

data/lib/clerk/sdk.rb

@@ -5,6 +5,7 @@ require "logger"
 require "net/http"
 require "json"
 require "jwt"
+require "concurrent-ruby"
 
 require_relative "resources/allowlist_identifiers"
 require_relative "resources/allowlist"
@@ -19,6 +20,7 @@ require_relative "resources/users"
 require_relative "resources/users"
 require_relative "resources/jwks"
 require_relative "errors"
+require_relative "jwks_cache"
 
 module Clerk
   class SDK
@@ -30,10 +32,14 @@ module Clerk
     # How often (in seconds) should JWKs be refreshed
     JWKS_CACHE_LIFETIME = 3600 # 1 hour
 
+    @@jwks_cache = JWKSCache.new(JWKS_CACHE_LIFETIME)
+
+    def self.jwks_cache
+      @@jwks_cache
+    end
+
     def initialize(api_key: nil, base_url: nil, logger: nil, ssl_verify: true,
                    connection: nil)
-      @jwks_fetched_at = nil
-
       if connection # Inject a Faraday::Connection for testing or full control over Faraday
         @conn = connection
         return
@@ -170,17 +176,9 @@ module Clerk
     # `timeout` argument.
     def verify_token(token, force_refresh_jwks: false, algorithms: ['RS256'], timeout: 5)
       jwk_loader = ->(options) do
-        @cached_jwks = nil if options[:invalidate] || force_refresh_jwks
-        @cached_jwks = nil if @jwks_fetched_at && Time.now.to_i - @jwks_fetched_at > JWKS_CACHE_LIFETIME
-
-        @cached_jwks ||= begin
-          keys = jwks.all["keys"]
-          @jwks_fetched_at = Time.now.to_i
-
-          # JWT.decode requires that the 'keys' key in the Hash is a symbol (as
-          # opposed to a string which our SDK returns by default)
-          { keys: keys }
-        end
+        # JWT.decode requires that the 'keys' key in the Hash is a symbol (as
+        # opposed to a string which our SDK returns by default)
+        { keys: SDK.jwks_cache.fetch(self, kid_not_found: (options[:invalidate] || options[:kid_not_found]), force_refresh: force_refresh_jwks) }
       end
 
       JWT.decode(token, nil, true, algorithms: algorithms, jwks: jwk_loader).first

data/lib/clerk/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Clerk
-  VERSION = "2.8.0"
+  VERSION = "2.9.0.beta1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: clerk-sdk-ruby
 version: !ruby/object:Gem::Version
-  version: 2.8.0
+  version: 2.9.0.beta1
 platform: ruby
 authors:
 - Clerk
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-11-29 00:00:00.000000000 Z
+date: 2022-12-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -30,14 +30,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '2.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '2.5'
+- !ruby/object:Gem::Dependency
+  name: concurrent-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -89,6 +103,7 @@ files:
 - lib/clerk.rb
 - lib/clerk/authenticatable.rb
 - lib/clerk/errors.rb
+- lib/clerk/jwks_cache.rb
 - lib/clerk/proxy.rb
 - lib/clerk/rack_middleware.rb
 - lib/clerk/rack_middleware_v2.rb
@@ -128,11 +143,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.4.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.2.5
 signing_key: 
 specification_version: 4
 summary: Clerk SDK for Ruby.