clerk-sdk-ruby 4.0.0.beta2 → 4.0.0.beta4

data/apps/sinatra/views/index.erb

@@ -0,0 +1,44 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <meta name="description" content="Find a domain's name servers">
+    <title>Sinatra</title>
+    <style>
+      html { font-family: monospace; }
+      @media (prefers-color-scheme: dark) {
+        html {
+          color: #FFE6E6FF;
+          background-color: #201D1E;
+        }
+      }
+    </style>
+    <script
+      async
+      crossorigin="anonymous"
+      data-clerk-publishable-key="<%= Clerk.configuration.publishable_key %>"
+      src="<%= ENV["CLERK_JS_URL"] %>"
+      type="text/javascript"
+    ></script>
+    <script>
+      window.addEventListener('load', async function () {
+        await Clerk.load()
+        const container = document.getElementById('auth-container')
+
+        if (Clerk.user) {
+          container.innerHTML = `<div id="user-button"></div>`
+          Clerk.mountUserButton(document.getElementById('user-button'))
+        } else {
+          container.innerHTML = `<div id="sign-in"></div>`
+          Clerk.mountSignIn(document.getElementById('sign-in'))
+        }
+      })
+    </script>
+  </head>
+  <body>
+    <h1>Sinatra</h1>
+    <h2><%= clerk.user ? "Authenticated User: #{clerk.user.first_name} (#{clerk.user.id}) " : "Not Authenticated" %><h2>
+    <div id="auth-container"></div>
+  </body>
+</html>

data/clerk-sdk-ruby.gemspec

@@ -9,7 +9,7 @@ Gem::Specification.new do |spec|
   spec.email         = ["ruby-sdk@clerk.dev"]
 
   spec.summary       = "Clerk SDK for Ruby."
-  spec.description   = "Client SDK for the Clerk backend API."
+  spec.description   = "Client SDK for the Clerk"
   spec.homepage      = "https://github.com/clerkinc/clerk-sdk-ruby"
   spec.license       = "MIT"
   spec.required_ruby_version = Gem::Requirement.new(">= 2.4.0")
@@ -29,6 +29,7 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "faraday", ">= 1.4.1", "< 3.0"
   spec.add_dependency "jwt", '~> 2.5'
+  spec.add_dependency "clerk-http-client", "~> 0.0.1"
   spec.add_dependency "concurrent-ruby", "~> 1.1"
 
   spec.add_development_dependency "byebug", "~> 11.1"

data/lib/clerk/authenticatable.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "active_support/concern"
 
 module Clerk
@@ -6,92 +8,25 @@ module Clerk
 
     protected
 
-    # Makes a request to the Clerk API to verify the session again and return
-    # the Session object. Subsequent calls to this method will return the cached
-    # Session object.
-    #
-    # NOTE: For better performance, you can instead use `#clerk_verified_session_claims`
-    # which already contains the verified claims as retrieved from the session
-    # token.
-    def clerk_session
-      request.env["clerk"].session
-    end
-
-    # Makes a request to the Clerk API to verify the session again. Returns the
-    # session object as fetched from the API.
-    #
-    # NOTE: For better performance, you can instead use `#clerk_verified_session_claims`
-    # which already contains the verified claims as retrieved from the session
-    # token.
-    #
-    # See https://clerk.com/docs/reference/backend-api/tag/Sessions#operation/VerifySession
-    def clerk_reverify_session!
-      request.env["clerk"].verify_session
-    end
-
-    def clerk_verified_session_claims
-      request.env["clerk"].session_claims
-    end
-
-    def clerk_verified_session_token
-      request.env["clerk"].session_token
-    end
-
-    # Makes a request to the Clerk API to fetch the data of the authenticated
-    # session's user. If caching is configured (see
-    # Config.middleware_cache_store), subsequent calls will return the cached
-    # object.
-    def clerk_user
-      request.env["clerk"].user
-    end
-
-    def clerk_user_id
-      request.env["clerk"].user_id
-    end
-
-    # Makes a request to the Clerk API to fetch the data of the authenticated
-    # session's organization. If caching is configured (see
-    # Config.middleware_cache_store), subsequent calls will return the cached
-    # object.
-    def clerk_organization
-      request.env["clerk"].org
-    end
-
-    def clerk_organization_id
-      request.env["clerk"].org_id
-    end
-
-    def clerk_organization_role
-      request.env["clerk"].org_role
-    end
-
-    def clerk_organization_permissions
-      request.env["clerk"].org_permissions
-    end
-
-    def clerk_user_signed_in?
-      !!clerk_verified_session_claims
-    end
-
-    def clerk_sign_in_url
-      ENV.fetch("CLERK_SIGN_IN_URL")
+    def clerk
+      request.env["clerk"]
     end
 
-    def clerk_sign_up_url
-      ENV.fetch("CLERK_SIGN_UP_URL")
+    def require_reverification!(preset = StepUp::Preset::STRICT, &block)
+      clerk.user_require_reverification!(preset) do
+        return yield(preset) if block_given?
+        render_reverification!(preset)
+      end
     end
 
-    def clerk_user_profile_url
-      ENV.fetch("CLERK_USER_PROFILE_URL")
+    def render_reverification!(preset = nil)
+      render status: 403, json: StepUp::Reverification.error_payload(preset)
     end
 
     included do
-      helper_method :clerk_session, :clerk_reverify_session!,
-        :clerk_verified_session_claims, :clerk_verified_session_token,
-        :clerk_user, :clerk_user_id, :clerk_user_signed_in?, :clerk_sign_in_url,
-        :clerk_sign_up_url, :clerk_user_profile_url,
-        :clerk_organization, :clerk_organization_id, :clerk_organization_role,
-        :clerk_organization_permissions
+      if respond_to?(:helper_method)
+        helper_method :clerk, :require_reverification!, :render_reverification!
+      end
     end
   end
 end

data/lib/clerk/authenticate_context.rb

@@ -1,183 +1,168 @@
+# frozen_string_literal: true
+
 require "ostruct"
 require "forwardable"
-require "base64"
 
 module Clerk
-    ##
-    # This class represents a parameter object used to contain all request and configuration
-    # information required by the middleware to resolve the current request state.
-    # link: https://refactoring.guru/introduce-parameter-object
-    class AuthenticateContext
-        extend Forwardable
-
-        ##
-        # Expose the url of the request that this parameter object was created from as a URI object.
-        attr_reader :clerk_url
-
-        ##
-        # Expose properties that does not require validations or complex logic to retrieve
-        # values by delegating them to the cookies or headers variables.
-        def_delegators :@cookies, :session_token_in_cookie, :client_uat
-        def_delegators :@headers, :session_token_in_header, :sec_fetch_dest
-
-        ##
-        # Creates a new parameter object using Rack::Request and Clerk::Config objects.
-        def initialize(request, config)
-            @clerk_url = URI.parse(request.url)
-            @config = config
-
-            @cookies = OpenStruct.new({
-                session_token_in_cookie: request.cookies[SESSION_COOKIE],
-                client_uat: request.cookies[CLIENT_UAT_COOKIE],
-                handshake_token: request.cookies[HANDSHAKE_COOKIE],
-                dev_browser: request.cookies[DEV_BROWSER_COOKIE]
-            })
-
-            @headers = OpenStruct.new({
-                session_token_in_header: request.env[AUTHORIZATION_HEADER].to_s.gsub(/bearer/i, '').strip,
-                sec_fetch_dest: request.env[SEC_FETCH_DEST_HEADER],
-                accept: request.env[ACCEPT_HEADER].to_s,
-                origin: request.env[ORIGIN_HEADER].to_s,
-                host: request.host,
-                port: request.port
-            })
-        end
-
-        ##
-        # The following properties are part of the props supported in all the AuthenticateContext
-        # objects across all of our SDKs (eg JS, Go)
-        def secret_key
-            @config.api_key.to_s
-        end
-
-        def publishable_key
-            @config.publishable_key.to_s
-        end
-
-        def domain
-            # TODO(dimkl): Add multi-domain support
-            ""
-        end
-
-        def is_satellite?
-            # TODO(dimkl): Add multi-domain support
-            false
-        end
-
-        def proxy_url
-            # TODO(dimkl): Add multi-domain support
-            ""
-        end
-
-        def handshake_token
-            @handshake_token ||= retrieve_from_query_string(@clerk_url, HANDSHAKE_COOKIE) || @cookies.handshake_token.to_s
-        end
-
-        def clerk_synced?
-            # TODO(dimkl): Add multi-domain support
-            false
-        end
-
-        def clerk_redirect_url
-             # TODO(dimkl): Add multi-domain support
-             ""
-        end
-
-        def dev_browser
-            @dev_browser ||= retrieve_from_query_string(@clerk_url, DEV_BROWSER_COOKIE) || @cookies.dev_browser.to_s
-        end
-
-        # The frontend_api returned is without protocol prefix
-        def frontend_api
-            return "" if !valid_publishable_key?(publishable_key.to_s)
-
-            @frontend_api ||= if !proxy_url.empty?
-                proxy_url
-            elsif development_instance? && !domain.empty?
-                "clerk.#{domain}"
-            else
-                # remove $ postfix
-                decode_publishable_key(publishable_key).chop
-            end
-        end
-
-        def development_instance?
-            secret_key.start_with?("sk_test_")
-        end
-
-        def production_instance?
-            secret_key.start_with?("sk_live_")
-        end
-
-        def document_request?
-            @headers.sec_fetch_dest == "document"
-        end
-
-        def accepts_html?
-            @headers.accept && @headers.accept.start_with?('text/html')
-        end
-        
-        def eligible_for_multi_domain?
-            is_satellite? && document_request? && !clerk_synced?
-        end
-
-        def active_client?
-            @cookies.client_uat.to_i > 0
-        end
-
-        def cross_origin_request?
-            # origin contains scheme+host and optionally port (omitted if 80 or 443)
-            # ref. https://www.rfc-editor.org/rfc/rfc6454#section-6.1
-            return false if @headers.origin.nil?
-      
-            # strip scheme
-            origin = @headers.origin.strip.sub(/\A(\w+:)?\/\//, '')
-            return false if origin.empty?
-      
-            # Rack's host and port helpers are reverse-proxy-aware; that
-            # is, they prefer the de-facto X-Forwarded-* headers if they're set
-            request_host = @headers.host
-            request_host << ":#{@headers.port}" if @headers.port != 80 && @headers.port != 443
-      
-            origin != request_host
-        end
-
-        def dev_browser?
-            !dev_browser.empty?
-        end
-
-        def session_token_in_header?
-            !session_token_in_header.to_s.empty?
-        end
-
-        def handshake_token?
-            !handshake_token.to_s.empty?
-        end
-
-        def session_token_in_cookie?
-            !session_token_in_cookie.to_s.empty?
-        end
-
-        private
-
-        def valid_publishable_key?(pk)
-            valid_publishable_key_prefix?(pk) && valid_publishable_key_postfix?(pk)
-        end
-
-        def valid_publishable_key_prefix?(pk)
-            pk.start_with?("pk_live_") || pk.start_with?("pk_test_")
-        end
-
-        def valid_publishable_key_postfix?(pk)
-            decode_publishable_key(pk).end_with?("$")
-        end
-
-        def decode_publishable_key(pk)
-            Base64.decode64(pk.split("_")[2].to_s)
-        end
-
-        def retrieve_from_query_string(url, key)
-            Rack::Utils.parse_query(url.query)[key]
-        end
-    end
-end
+  # This class represents a parameter object used to contain all request and configuration
+  # information required by the middleware to resolve the current request state.
+  # link: https://refactoring.guru/introduce-parameter-object
+  class AuthenticateContext
+    extend Forwardable
+
+    # Expose the url of the request that this parameter object was created from as a URI object.
+    attr_reader :clerk_url
+
+    # Expose properties that does not require validations or complex logic to retrieve
+    # values by delegating them to the cookies or headers variables.
+    def_delegators :@cookies, :session_token_in_cookie, :client_uat
+    def_delegators :@headers, :session_token_in_header, :sec_fetch_dest
+
+    # Creates a new parameter object using ::Rack::Request and Clerk::Config objects.
+    def initialize(request, config)
+      @clerk_url = URI.parse(request.url)
+      @config = config
+
+      @cookies = OpenStruct.new({
+        client_uat: request.cookies[CLIENT_UAT_COOKIE],
+        dev_browser: request.cookies[DEV_BROWSER_COOKIE],
+        handshake_token: request.cookies[HANDSHAKE_COOKIE],
+        session_token_in_cookie: request.cookies[SESSION_COOKIE]
+      })
+
+      @headers = OpenStruct.new({
+        accept: request.env[ACCEPT_HEADER].to_s,
+        host: request.host,
+        origin: request.env[ORIGIN_HEADER].to_s,
+        port: request.port,
+        sec_fetch_dest: request.env[SEC_FETCH_DEST_HEADER],
+        session_token_in_header: request.env[AUTHORIZATION_HEADER].to_s.gsub(/bearer/i, "").strip
+      })
+    end
+
+    # The following properties are part of the props supported in all the AuthenticateContext
+    # objects across all of our SDKs (eg JS, Go)
+    def secret_key
+      raise ConfigurationError, "Clerk secret key is not set" if @config.secret_key.to_s.empty?
+
+      @config.secret_key.to_s
+    end
+
+    def publishable_key
+      raise ConfigurationError, "Clerk publishable key is not set" if @config.publishable_key.to_s.to_s.empty?
+
+      @config.publishable_key.to_s
+    end
+
+    def proxy_url?
+      !proxy_url.empty?
+    end
+
+    def handshake_token
+      @handshake_token ||= Utils.retrieve_from_query_string(@clerk_url, HANDSHAKE_COOKIE) || @cookies.handshake_token.to_s
+    end
+
+    def dev_browser
+      @dev_browser ||= dev_browser_in_url || @cookies.dev_browser.to_s
+    end
+
+    # The frontend_api returned is without protocol prefix
+    def frontend_api
+      return "" unless Utils.valid_publishable_key?(publishable_key.to_s)
+
+      @frontend_api ||= if proxy_url?
+        proxy_url
+      elsif development_instance? && !domain.empty?
+        "clerk.#{domain}"
+      else
+        # remove $ postfix
+        Utils.decode_publishable_key(publishable_key).chop.to_s
+      end
+    end
+
+    def development_instance?
+      secret_key.start_with?("sk_test_")
+    end
+
+    def production_instance?
+      secret_key.start_with?("sk_live_")
+    end
+
+    def document_request?
+      @headers.sec_fetch_dest == "document"
+    end
+
+    def accepts_html?
+      @headers.accept&.start_with?("text/html")
+    end
+
+    def eligible_for_multi_domain?
+      is_satellite? && document_request? && !clerk_synced?
+    end
+
+    def active_client?
+      @cookies.client_uat.to_i.positive?
+    end
+
+    def cross_origin_request?
+      # origin contains scheme+host and optionally port (omitted if 80 or 443)
+      # ref. https://www.rfc-editor.org/rfc/rfc6454#section-6.1
+      return false if @headers.origin.nil?
+
+      # strip scheme
+      origin = @headers.origin.strip.sub(%r{\A(\w+:)?//}, "")
+      return false if origin.empty?
+
+      # Rack's host and port helpers are reverse-proxy-aware; that
+      # is, they prefer the de-facto X-Forwarded-* headers if they're set
+      request_host = @headers.host
+      request_host << ":#{@headers.port}" if @headers.port != 80 && @headers.port != 443
+
+      origin != request_host
+    end
+
+    def dev_browser?
+      !dev_browser.empty?
+    end
+
+    def session_token_in_header?
+      !session_token_in_header.to_s.empty?
+    end
+
+    def handshake_token?
+      !handshake_token.to_s.empty?
+    end
+
+    def session_token_in_cookie?
+      !session_token_in_cookie.to_s.empty?
+    end
+
+    def dev_browser_in_url
+      Utils.retrieve_from_query_string(@clerk_url, DEV_BROWSER_COOKIE)
+    end
+
+    def dev_browser_in_url?
+      !!dev_browser_in_url
+    end
+
+    def domain
+      "" # TODO: Add multi-domain support
+    end
+
+    def is_satellite?
+      false # TODO: Add multi-domain support
+    end
+
+    def proxy_url
+      "" # TODO: Add multi-domain support
+    end
+
+    def clerk_synced?
+      false # TODO: Add multi-domain support
+    end
+
+    def clerk_redirect_url
+      "" # TODO: Add multi-domain support
+    end
+  end
+end