clerk-sdk-ruby 2.8.0 → 2.9.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/Gemfile.lock +7 -5
- data/clerk-sdk-ruby.gemspec +2 -1
- data/lib/clerk/jwks_cache.rb +32 -0
- data/lib/clerk/rack_middleware_v2.rb +3 -2
- data/lib/clerk/sdk.rb +11 -13
- data/lib/clerk/version.rb +1 -1
- metadata +22 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3bb75c4354d383821c456ef0e4a3da02d2dbb2404a89dddc6dab99190251c918
|
4
|
+
data.tar.gz: aea4736f0e1c16d94c2f081c32218280d84015282054cbd9a42b7518ab5590d0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0b9b95ab6ba5d002b1a78eff6ad5af4a4c930ea4ae6ef553eab5a7965854a64624340b17ac1ac84348516920fc1b3aba880b459f2e2eb0e112d98018fefce043
|
7
|
+
data.tar.gz: 0caf5c13e253ef08e89b998f68630d7e67574286effa2aa4e8a6490b550dfba0a6f8444e9171fb0b24e3d428d3b1d34c616840926bb0b29260088e7935834bf9
|
data/CHANGELOG.md
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,14 +1,16 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
clerk-sdk-ruby (2.
|
4
|
+
clerk-sdk-ruby (2.8.0)
|
5
|
+
concurrent-ruby (~> 1.1)
|
5
6
|
faraday (~> 1.4.1)
|
6
|
-
jwt (~> 2.
|
7
|
+
jwt (~> 2.5)
|
7
8
|
|
8
9
|
GEM
|
9
10
|
remote: https://rubygems.org/
|
10
11
|
specs:
|
11
12
|
byebug (11.1.3)
|
13
|
+
concurrent-ruby (1.1.10)
|
12
14
|
faraday (1.4.3)
|
13
15
|
faraday-em_http (~> 1.0)
|
14
16
|
faraday-em_synchrony (~> 1.0)
|
@@ -23,11 +25,11 @@ GEM
|
|
23
25
|
faraday-net_http (1.0.1)
|
24
26
|
faraday-net_http_persistent (1.2.0)
|
25
27
|
jwt (2.5.0)
|
26
|
-
minitest (5.
|
28
|
+
minitest (5.16.3)
|
27
29
|
multipart-post (2.2.3)
|
28
|
-
rake (13.0.
|
30
|
+
rake (13.0.6)
|
29
31
|
ruby2_keywords (0.0.5)
|
30
|
-
timecop (0.9.
|
32
|
+
timecop (0.9.6)
|
31
33
|
|
32
34
|
PLATFORMS
|
33
35
|
universal-darwin-21
|
data/clerk-sdk-ruby.gemspec
CHANGED
@@ -28,7 +28,8 @@ Gem::Specification.new do |spec|
|
|
28
28
|
spec.require_paths = ["lib"]
|
29
29
|
|
30
30
|
spec.add_dependency "faraday", "~> 1.4.1"
|
31
|
-
spec.add_dependency "jwt", '~> 2.
|
31
|
+
spec.add_dependency "jwt", '~> 2.5'
|
32
|
+
spec.add_dependency "concurrent-ruby", "~> 1.1"
|
32
33
|
|
33
34
|
spec.add_development_dependency "byebug", "~> 11.1"
|
34
35
|
spec.add_development_dependency "timecop", "~> 0.9.4"
|
@@ -0,0 +1,32 @@
|
|
1
|
+
class JWKSCache
|
2
|
+
def initialize(lifetime)
|
3
|
+
@lifetime = lifetime
|
4
|
+
@jwks = nil
|
5
|
+
@last_update = nil
|
6
|
+
@lock = Concurrent::ReadWriteLock.new
|
7
|
+
end
|
8
|
+
|
9
|
+
def fetch(sdk, force_refresh: false, kid_not_found: false)
|
10
|
+
should_refresh = @lock.with_read_lock do
|
11
|
+
@jwks.nil? || @last_update.nil? || force_refresh ||
|
12
|
+
(Time.now.to_i-@last_update > @lifetime) ||
|
13
|
+
(kid_not_found && Time.now.to_i-@last_update > 300)
|
14
|
+
end
|
15
|
+
|
16
|
+
if should_refresh
|
17
|
+
@lock.with_write_lock do
|
18
|
+
@last_update = Time.now.to_i
|
19
|
+
|
20
|
+
@jwks = begin
|
21
|
+
sdk.jwks.all["keys"]
|
22
|
+
rescue Clerk::Errors::Base
|
23
|
+
nil
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
@lock.with_read_lock do
|
29
|
+
@jwks
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
@@ -194,7 +194,8 @@ module Clerk
|
|
194
194
|
end
|
195
195
|
|
196
196
|
def development_or_staging?
|
197
|
-
Clerk.configuration.api_key.start_with?("test_")
|
197
|
+
Clerk.configuration.api_key.start_with?("test_") ||
|
198
|
+
Clerk.configuration.api_key.start_with?("sk_test_")
|
198
199
|
end
|
199
200
|
|
200
201
|
def production?
|
@@ -202,7 +203,7 @@ module Clerk
|
|
202
203
|
end
|
203
204
|
|
204
205
|
def cross_origin_request?(req)
|
205
|
-
# origin contains scheme+host and optionally port (
|
206
|
+
# origin contains scheme+host and optionally port (omitted if 80 or 443)
|
206
207
|
# ref. https://www.rfc-editor.org/rfc/rfc6454#section-6.1
|
207
208
|
origin = req.env["HTTP_ORIGIN"]
|
208
209
|
return false if origin.nil?
|
data/lib/clerk/sdk.rb
CHANGED
@@ -5,6 +5,7 @@ require "logger"
|
|
5
5
|
require "net/http"
|
6
6
|
require "json"
|
7
7
|
require "jwt"
|
8
|
+
require "concurrent-ruby"
|
8
9
|
|
9
10
|
require_relative "resources/allowlist_identifiers"
|
10
11
|
require_relative "resources/allowlist"
|
@@ -19,6 +20,7 @@ require_relative "resources/users"
|
|
19
20
|
require_relative "resources/users"
|
20
21
|
require_relative "resources/jwks"
|
21
22
|
require_relative "errors"
|
23
|
+
require_relative "jwks_cache"
|
22
24
|
|
23
25
|
module Clerk
|
24
26
|
class SDK
|
@@ -30,10 +32,14 @@ module Clerk
|
|
30
32
|
# How often (in seconds) should JWKs be refreshed
|
31
33
|
JWKS_CACHE_LIFETIME = 3600 # 1 hour
|
32
34
|
|
35
|
+
@@jwks_cache = JWKSCache.new(JWKS_CACHE_LIFETIME)
|
36
|
+
|
37
|
+
def self.jwks_cache
|
38
|
+
@@jwks_cache
|
39
|
+
end
|
40
|
+
|
33
41
|
def initialize(api_key: nil, base_url: nil, logger: nil, ssl_verify: true,
|
34
42
|
connection: nil)
|
35
|
-
@jwks_fetched_at = nil
|
36
|
-
|
37
43
|
if connection # Inject a Faraday::Connection for testing or full control over Faraday
|
38
44
|
@conn = connection
|
39
45
|
return
|
@@ -170,17 +176,9 @@ module Clerk
|
|
170
176
|
# `timeout` argument.
|
171
177
|
def verify_token(token, force_refresh_jwks: false, algorithms: ['RS256'], timeout: 5)
|
172
178
|
jwk_loader = ->(options) do
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
@cached_jwks ||= begin
|
177
|
-
keys = jwks.all["keys"]
|
178
|
-
@jwks_fetched_at = Time.now.to_i
|
179
|
-
|
180
|
-
# JWT.decode requires that the 'keys' key in the Hash is a symbol (as
|
181
|
-
# opposed to a string which our SDK returns by default)
|
182
|
-
{ keys: keys }
|
183
|
-
end
|
179
|
+
# JWT.decode requires that the 'keys' key in the Hash is a symbol (as
|
180
|
+
# opposed to a string which our SDK returns by default)
|
181
|
+
{ keys: SDK.jwks_cache.fetch(self, kid_not_found: (options[:invalidate] || options[:kid_not_found]), force_refresh: force_refresh_jwks) }
|
184
182
|
end
|
185
183
|
|
186
184
|
JWT.decode(token, nil, true, algorithms: algorithms, jwks: jwk_loader).first
|
data/lib/clerk/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: clerk-sdk-ruby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.9.0.beta1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Clerk
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-12-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: faraday
|
@@ -30,14 +30,28 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: '2.
|
33
|
+
version: '2.5'
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: '2.
|
40
|
+
version: '2.5'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: concurrent-ruby
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '1.1'
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '1.1'
|
41
55
|
- !ruby/object:Gem::Dependency
|
42
56
|
name: byebug
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -89,6 +103,7 @@ files:
|
|
89
103
|
- lib/clerk.rb
|
90
104
|
- lib/clerk/authenticatable.rb
|
91
105
|
- lib/clerk/errors.rb
|
106
|
+
- lib/clerk/jwks_cache.rb
|
92
107
|
- lib/clerk/proxy.rb
|
93
108
|
- lib/clerk/rack_middleware.rb
|
94
109
|
- lib/clerk/rack_middleware_v2.rb
|
@@ -128,11 +143,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
128
143
|
version: 2.4.0
|
129
144
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
130
145
|
requirements:
|
131
|
-
- - "
|
146
|
+
- - ">"
|
132
147
|
- !ruby/object:Gem::Version
|
133
|
-
version:
|
148
|
+
version: 1.3.1
|
134
149
|
requirements: []
|
135
|
-
rubygems_version: 3.
|
150
|
+
rubygems_version: 3.2.5
|
136
151
|
signing_key:
|
137
152
|
specification_version: 4
|
138
153
|
summary: Clerk SDK for Ruby.
|