clerk-sdk-ruby 2.0.4 → 2.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +11 -6
- data/lib/clerk/rack_middleware_v2.rb +82 -67
- data/lib/clerk/sdk.rb +2 -1
- data/lib/clerk/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8a1b17c701d86ec55c4519f72231005a5b83efc07af4180ae98a292a63e422a5
|
|
4
|
+
data.tar.gz: 204eb5ac27340d5d4fc64c7edfc93287c293b9c3d973977b5aa1f87e3ba53ea9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: af8693eb43e6f61133966fc47d3ee884697df94c1415fd05d921e6ff35f66807c47e65fba24d51d09db2f9e6177c0624267181ac42f0ea566c580c4c503c95fd
|
|
7
|
+
data.tar.gz: b46bd350059257dcb2b8f8b6d164ead13b563921417ea766b1a4d9847ed5aaa992755f21445ba899503b4f5587b95493121ff3d1a0c7206634f21125611d34ed
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -1,20 +1,25 @@
|
|
|
1
1
|
# Clerk Ruby SDK
|
|
2
2
|
|
|
3
|
+
|
|
3
4
|
Thank you for choosing [Clerk](https://clerk.dev/) for your authentication,
|
|
4
5
|
session & user management needs!
|
|
5
6
|
|
|
6
7
|
This SDK allows you to call the Clerk Backend API from Ruby code without having
|
|
7
8
|
to implement the calls yourself.
|
|
8
9
|
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
**Note**: This is the v2 branch, which requires that you use [Auth
|
|
10
|
+
**Note**: You're looking at the main branch, which requires that you use [Auth
|
|
12
11
|
v2](https://docs.clerk.dev/main-concepts/auth-v2).
|
|
13
12
|
|
|
14
|
-
If you're looking for the legacy authentication scheme
|
|
15
|
-
[`
|
|
13
|
+
If you're looking for the legacy authentication scheme, refer to the
|
|
14
|
+
[`v1`](https://github.com/clerkinc/clerk-sdk-ruby/tree/v1) branch.
|
|
15
|
+
|
|
16
|
+
---
|
|
17
|
+
|
|
18
|
+
**Clerk is Hiring!**
|
|
19
|
+
|
|
20
|
+
Would you like to work on Open Source software and help maintain this repository? Apply today https://apply.workable.com/clerk-dev/.
|
|
16
21
|
|
|
17
|
-
|
|
22
|
+
---
|
|
18
23
|
|
|
19
24
|
## Installation
|
|
20
25
|
|
|
@@ -1,94 +1,103 @@
|
|
|
1
1
|
require "clerk"
|
|
2
2
|
|
|
3
3
|
module Clerk
|
|
4
|
-
class
|
|
5
|
-
|
|
6
|
-
CACHE_TTL = 60 # seconds
|
|
4
|
+
class ProxyV2
|
|
5
|
+
CACHE_TTL = 60 # seconds
|
|
7
6
|
|
|
8
|
-
|
|
7
|
+
attr_reader :session_claims, :session_token
|
|
9
8
|
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
9
|
+
def initialize(session_claims: nil, session_token: nil)
|
|
10
|
+
@session_claims = session_claims
|
|
11
|
+
@session_token = session_token
|
|
12
|
+
@session = nil
|
|
13
|
+
end
|
|
15
14
|
|
|
16
|
-
|
|
17
|
-
|
|
15
|
+
def session
|
|
16
|
+
return nil if @session_claims.nil?
|
|
18
17
|
|
|
19
|
-
|
|
20
|
-
|
|
18
|
+
@session ||= verify_session
|
|
19
|
+
end
|
|
21
20
|
|
|
22
|
-
|
|
23
|
-
|
|
21
|
+
def verify_session
|
|
22
|
+
return nil if @session_claims.nil?
|
|
24
23
|
|
|
25
|
-
|
|
26
|
-
|
|
24
|
+
sdk.sessions.verify_token(@session_claims["sid"], @session_token)
|
|
25
|
+
end
|
|
27
26
|
|
|
28
|
-
|
|
29
|
-
|
|
27
|
+
def user
|
|
28
|
+
return nil if user_id.nil?
|
|
30
29
|
|
|
31
|
-
|
|
32
|
-
|
|
30
|
+
@user ||= fetch_user(user_id)
|
|
31
|
+
end
|
|
33
32
|
|
|
34
|
-
|
|
35
|
-
|
|
33
|
+
def user_id
|
|
34
|
+
return nil if @session_claims.nil?
|
|
36
35
|
|
|
37
|
-
|
|
38
|
-
|
|
36
|
+
@session_claims["sub"]
|
|
37
|
+
end
|
|
39
38
|
|
|
40
|
-
|
|
39
|
+
private
|
|
41
40
|
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
end
|
|
41
|
+
def fetch_user(user_id)
|
|
42
|
+
cached_fetch("clerk_user:#{user_id}") do
|
|
43
|
+
sdk.users.find(user_id)
|
|
46
44
|
end
|
|
45
|
+
end
|
|
47
46
|
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
end
|
|
47
|
+
def cached_fetch(key, &block)
|
|
48
|
+
if store = Clerk.configuration.middleware_cache_store
|
|
49
|
+
store.fetch(key, expires_in: CACHE_TTL, &block)
|
|
50
|
+
else
|
|
51
|
+
yield
|
|
54
52
|
end
|
|
53
|
+
end
|
|
55
54
|
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
end
|
|
55
|
+
def sdk
|
|
56
|
+
@sdk ||= Clerk::SDK.new
|
|
59
57
|
end
|
|
58
|
+
end
|
|
60
59
|
|
|
60
|
+
class RackMiddlewareV2
|
|
61
61
|
def initialize(app)
|
|
62
62
|
@app = app
|
|
63
63
|
end
|
|
64
64
|
|
|
65
65
|
def call(env)
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
66
|
+
env = env
|
|
67
|
+
req = Rack::Request.new(env)
|
|
68
|
+
env["clerk"] = Clerk::ProxyV2.new
|
|
69
|
+
header_token = req.env["HTTP_AUTHORIZATION"]
|
|
70
|
+
header_token = header_token.strip.sub(/\ABearer /, '') if header_token
|
|
71
|
+
cookie_token = req.cookies["__session"]
|
|
72
|
+
client_uat = req.cookies["__client_uat"]
|
|
73
73
|
|
|
74
74
|
##########################################################################
|
|
75
75
|
# #
|
|
76
76
|
# HEADER AUTHENTICATION #
|
|
77
77
|
# #
|
|
78
78
|
##########################################################################
|
|
79
|
-
if
|
|
80
|
-
return signed_out if !sdk.decode_token(
|
|
79
|
+
if header_token
|
|
80
|
+
return signed_out(env) if !sdk.decode_token(header_token) # malformed JWT
|
|
81
81
|
|
|
82
|
-
token = verify_token(
|
|
83
|
-
return signed_in(token,
|
|
82
|
+
token = verify_token(header_token)
|
|
83
|
+
return signed_in(env, token, header_token) if token
|
|
84
84
|
|
|
85
85
|
# Clerk.js should refresh the token and retry
|
|
86
86
|
return unknown(interstitial: false)
|
|
87
87
|
end
|
|
88
88
|
|
|
89
89
|
# in cross-origin XHRs the use of Authorization header is mandatory.
|
|
90
|
-
if cross_origin_request?(
|
|
91
|
-
return signed_out
|
|
90
|
+
if cross_origin_request?(req)
|
|
91
|
+
return signed_out(env)
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
if development_or_staging? && !browser_request?(req)
|
|
95
|
+
# the interstitial won't work if the user agent is not a browser, so
|
|
96
|
+
# short-circuit and avoid rendering it
|
|
97
|
+
#
|
|
98
|
+
# We only limit this to dev/stg because we're not yet sure how robust
|
|
99
|
+
# this strategy is, yet. In the future, we might enable it for prod too.
|
|
100
|
+
return signed_out(env)
|
|
92
101
|
end
|
|
93
102
|
|
|
94
103
|
##########################################################################
|
|
@@ -96,22 +105,22 @@ module Clerk
|
|
|
96
105
|
# COOKIE AUTHENTICATION #
|
|
97
106
|
# #
|
|
98
107
|
##########################################################################
|
|
99
|
-
if development_or_staging? && (
|
|
108
|
+
if development_or_staging? && (req.referrer.nil? || cross_origin_request?(req))
|
|
100
109
|
return unknown(interstitial: true)
|
|
101
110
|
end
|
|
102
111
|
|
|
103
|
-
if production? &&
|
|
104
|
-
return signed_out
|
|
112
|
+
if production? && client_uat.nil?
|
|
113
|
+
return signed_out(env)
|
|
105
114
|
end
|
|
106
115
|
|
|
107
|
-
if
|
|
108
|
-
return signed_out
|
|
116
|
+
if client_uat == "0"
|
|
117
|
+
return signed_out(env)
|
|
109
118
|
end
|
|
110
119
|
|
|
111
|
-
token = verify_token(
|
|
120
|
+
token = verify_token(cookie_token)
|
|
112
121
|
|
|
113
|
-
if token && token["iat"] &&
|
|
114
|
-
return signed_in(token,
|
|
122
|
+
if token && token["iat"] && client_uat && Integer(client_uat) <= token["iat"]
|
|
123
|
+
return signed_in(env, token, cookie_token)
|
|
115
124
|
end
|
|
116
125
|
|
|
117
126
|
unknown(interstitial: true)
|
|
@@ -120,15 +129,15 @@ module Clerk
|
|
|
120
129
|
private
|
|
121
130
|
|
|
122
131
|
# Outcome A
|
|
123
|
-
def signed_in(claims, token)
|
|
124
|
-
|
|
132
|
+
def signed_in(env, claims, token)
|
|
133
|
+
env["clerk"] = ProxyV2.new(session_claims: claims, session_token: token)
|
|
125
134
|
|
|
126
|
-
@app.call(
|
|
135
|
+
@app.call(env)
|
|
127
136
|
end
|
|
128
137
|
|
|
129
138
|
# Outcome B
|
|
130
|
-
def signed_out
|
|
131
|
-
@app.call(
|
|
139
|
+
def signed_out(env)
|
|
140
|
+
@app.call(env)
|
|
132
141
|
end
|
|
133
142
|
|
|
134
143
|
# Outcome C
|
|
@@ -165,18 +174,24 @@ module Clerk
|
|
|
165
174
|
origin != request_host
|
|
166
175
|
end
|
|
167
176
|
|
|
177
|
+
def browser_request?(req)
|
|
178
|
+
user_agent = req.env["HTTP_USER_AGENT"]
|
|
179
|
+
|
|
180
|
+
!user_agent.nil? && user_agent.starts_with?("Mozilla/")
|
|
181
|
+
end
|
|
182
|
+
|
|
168
183
|
def verify_token(token)
|
|
169
184
|
return false if token.nil? || token.strip.empty?
|
|
170
185
|
|
|
171
186
|
begin
|
|
172
|
-
|
|
187
|
+
sdk.verify_token(token)
|
|
173
188
|
rescue JWT::DecodeError, JWT::RequiredDependencyError => e
|
|
174
189
|
false
|
|
175
190
|
end
|
|
176
191
|
end
|
|
177
192
|
|
|
178
193
|
def sdk
|
|
179
|
-
|
|
194
|
+
Clerk::SDK.new
|
|
180
195
|
end
|
|
181
196
|
end
|
|
182
197
|
end
|
data/lib/clerk/sdk.rb
CHANGED
|
@@ -20,7 +20,8 @@ require_relative "errors"
|
|
|
20
20
|
module Clerk
|
|
21
21
|
class SDK
|
|
22
22
|
DEFAULT_HEADERS = {
|
|
23
|
-
"User-Agent" => "Clerk/#{Clerk::VERSION}; Faraday/#{Faraday::VERSION}; Ruby/#{RUBY_VERSION}"
|
|
23
|
+
"User-Agent" => "Clerk/#{Clerk::VERSION}; Faraday/#{Faraday::VERSION}; Ruby/#{RUBY_VERSION}",
|
|
24
|
+
"X-Clerk-SDK" => "ruby/#{Clerk::VERSION}"
|
|
24
25
|
}
|
|
25
26
|
|
|
26
27
|
# How often (in seconds) should JWKs be refreshed
|
data/lib/clerk/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: clerk-sdk-ruby
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Clerk
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-02-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|
|
@@ -127,7 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
127
127
|
- !ruby/object:Gem::Version
|
|
128
128
|
version: '0'
|
|
129
129
|
requirements: []
|
|
130
|
-
rubygems_version: 3.2.
|
|
130
|
+
rubygems_version: 3.2.15
|
|
131
131
|
signing_key:
|
|
132
132
|
specification_version: 4
|
|
133
133
|
summary: Clerk SDK for Ruby.
|