clerk-sdk-ruby 4.0.0.beta3 → 4.0.0.beta5

data/lib/clerk/sdk.rb

@@ -1,34 +1,18 @@
-# frozen_string_literal: true
-
-require "faraday"
-require "logger"
-require "net/http"
-require "json"
+require "clerk-http-client"
+require "clerk/jwks_cache"
+require "clerk/version"
 require "jwt"
-require "concurrent-ruby"
-
-require_relative "resources/allowlist_identifiers"
-require_relative "resources/allowlist"
-require_relative "resources/clients"
-require_relative "resources/email_addresses"
-require_relative "resources/emails"
-require_relative "resources/organizations"
-require_relative "resources/phone_numbers"
-require_relative "resources/sessions"
-require_relative "resources/users"
-require_relative "resources/jwks"
-require_relative "errors"
-require_relative "jwks_cache"
 
 module Clerk
-  class SDK
+  class SDK < ClerkHttpClient::SDK
+    # TODO: Move to constants?
     DEFAULT_HEADERS = {
-      "User-Agent" => "Clerk/#{Clerk::VERSION}; Faraday/#{Faraday::VERSION}; Ruby/#{RUBY_VERSION}",
-      "X-Clerk-SDK" => "ruby/#{Clerk::VERSION}"
+      "User-Agent": "Clerk/#{Clerk::VERSION}; Faraday/#{Faraday::VERSION}; Ruby/#{RUBY_VERSION}",
+      "X-Clerk-SDK": "ruby/#{Clerk::VERSION}" # TODO: Add framework identifier
     }
 
     # How often (in seconds) should JWKs be refreshed
-    JWKS_CACHE_LIFETIME = 3600 # 1 hour
+    JWKS_CACHE_LIFETIME = 3600 # 1 hour / TODO: Move to constants?
 
     @@jwks_cache = JWKSCache.new(JWKS_CACHE_LIFETIME)
 
@@ -36,148 +20,25 @@ module Clerk
       @@jwks_cache
     end
 
-    def initialize(api_key: nil, base_url: nil, logger: nil, ssl_verify: true,
-                   connection: nil)
-      if connection
-        # Inject a Faraday::Connection for testing or full control over Faraday
-        @conn = connection
-        return
-      else
-        base_url = base_url || Clerk.configuration.base_url
-        base_uri = if !base_url.end_with?("/")
-                     URI("#{base_url}/")
-                   else
-                     URI(base_url)
-                   end
-
-        api_key ||= Clerk.configuration.api_key
-
-        if Faraday::VERSION.to_i >= 2 && api_key.nil?
-          api_key = -> { raise ArgumentError, "Clerk secret key is not set" }
-        end
-
-        logger = logger || Clerk.configuration.logger
-        @conn = Faraday.new(
-          url: base_uri, headers: DEFAULT_HEADERS, ssl: {verify: ssl_verify}
-        ) do |f|
-          f.request :url_encoded
-          f.request :authorization, "Bearer", api_key
-          if logger
-            f.response :logger, logger do |l|
-              l.filter(/(Authorization: "Bearer) (\w+)/, '\1 [SECRET]')
-            end
-          end
-        end
-      end
-    end
-
-    def request(method, path, query: [], body: nil, timeout: nil)
-      response = case method
-                 when :get
-                   @conn.get(path, query) do |req|
-                     req.options.timeout = timeout if timeout
-                   end
-                 when :post
-                   @conn.post(path, body) do |req|
-                     req.body = body.to_json
-                     req.headers[:content_type] = "application/json"
-                     req.options.timeout = timeout if timeout
-                   end
-                 when :patch
-                   @conn.patch(path, body) do |req|
-                     req.body = body.to_json
-                     req.headers[:content_type] = "application/json"
-                     req.options.timeout = timeout if timeout
-                   end
-                 when :delete
-                   @conn.delete(path) do |req|
-                     req.options.timeout = timeout if timeout
-                   end
-                 end
-
-      body = if response[CONTENT_TYPE_HEADER] == "application/json"
-               JSON.parse(response.body)
-             else
-               response.body
-             end
-
-      if response.success?
-        body
-      else
-        klass = case body.dig("errors", 0, "code")
-                when "cookie_invalid", "client_not_found", "resource_not_found"
-                  Errors::Authentication
-                else
-                  Errors::Fatal
-                end
-        raise klass.new(body, status: response.status)
-      end
-    end
-
-    def allowlist_identifiers
-      Resources::AllowlistIdentifiers.new(self)
-    end
-
-    def allowlist
-      Resources::Allowlist.new(self)
-    end
-
-    def clients
-      Resources::Clients.new(self)
-    end
-
-    def email_addresses
-      Resources::EmailAddresses.new(self)
-    end
-
-    def emails
-      Resources::Emails.new(self)
-    end
-
-    def organizations
-      Resources::Organizations.new(self)
-    end
-
-    def phone_numbers
-      Resources::PhoneNumbers.new(self)
-    end
-
-    def sessions
-      Resources::Sessions.new(self)
-    end
-
-    def users
-      Resources::Users.new(self)
-    end
-
-    def jwks
-      Resources::JWKS.new(self)
-    end
-
-    # Returns the decoded JWT payload without verifying if the signature is
-    # valid.
+    # Returns the decoded JWT payload without verifying if the signature is valid.
     #
-    # WARNING: This will not verify whether the signature is valid. You
-    # should not use this for untrusted messages! You most likely want to use
-    # verify_token.
+    # WARNING: This will not verify whether the signature is valid. You should not
+    # use this for untrusted messages! You most likely want to use `verify_token`.
     def decode_token(token)
       JWT.decode(token, nil, false).first
     end
 
-    # Decode the JWT and verify it's valid (verify claims, signature etc.) using
-    # the provided algorithms.
+    # Decode the JWT and verify it's valid (verify claims, signature etc.) using the provided algorithms.
     #
-    # JWKS are cached for JWKS_CACHE_LIFETIME seconds, in order to avoid
-    # unecessary roundtrips. In order to invalidate the cache, pass
-    # `force_refresh_jwks: true`.
+    # JWKS are cached for JWKS_CACHE_LIFETIME seconds, in order to avoid unecessary roundtrips.
+    # In order to invalidate the cache, pass `force_refresh_jwks: true`.
     #
-    # A timeout for the request to the JWKs endpoint can be set with the
-    # `timeout` argument.
-    def verify_token(token, force_refresh_jwks: false, algorithms: ['RS256'], timeout: 5)
+    # A timeout for the request to the JWKs endpoint can be set with the `timeout` argument.
+    def verify_token(token, force_refresh_jwks: false, algorithms: ["RS256"], timeout: 5)
       jwk_loader = ->(options) do
         # JWT.decode requires that the 'keys' key in the Hash is a symbol (as
         # opposed to a string which our SDK returns by default)
-        { keys: SDK.jwks_cache.fetch(self, kid_not_found: (options[:invalidate] || options[:kid_not_found]), force_refresh: force_refresh_jwks) }
+        {keys: SDK.jwks_cache.fetch(self, kid_not_found: options[:invalidate] || options[:kid_not_found], force_refresh: force_refresh_jwks)}
       end
 
       JWT.decode(token, nil, true, algorithms: algorithms, exp_leeway: timeout, jwks: jwk_loader).first

data/lib/clerk/sinatra.rb

@@ -0,0 +1,52 @@
+require "sinatra/base"
+require "clerk/rack"
+
+module Sinatra
+  module Clerk
+    module Helpers
+      def clerk
+        env["clerk"]
+      end
+
+      def require_reverification!(preset = ::Clerk::StepUp::Preset::STRICT, &block)
+        clerk.user_require_reverification!(preset) do
+          return yield(preset) if block_given?
+          render_reverification!(preset)
+        end
+      end
+
+      def render_reverification!(preset = nil)
+        halt 403, ::Clerk::StepUp::Reverification.error_payload(preset).to_json
+      end
+
+      def clerk_sdk
+        @@sdk ||= ::Clerk::SDK.new
+      end
+    end
+
+    def self.registered(app)
+      app.helpers Clerk::Helpers
+      app.use ::Clerk::Rack::Middleware
+
+      app.set(:auth) do |active|
+        condition do
+          redirect clerk.sign_in_url if active && !clerk.session
+        end
+      end
+
+      app.set(:reverify) do |preset|
+        condition do
+          if preset === true
+            preset = ::Clerk::StepUp::Preset::STRICT
+          end
+
+          if preset
+            require_reverification!(preset)
+          end
+        end
+      end
+    end
+  end
+
+  register Clerk
+end

data/lib/clerk/utils.rb

@@ -1,11 +1,51 @@
+# frozen_string_literal: true
+
+require "base64"
+
 module Clerk
   module Utils
-    module_function
-    def camelize(term)
-      string = term.to_s
-      string = string.sub(/^[a-z\d]*/) { match.capitalize }
-      string.gsub!(/(?:_|(\/))([a-z\d]*)/) { "#{$1}#{$2.capitalize}" }
-      string
+    class << self
+      def decode_publishable_key(publishable_key)
+        Base64.decode64(publishable_key.split("_")[2].to_s)
+      end
+
+      def filter_routes(routes)
+        filtered_routes = {}
+        filtered_wildcard_routes = []
+
+        routes.each do |route|
+          route = route.strip
+
+          if route.end_with?("/*")
+            filtered_wildcard_routes << route[0..-2]
+          else
+            filtered_routes[route] = true
+          end
+        end
+
+        filtered_wildcard_routes.uniq!
+
+        [filtered_routes, filtered_wildcard_routes]
+      end
+
+      def retrieve_from_query_string(url, key)
+        ::Rack::Utils.parse_query(url.query)[key]
+      end
+
+      def valid_publishable_key?(publishable_key)
+        raise ArgumentError, "publishable_key must be a string" unless publishable_key.is_a?(String)
+
+        key = publishable_key.to_s
+        valid_publishable_key_prefix?(key) && valid_publishable_key_postfix?(key)
+      end
+
+      def valid_publishable_key_postfix?(publishable_key)
+        decode_publishable_key(publishable_key).end_with?("$")
+      end
+
+      def valid_publishable_key_prefix?(publishable_key)
+        publishable_key.start_with?("pk_live_", "pk_test_")
+      end
     end
   end
 end

data/lib/clerk/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Clerk
-  VERSION = "4.0.0.beta3"
+  VERSION = "4.0.0.beta5"
 end

data/lib/clerk.rb

@@ -1,63 +1,27 @@
 # frozen_string_literal: true
 
-require_relative "clerk/version"
-require_relative "clerk/constants"
-require_relative "clerk/sdk"
+require "clerk/configuration"
+require "clerk/constants"
+require "clerk/error"
+require "clerk/sdk"
+require "clerk/version"
+
+if defined?(::Rails)
+  require "clerk/rails"
+end
 
 module Clerk
   class << self
     def configure
-      yield(configuration)
+      if block_given?
+        yield(configuration)
+      else
+        configuration
+      end
     end
 
     def configuration
-      @configuration ||= Config.new
-    end
-  end
-
-  class Config
-    PRODUCTION_BASE_URL = "https://api.clerk.dev/v1/".freeze
-    attr_accessor :api_key, :base_url, :publishable_key, :logger, :middleware_cache_store
-
-    # An array of route paths on which the middleware will not execute.
-    #
-    # Only request paths that match _exactly_ one of the routes will be skipped.
-    # As a special case, if a route ends with '/*', then all request paths that
-    # match the route's prefix will be skipped.
-    #
-    # For example, given the following configuration:
-    #
-    #     excluded_routes = ["/foo", "/bar/*"]
-    #
-    # the following requests will be excluded:
-    #
-    # - /foo
-    # - /bar/baz
-    # - /bar/abc/xyz
-    #
-    # while the following requests will NOT be excluded:
-    #
-    # - /foo/bar
-    # - /bar
-    #
-    attr_accessor :excluded_routes
-
-    def initialize
-      @base_url = ENV.fetch("CLERK_API_BASE", PRODUCTION_BASE_URL)
-      @api_key = ENV["CLERK_API_KEY"]
-
-      secret_key = ENV["CLERK_SECRET_KEY"]
-      if secret_key && !secret_key.empty?
-        @api_key = secret_key
-      end
-
-      @publishable_key = ENV["CLERK_PUBLISHABLE_KEY"]
-
-      @excluded_routes = []
+      @configuration ||= Clerk::Configuration.default
     end
   end
 end
-
-if defined?(::Rails)
-  require_relative "clerk/railtie"
-end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: clerk-sdk-ruby
 version: !ruby/object:Gem::Version
-  version: 4.0.0.beta3
+  version: 4.0.0.beta5
 platform: ruby
 authors:
 - Clerk
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-04-02 00:00:00.000000000 Z
+date: 2025-01-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -44,6 +43,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.5'
+- !ruby/object:Gem::Dependency
+  name: clerk-http-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.0.0.beta5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.0.0.beta5
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby
   requirement: !ruby/object:Gem::Requirement
@@ -86,23 +99,183 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.9.4
-description: Client SDK for the Clerk backend API.
+description: Client SDK for the Clerk
 email:
 - ruby-sdk@clerk.dev
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".env.example"
 - ".github/workflows/main.yml"
 - ".github/workflows/semgrep.yml"
 - ".gitignore"
+- ".rspec"
+- ".ruby-version"
 - CHANGELOG.md
-- CODEOWNERS
 - Gemfile
 - Gemfile.lock
+- Guardfile
 - LICENSE.txt
 - README.md
 - Rakefile
+- apps/rack/app.rb
+- apps/rack/config.ru
+- apps/rack/middleware/disable_paths.rb
+- apps/rails-api/.dockerignore
+- apps/rails-api/.gitattributes
+- apps/rails-api/.gitignore
+- apps/rails-api/.kamal/hooks/docker-setup.sample
+- apps/rails-api/.kamal/hooks/post-deploy.sample
+- apps/rails-api/.kamal/hooks/post-proxy-reboot.sample
+- apps/rails-api/.kamal/hooks/pre-build.sample
+- apps/rails-api/.kamal/hooks/pre-connect.sample
+- apps/rails-api/.kamal/hooks/pre-deploy.sample
+- apps/rails-api/.kamal/hooks/pre-proxy-reboot.sample
+- apps/rails-api/.kamal/secrets
+- apps/rails-api/.rubocop.yml
+- apps/rails-api/.ruby-version
+- apps/rails-api/Dockerfile
+- apps/rails-api/Gemfile
+- apps/rails-api/Gemfile.lock
+- apps/rails-api/README.md
+- apps/rails-api/Rakefile
+- apps/rails-api/app/controllers/application_controller.rb
+- apps/rails-api/app/controllers/home_controller.rb
+- apps/rails-api/app/jobs/application_job.rb
+- apps/rails-api/app/mailers/application_mailer.rb
+- apps/rails-api/app/models/application_record.rb
+- apps/rails-api/app/views/layouts/mailer.html.erb
+- apps/rails-api/app/views/layouts/mailer.text.erb
+- apps/rails-api/bin/brakeman
+- apps/rails-api/bin/bundle
+- apps/rails-api/bin/dev
+- apps/rails-api/bin/docker-entrypoint
+- apps/rails-api/bin/jobs
+- apps/rails-api/bin/kamal
+- apps/rails-api/bin/rails
+- apps/rails-api/bin/rake
+- apps/rails-api/bin/rubocop
+- apps/rails-api/bin/setup
+- apps/rails-api/bin/thrust
+- apps/rails-api/config.ru
+- apps/rails-api/config/application.rb
+- apps/rails-api/config/boot.rb
+- apps/rails-api/config/cable.yml
+- apps/rails-api/config/cache.yml
+- apps/rails-api/config/credentials.yml.enc
+- apps/rails-api/config/database.yml
+- apps/rails-api/config/deploy.yml
+- apps/rails-api/config/environment.rb
+- apps/rails-api/config/environments/development.rb
+- apps/rails-api/config/environments/production.rb
+- apps/rails-api/config/environments/test.rb
+- apps/rails-api/config/initializers/cors.rb
+- apps/rails-api/config/initializers/filter_parameter_logging.rb
+- apps/rails-api/config/initializers/inflections.rb
+- apps/rails-api/config/locales/en.yml
+- apps/rails-api/config/puma.rb
+- apps/rails-api/config/queue.yml
+- apps/rails-api/config/recurring.yml
+- apps/rails-api/config/routes.rb
+- apps/rails-api/config/storage.yml
+- apps/rails-api/db/cable_schema.rb
+- apps/rails-api/db/cache_schema.rb
+- apps/rails-api/db/queue_schema.rb
+- apps/rails-api/db/seeds.rb
+- apps/rails-api/public/robots.txt
+- apps/rails-api/test/controllers/home_controller_test.rb
+- apps/rails-api/test/test_helper.rb
+- apps/rails-full/.dockerignore
+- apps/rails-full/.gitattributes
+- apps/rails-full/.gitignore
+- apps/rails-full/.kamal/hooks/docker-setup.sample
+- apps/rails-full/.kamal/hooks/post-deploy.sample
+- apps/rails-full/.kamal/hooks/post-proxy-reboot.sample
+- apps/rails-full/.kamal/hooks/pre-build.sample
+- apps/rails-full/.kamal/hooks/pre-connect.sample
+- apps/rails-full/.kamal/hooks/pre-deploy.sample
+- apps/rails-full/.kamal/hooks/pre-proxy-reboot.sample
+- apps/rails-full/.kamal/secrets
+- apps/rails-full/.rubocop.yml
+- apps/rails-full/.ruby-version
+- apps/rails-full/Dockerfile
+- apps/rails-full/Gemfile
+- apps/rails-full/Gemfile.lock
+- apps/rails-full/README.md
+- apps/rails-full/Rakefile
+- apps/rails-full/app/assets/stylesheets/application.css
+- apps/rails-full/app/controllers/application_controller.rb
+- apps/rails-full/app/controllers/home_controller.rb
+- apps/rails-full/app/helpers/application_helper.rb
+- apps/rails-full/app/helpers/home_helper.rb
+- apps/rails-full/app/javascript/application.js
+- apps/rails-full/app/javascript/controllers/application.js
+- apps/rails-full/app/javascript/controllers/hello_controller.js
+- apps/rails-full/app/javascript/controllers/index.js
+- apps/rails-full/app/jobs/application_job.rb
+- apps/rails-full/app/mailers/application_mailer.rb
+- apps/rails-full/app/models/application_record.rb
+- apps/rails-full/app/views/home/index.html.erb
+- apps/rails-full/app/views/layouts/application.html.erb
+- apps/rails-full/app/views/layouts/mailer.html.erb
+- apps/rails-full/app/views/layouts/mailer.text.erb
+- apps/rails-full/app/views/pwa/manifest.json.erb
+- apps/rails-full/app/views/pwa/service-worker.js
+- apps/rails-full/bin/brakeman
+- apps/rails-full/bin/bundle
+- apps/rails-full/bin/dev
+- apps/rails-full/bin/docker-entrypoint
+- apps/rails-full/bin/importmap
+- apps/rails-full/bin/jobs
+- apps/rails-full/bin/kamal
+- apps/rails-full/bin/rails
+- apps/rails-full/bin/rake
+- apps/rails-full/bin/rubocop
+- apps/rails-full/bin/setup
+- apps/rails-full/bin/thrust
+- apps/rails-full/config.ru
+- apps/rails-full/config/application.rb
+- apps/rails-full/config/boot.rb
+- apps/rails-full/config/cable.yml
+- apps/rails-full/config/cache.yml
+- apps/rails-full/config/credentials.yml.enc
+- apps/rails-full/config/database.yml
+- apps/rails-full/config/deploy.yml
+- apps/rails-full/config/environment.rb
+- apps/rails-full/config/environments/development.rb
+- apps/rails-full/config/environments/production.rb
+- apps/rails-full/config/environments/test.rb
+- apps/rails-full/config/importmap.rb
+- apps/rails-full/config/initializers/assets.rb
+- apps/rails-full/config/initializers/clerk.rb
+- apps/rails-full/config/initializers/content_security_policy.rb
+- apps/rails-full/config/initializers/filter_parameter_logging.rb
+- apps/rails-full/config/initializers/inflections.rb
+- apps/rails-full/config/locales/en.yml
+- apps/rails-full/config/puma.rb
+- apps/rails-full/config/queue.yml
+- apps/rails-full/config/recurring.yml
+- apps/rails-full/config/routes.rb
+- apps/rails-full/config/storage.yml
+- apps/rails-full/db/cable_schema.rb
+- apps/rails-full/db/cache_schema.rb
+- apps/rails-full/db/queue_schema.rb
+- apps/rails-full/db/seeds.rb
+- apps/rails-full/public/400.html
+- apps/rails-full/public/404.html
+- apps/rails-full/public/406-unsupported-browser.html
+- apps/rails-full/public/422.html
+- apps/rails-full/public/500.html
+- apps/rails-full/public/icon.png
+- apps/rails-full/public/icon.svg
+- apps/rails-full/public/robots.txt
+- apps/rails-full/test/application_system_test_case.rb
+- apps/rails-full/test/controllers/home_controller_test.rb
+- apps/rails-full/test/test_helper.rb
+- apps/sinatra/app.rb
+- apps/sinatra/config.ru
+- apps/sinatra/views/index.erb
 - bin/console
 - bin/setup
 - clerk-sdk-ruby.gemspec
@@ -112,26 +285,17 @@ files:
 - lib/clerk/authenticatable.rb
 - lib/clerk/authenticate_context.rb
 - lib/clerk/authenticate_request.rb
+- lib/clerk/configuration.rb
 - lib/clerk/constants.rb
-- lib/clerk/errors.rb
+- lib/clerk/error.rb
 - lib/clerk/jwks_cache.rb
+- lib/clerk/proxy.rb
+- lib/clerk/rack.rb
 - lib/clerk/rack_middleware.rb
-- lib/clerk/rack_middleware_v2.rb
+- lib/clerk/rails.rb
 - lib/clerk/railtie.rb
-- lib/clerk/resources.rb
-- lib/clerk/resources/allowlist.rb
-- lib/clerk/resources/allowlist_identifiers.rb
-- lib/clerk/resources/clients.rb
-- lib/clerk/resources/email_addresses.rb
-- lib/clerk/resources/emails.rb
-- lib/clerk/resources/jwks.rb
-- lib/clerk/resources/organizations.rb
-- lib/clerk/resources/phone_numbers.rb
-- lib/clerk/resources/plural_resource.rb
-- lib/clerk/resources/sessions.rb
-- lib/clerk/resources/singular_resource.rb
-- lib/clerk/resources/users.rb
 - lib/clerk/sdk.rb
+- lib/clerk/sinatra.rb
 - lib/clerk/utils.rb
 - lib/clerk/version.rb
 homepage: https://github.com/clerkinc/clerk-sdk-ruby
@@ -141,7 +305,6 @@ metadata:
   homepage_uri: https://github.com/clerkinc/clerk-sdk-ruby
   source_code_uri: https://github.com/clerkinc/clerk-sdk-ruby
   changelog_uri: https://github.com/clerkinc/clerk-sdk-ruby/blob/main/CHANGELOG.md
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -152,12 +315,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.4.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
-rubygems_version: 3.2.3
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: Clerk SDK for Ruby.
 test_files: []

data/CODEOWNERS

@@ -1 +0,0 @@
-* @clerkinc/backend