RubyGems - clowk - Versions diffs - 0.1.0 → 0.3.3 - Mend

clowk 0.1.0 → 0.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

checksums.yaml +4 -4
data/README.md +2 -2
data/clowk.gemspec +17 -16
data/config/routes.rb +4 -4
data/lib/clowk/authenticable.rb +85 -15
data/lib/clowk/configuration.rb +43 -10
data/lib/clowk/controllers/base_controller.rb +10 -10
data/lib/clowk/controllers/callbacks_controller.rb +5 -4
data/lib/clowk/current.rb +19 -1
data/lib/clowk/engine.rb +1 -1
data/lib/clowk/helpers/url_helpers.rb +7 -9
data/lib/clowk/http/client.rb +9 -9
data/lib/clowk/http/logger_middleware.rb +3 -2
data/lib/clowk/http/response.rb +5 -5
data/lib/clowk/http/retry_middleware.rb +2 -2
data/lib/clowk/http/timeout_middleware.rb +1 -1
data/lib/clowk/jwt_verifier.rb +4 -4
data/lib/clowk/middleware/token_extractor.rb +3 -3
data/lib/clowk/sdk/client.rb +5 -5
data/lib/clowk/sdk/resource.rb +6 -6
data/lib/clowk/sdk/session.rb +18 -1
data/lib/clowk/sdk/session_config.rb +17 -0
data/lib/clowk/sdk/subdomain.rb +1 -1
data/lib/clowk/sdk/token.rb +14 -2
data/lib/clowk/sdk/user.rb +1 -1
data/lib/clowk/subdomain.rb +36 -25
data/lib/clowk/version.rb +1 -1
data/lib/clowk.rb +32 -30
metadata +19 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 56e3503c335ec716e89e49428b66a0c4157be9cb6ff19c46095117062f4c7848
-  data.tar.gz: 1db10f568e025bc52ea97e255f9e4cdc8064507ace6adf83e74d78d20d5b5d9e
+  metadata.gz: 7b02c176f355917aa070a2b183a5844911e769b49ff7906cc40c13bbcd68cbf6
+  data.tar.gz: 7ba591ce54755e2ff3d6a586ef7942ae96442efa6ae93caff5c64e0ac313cbd1
 SHA512:
-  metadata.gz: 3ed1c6bb69c0644f5476374f8004ce865c1661aeec3729b42a59442ee453e6e431c23583d603ccf49b9e045ae2c0d7e9733f2482a040ef3418c069e6f88ef531
-  data.tar.gz: 393ed6db1f3777cc402731fe16e0874d64c842ab3b5118aa49c9a79e5b208f38a660b4bbcca45ee349eccf1f1be030ac35ff6e235310edbc9e14d57cd730a24b
+  metadata.gz: f33e323f94c88fc064d12d0caa0cbc87bf9fad301ba0e29fc89d51ec0f40e81658e7dc67f485e437281705b0cdd10c6157b927500d0afd255f151d48485188ad
+  data.tar.gz: 9c6e02049ac043a85e293ad4ac8ec060d4f90e2b1231931cb593a6287a73b1400bdb6c4c01e18cf20fe090cf5be43336eeade52bb495c8d24074878b0a4c688f

data/README.md CHANGED Viewed

@@ -86,7 +86,7 @@ Clowk.configure do |config|
   config.after_sign_in_path = '/'
   config.after_sign_out_path = '/'
-  config.api_base_url = 'https://api.clowk.dev/client/v1'
+  config.api_base_url = 'https://api.clowk.dev/api/v1'
   config.callback_path = '/clowk/oauth/callback'
   config.mount_path = '/clowk'
@@ -362,4 +362,4 @@ Its job is to make the Rails side of Clowk integration predictable:
 ## License
-MIT. See `LICENSE`.
+AGPL-3.0. See `LICENSE`.

data/clowk.gemspec CHANGED Viewed

@@ -1,31 +1,32 @@
 # frozen_string_literal: true
-require_relative 'lib/clowk/version'
+require_relative "lib/clowk/version"
 Gem::Specification.new do |spec|
-  spec.name = 'clowk'
+  spec.name = "clowk"
   spec.version = Clowk::VERSION
-  spec.authors = ['Clowk']
-  spec.email = ['support@clowk.in']
+  spec.authors = ["Clowk"]
+  spec.email = ["support@clowk.in"]
-  spec.summary = 'Rails SDK for Clowk authentication'
-  spec.description = 'Clowk Authentication, JWT verification, and future API access'
-  spec.homepage = 'https://clowk.in'
-  spec.license = 'AGPL-3.0'
-  spec.required_ruby_version = '>= 3.3'
+  spec.summary = "Rails SDK for Clowk authentication"
+  spec.description = "Clowk Authentication, JWT verification, and future API access"
+  spec.homepage = "https://clowk.in"
+  spec.license = "AGPL-3.0-only"
+  spec.required_ruby_version = ">= 3.3"
   spec.metadata = {
-    'rubygems_mfa_required' => 'true'
+    "rubygems_mfa_required" => "true"
   }
   spec.files = Dir.chdir(__dir__) do
-    Dir['README.md', 'clowk.gemspec', 'config/routes.rb', 'lib/**/*.rb']
+    Dir["README.md", "clowk.gemspec", "config/routes.rb", "lib/**/*.rb"]
   end
-  spec.require_paths = ['lib']
+  spec.require_paths = ["lib"]
-  spec.add_dependency 'activesupport', '>= 7.0'
-  spec.add_dependency 'jwt', '>= 2.7', '< 3.0'
-  spec.add_dependency 'railties', '>= 7.0'
+  spec.add_dependency "activesupport", ">= 7.0"
+  spec.add_dependency "jwt", ">= 2.7", "< 3.0"
+  spec.add_dependency "railties", ">= 7.0"
-  spec.add_development_dependency 'rspec', '>= 3.13', '< 4.0'
+  spec.add_development_dependency "rspec", ">= 3.13", "< 4.0"
+  spec.add_development_dependency "standard", ">= 1.0"
 end

data/config/routes.rb CHANGED Viewed

@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 Clowk::Engine.routes.draw do
-  get '/sign_in', to: 'sessions#new', as: :sign_in
-  get '/sign_up', to: 'sessions#sign_up', as: :sign_up
-  match '/sign_out', to: 'sessions#destroy', via: %i(get delete), as: :sign_out
-  get '/oauth/callback', to: 'callbacks#show', as: :auth_callback
+  get "/sign_in", to: "sessions#new", as: :sign_in
+  get "/sign_up", to: "sessions#sign_up", as: :sign_up
+  match "/sign_out", to: "sessions#destroy", via: %i[get delete], as: :sign_out
+  get "/oauth/callback", to: "callbacks#show", as: :auth_callback
 end

data/lib/clowk/authenticable.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-require 'active_support/concern'
+require "active_support/concern"
 module Clowk
   module Authenticable
@@ -12,17 +12,31 @@ module Clowk
       authenticate_method = :"authenticate_#{scope}!"
       signed_in_method = :"#{scope}_signed_in?"
+      enforce_session_method = :"#{scope}_enforce_session!"
       base.class_eval do
-        define_method(current_method) do
-          clowk_current_resource
+        unless current_method == :clowk_current_resource
+          define_method(current_method) do
+            clowk_current_resource
+          end
+        end
+        unless authenticate_method == :clowk_authenticate!
+          define_method(authenticate_method) do
+            clowk_authenticate!
+          end
         end
-        define_method(authenticate_method) do
-          clowk_authenticate!
+        unless signed_in_method == :clowk_signed_in?
+          define_method(signed_in_method) do
+            clowk_signed_in?
+          end
         end
-        define_method(signed_in_method) do
-          clowk_current_resource.present?
+        unless enforce_session_method == :clowk_enforce_session!
+          define_method(enforce_session_method) do
+            clowk_enforce_session!
+          end
         end
         helper_method current_method, authenticate_method, signed_in_method, :current_token if respond_to?(:helper_method)
@@ -41,21 +55,40 @@ module Clowk
     end
     def current_token
-      stored_session&.dig('token') || extracted_token
+      stored_session&.dig("token") || extracted_token
     end
     def clowk_signed_in?
       clowk_current_resource.present?
     end
+    def clowk_session_status
+      @clowk_session_status ||= resolve_session_status
+    end
+    def clowk_session_active?
+      clowk_session_status&.dig(:status) == "active"
+    end
+    def clowk_enforce_session!
+      return if clowk_session_active?
+      session_info = clowk_session_status
+      callback = Clowk.config.on_session_expired
+      if callback.respond_to?(:call)
+        callback.call(self, session_info)
+        return
+      end
+      clowk_handle_expired_session(session_info)
+    end
     def clowk_authenticate!
       return clowk_current_resource if clowk_signed_in?
-      if request.format.json?
-        render json: { error: 'Unauthorized' }, status: :unauthorized
-      else
-        redirect_to clowk_sign_in_path(return_to: request.fullpath)
-      end
+      clowk_handle_unauthenticated
     end
     def clowk_sign_out!
@@ -67,6 +100,22 @@ module Clowk
     private
+    def clowk_handle_unauthenticated
+      if request.format.json?
+        render json: {error: "Unauthorized"}, status: :unauthorized
+      else
+        redirect_to clowk_sign_in_path(return_to: request.fullpath)
+      end
+    end
+    def clowk_handle_expired_session(_session_info)
+      if request.format.json?
+        render json: {error: "Session expired or inactive"}, status: :unauthorized
+      else
+        redirect_to clowk_sign_in_path(return_to: request.fullpath)
+      end
+    end
     def verified_request_payload
       return unless extracted_token
@@ -90,13 +139,13 @@ module Clowk
     end
     def stored_user_payload
-      payload = stored_session&.dig('user') || stored_session&.dig(:user)
+      payload = stored_session&.dig("user") || stored_session&.dig(:user)
       payload&.deep_symbolize_keys
     end
     def persist_clowk_session(token, payload)
       session[Clowk.config.session_key] = {
-        token: token,
+        token:,
         user: payload,
         signed_in_at: Time.now.to_i
       }
@@ -108,5 +157,26 @@ module Clowk
         secure: request.ssl?
       }
     end
+    def resolve_session_status
+      cached = stored_session&.dig("session_status") || stored_session&.dig(:session_status)
+      return cached&.deep_symbolize_keys if cached
+      resource = clowk_current_resource
+      return unless resource&.session_id
+      return unless Clowk.config.secret_key.present?
+      client = Clowk::SDK::Client.new(secret_key: Clowk.config.secret_key)
+      result = client.tokens.verify_with_session(token: current_token)
+      status = result&.dig(:session)
+      session[Clowk.config.session_key] = stored_session.merge("session_status" => status) if status && stored_session
+      status
+    rescue Clowk::InvalidTokenError
+      nil
+    end
   end
 end

data/lib/clowk/configuration.rb CHANGED Viewed

@@ -4,8 +4,6 @@ module Clowk
   class Configuration
     attr_accessor :api_base_url
     attr_accessor :app_base_url
-    attr_accessor :after_sign_in_path
-    attr_accessor :after_sign_out_path
     attr_accessor :callback_path
     attr_accessor :cookie_key
     attr_accessor :http_logger
@@ -22,25 +20,60 @@ module Clowk
     attr_accessor :session_key
     attr_accessor :subdomain_url
     attr_accessor :token_param
+    attr_accessor :enforce_active_session
+    attr_accessor :on_session_expired
     def initialize
-      @api_base_url = 'https://api.clowk.dev/client/v1'
-      @app_base_url = 'https://app.clowk.in'
-      @after_sign_in_path = '/'
-      @after_sign_out_path = '/'
-      @mount_path = '/clowk'
-      @callback_path = '/clowk/oauth/callback'
-      @cookie_key = 'clowk_token'
+      @api_base_url = "https://api.clowk.dev/api/v1"
+      @app_base_url = "https://app.clowk.in"
+      @after_sign_in_path = "/"
+      @after_sign_out_path = "/"
+      @mount_path = "/clowk"
+      @callback_path = "/clowk/oauth/callback"
+      @cookie_key = "clowk_token"
       @http_logger = nil
       @http_open_timeout = 5
       @http_read_timeout = 10
       @http_retry_attempts = 2
       @http_retry_interval = 0.05
       @http_write_timeout = 10
-      @issuer = 'clowk'
+      @issuer = "clowk"
       @session_key = :clowk
       @prefix_by = :clowk
       @token_param = :token
+      @enforce_active_session = false
+      @on_session_expired = nil
+    end
+    def after_sign_in_path
+      resolve_path(@after_sign_in_path)
+    end
+    def after_sign_out_path
+      resolve_path(@after_sign_out_path)
+    end
+    attr_writer :after_sign_in_path
+    attr_writer :after_sign_out_path
+    def validate!
+      errors = []
+      errors << "secret_key must be a String" unless @secret_key.is_a?(String) || @secret_key.nil?
+      errors << "http_open_timeout must be Numeric" unless @http_open_timeout.is_a?(Numeric)
+      errors << "http_read_timeout must be Numeric" unless @http_read_timeout.is_a?(Numeric)
+      errors << "http_write_timeout must be Numeric" unless @http_write_timeout.is_a?(Numeric)
+      errors << "http_retry_attempts must be a non-negative Integer" unless @http_retry_attempts.is_a?(Integer) && @http_retry_attempts >= 0
+      raise ConfigurationError, errors.join(", ") if errors.any?
+      true
+    end
+    private
+    def resolve_path(path_or_callable)
+      path_or_callable.respond_to?(:call) ? path_or_callable.call : path_or_callable
     end
   end
 end

data/lib/clowk/controllers/base_controller.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
-require 'securerandom'
-require 'uri'
+require "securerandom"
+require "uri"
 module Clowk
   class BaseController < ActionController::Base
@@ -13,18 +13,18 @@ module Clowk
     private
     def redirect_back_or(default, return_to: params[:return_to])
-      redirect_target = safe_redirect_path(return_to) || safe_redirect_path(default) || '/'
+      redirect_target = safe_redirect_path(return_to) || safe_redirect_path(default) || "/"
       redirect_to redirect_target
     end
     def start_clowk_auth_flow!(return_to: nil)
-      sanitized_return_to = safe_redirect_path(return_to) || safe_redirect_path(Clowk.config.after_sign_in_path) || '/'
+      sanitized_return_to = safe_redirect_path(return_to) || safe_redirect_path(Clowk.config.after_sign_in_path) || "/"
       state = SecureRandom.hex(32)
       session[:clowk_auth_flow] = {
-        'state' => state,
-        'return_to' => sanitized_return_to
+        "state" => state,
+        "return_to" => sanitized_return_to
       }
       state
@@ -38,9 +38,9 @@ module Clowk
     end
     def validate_clowk_state!(expected_state, actual_state)
-      raise Clowk::InvalidStateError, 'missing state' if actual_state.blank?
-      raise Clowk::InvalidStateError, 'missing state' if expected_state.blank?
-      raise Clowk::InvalidStateError, 'invalid state' unless state_matches?(expected_state, actual_state)
+      raise Clowk::InvalidStateError, "missing state" if actual_state.blank?
+      raise Clowk::InvalidStateError, "missing state" if expected_state.blank?
+      raise Clowk::InvalidStateError, "invalid state" unless state_matches?(expected_state, actual_state)
     end
     def state_matches?(expected_state, actual_state)
@@ -53,7 +53,7 @@ module Clowk
       value = candidate.to_s
       return if value.empty?
-      return value if value.start_with?('/') && !value.start_with?('//')
+      return value if value.start_with?("/") && !value.start_with?("//")
       uri = URI.parse(value)
       return unless uri.host == request.host && uri.scheme == request.scheme

data/lib/clowk/controllers/callbacks_controller.rb CHANGED Viewed

@@ -4,20 +4,21 @@ module Clowk
   class CallbacksController < BaseController
     def show
       flow = consume_clowk_auth_flow!
-      validate_clowk_state!(flow['state'], params[:state])
+      validate_clowk_state!(flow["state"], params[:state])
       token = params[Clowk.config.token_param]
-      raise Clowk::InvalidTokenError, 'missing token' if token.blank?
+      raise Clowk::InvalidTokenError, "missing token" if token.blank?
       payload = Clowk::JwtVerifier.new.verify(token)
-      return_to = flow['return_to']
+      return_to = flow["return_to"]
       reset_clowk_session!
       persist_clowk_session(token, payload)
       redirect_back_or(Clowk.config.after_sign_in_path, return_to:)
     rescue Clowk::InvalidTokenError, Clowk::InvalidStateError => e
-      flash[:alert] = "Clowk authentication failed: #{e.message}"
+      Rails.logger.error("[Clowk] Authentication failed: #{e.class} - #{e.message}")
+      flash[:alert] = "Authentication failed. Please try again."
       redirect_back_or(Clowk.config.after_sign_out_path, return_to: nil)
     end

data/lib/clowk/current.rb CHANGED Viewed

@@ -36,6 +36,10 @@ module Clowk
       attributes[:app_id]
     end
+    def session_id
+      attributes[:session_id]
+    end
     def [](key)
       attributes[key.to_sym]
     end
@@ -43,5 +47,19 @@ module Clowk
     def to_h
       attributes.merge(id: id)
     end
+    def ==(other)
+      return false unless other.is_a?(Current)
+      to_h == other.to_h
+    end
+    def eql?(other)
+      self == other
+    end
+    def hash
+      to_h.hash
+    end
   end
-end
+end

data/lib/clowk/engine.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module Clowk
   class Engine < ::Rails::Engine
     isolate_namespace Clowk
-    initializer 'clowk.helpers' do
+    initializer "clowk.helpers" do
       ActiveSupport.on_load(:action_controller_base) do
         include Clowk::Helpers::UrlHelpers
       end

data/lib/clowk/helpers/url_helpers.rb CHANGED Viewed

@@ -1,20 +1,18 @@
 # frozen_string_literal: true
-require 'cgi'
 module Clowk
   module Helpers
     module UrlHelpers
       def clowk_sign_in_path(return_to: nil)
-        append_query(clowk_local_path('/sign_in'), return_to:)
+        append_query(clowk_local_path("/sign_in"), return_to:)
       end
       def clowk_sign_up_path(return_to: nil)
-        append_query(clowk_local_path('/sign_up'), return_to:)
+        append_query(clowk_local_path("/sign_up"), return_to:)
       end
       def clowk_sign_out_path(return_to: nil)
-        append_query(clowk_local_path('/sign_out'), return_to:)
+        append_query(clowk_local_path("/sign_out"), return_to:)
       end
       def clowk_callback_url(return_to: nil, state: nil)
@@ -22,18 +20,18 @@ module Clowk
       end
       def clowk_sign_in_url(redirect_to: nil, return_to: nil, state: nil)
-        clowk_remote_auth_url('sign-in', redirect_to:, return_to:, state:)
+        clowk_remote_auth_url("sign-in", redirect_to:, return_to:, state:)
       end
       def clowk_sign_up_url(redirect_to: nil, return_to: nil, state: nil)
-        clowk_remote_auth_url('sign-up', redirect_to:, return_to:, state:)
+        clowk_remote_auth_url("sign-up", redirect_to:, return_to:, state:)
       end
       private
       def clowk_remote_auth_url(action, redirect_to:, return_to:, state:)
         callback_url = clowk_callback_url(return_to: redirect_to || return_to, state:)
-        query = { redirect_uri: callback_url }
+        query = {redirect_uri: callback_url}
         append_query("#{clowk_instance_base_url}/#{action}", query)
       end
@@ -50,7 +48,7 @@ module Clowk
         filtered = params.compact.reject { |_key, value| value.respond_to?(:empty?) && value.empty? }
         return url if filtered.empty?
-        separator = url.include?('?') ? '&' : '?'
+        separator = url.include?("?") ? "&" : "?"
         "#{url}#{separator}#{Rack::Utils.build_query(filtered)}"
       end
     end

data/lib/clowk/http/client.rb CHANGED Viewed

@@ -1,8 +1,8 @@
 # frozen_string_literal: true
-require 'json'
-require 'net/http'
-require 'uri'
+require "json"
+require "net/http"
+require "uri"
 module Clowk
   class Http
@@ -121,7 +121,7 @@ module Clowk
       request.body = JSON.generate(env[:body]) unless env[:body].nil?
-      raw_response = Net::HTTP.start(env[:uri].host, env[:uri].port, use_ssl: env[:uri].scheme == 'https') do |http|
+      raw_response = Net::HTTP.start(env[:uri].host, env[:uri].port, use_ssl: env[:uri].scheme == "https") do |http|
         apply_timeouts(http, env[:timeouts])
         http.request(request)
       end
@@ -144,12 +144,12 @@ module Clowk
     end
     def normalize_path(path)
-      path.to_s.start_with?('/') ? path : "/#{path}"
+      path.to_s.start_with?("/") ? path : "/#{path}"
     end
     def join_paths(base_path, extra_path)
-      segments = [base_path.to_s, extra_path.to_s].map { |segment| segment.gsub(%r{^/+|/+$}, '') }.reject(&:empty?)
-      "/#{segments.join('/')}"
+      segments = [base_path.to_s, extra_path.to_s].map { |segment| segment.gsub(%r{^/+|/+$}, "") }.reject(&:empty?)
+      "/#{segments.join("/")}"
     end
     def apply_headers(request, request_headers)
@@ -167,8 +167,8 @@ module Clowk
     def default_headers
       {
-        'Accept' => 'application/json',
-        'Content-Type' => 'application/json'
+        "Accept" => "application/json",
+        "Content-Type" => "application/json"
       }
     end

data/lib/clowk/http/logger_middleware.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-require 'logger'
+require "logger"
 module Clowk
   class Http
@@ -22,7 +22,8 @@ module Clowk
       attr_reader :app, :logger
       class NullLogger
-        def info(*); end
+        def info(*)
+        end
       end
     end
   end

data/lib/clowk/http/response.rb CHANGED Viewed

@@ -27,17 +27,17 @@ module Clowk
           body: body,
           body_parsed: body_parsed,
           headers: headers,
-          success?: success?
+          success: success?
         }
       end
       def ==(other)
-        if other.respond_to?(:to_h)
-          to_h == other.to_h
+        to_h == if other.respond_to?(:to_h)
+          other.to_h
         else
-          to_h == other
+          other
         end
       end
     end
   end
-end
+end

data/lib/clowk/http/retry_middleware.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-require 'net/http'
+require "net/http"
 module Clowk
   class Http
@@ -44,4 +44,4 @@ module Clowk
       attr_reader :app, :logger
     end
   end
-end
+end

data/lib/clowk/http/timeout_middleware.rb CHANGED Viewed

@@ -27,4 +27,4 @@ module Clowk
       attr_reader :app, :logger, :open_timeout, :read_timeout, :write_timeout
     end
   end
-end
+end

data/lib/clowk/jwt_verifier.rb CHANGED Viewed

@@ -1,10 +1,10 @@
 # frozen_string_literal: true
-require 'jwt'
+require "jwt"
 module Clowk
   class JwtVerifier
-    ALGORITHM = 'HS256'
+    ALGORITHM = "HS256"
     def initialize(secret_key: Clowk.config.secret_key, issuer: Clowk.config.issuer)
       @secret_key = secret_key
@@ -12,9 +12,9 @@ module Clowk
     end
     def verify(token)
-      raise ConfigurationError, 'missing Clowk secret_key' if @secret_key.to_s.empty?
+      raise ConfigurationError, "missing Clowk secret_key" if @secret_key.to_s.empty?
-      options = { algorithm: ALGORITHM }
+      options = {algorithm: ALGORITHM}
       options[:iss] = @issuer if @issuer
       options[:verify_iss] = @issuer.present?

data/lib/clowk/middleware/token_extractor.rb CHANGED Viewed

@@ -18,7 +18,7 @@ module Clowk
       attr_reader :request, :token_param, :cookie_key
       def token_from_params
-        params = request.respond_to?(:params) && request.params ? request.params : {}
+        params = (request.respond_to?(:params) && request.params) ? request.params : {}
         params[token_param.to_s].presence
       end
@@ -26,8 +26,8 @@ module Clowk
         header = request.authorization.to_s
         return if header.empty?
-        scheme, token = header.split(' ', 2)
-        return unless scheme.to_s.casecmp('Bearer').zero?
+        scheme, token = header.split(" ", 2)
+        return unless scheme.to_s.casecmp("Bearer").zero?
         token.presence
       end

data/lib/clowk/sdk/client.rb CHANGED Viewed

@@ -1,12 +1,12 @@
 # frozen_string_literal: true
-require 'active_support/inflector'
+require "active_support/inflector"
 module Clowk
   module SDK
     class Client
       def initialize(options = {})
-        @api_base_url = options.fetch(:api_base_url, Clowk.config.api_base_url)
+        @api_base_url = options.fetch(:api_base_url, nil).presence || Clowk.config.api_base_url
         @secret_key = options.fetch(:secret_key, Clowk.config.secret_key)
         @publishable_key = options.fetch(:publishable_key, Clowk.config.publishable_key)
       end
@@ -18,7 +18,7 @@ module Clowk
         return super unless Clowk::SDK.const_defined?(resource_class_name)
-        resource_ivar = "@#{method_name}"
+        resource_ivar = :"@#{resource_class_name}"
         return instance_variable_get(resource_ivar) if instance_variable_defined?(resource_ivar)
         resource_class = Clowk::SDK.const_get(resource_class_name)
@@ -80,8 +80,8 @@ module Clowk
       def default_headers
         {}.tap do |headers|
-          headers['X-Clowk-Secret-Key'] = secret_key if secret_key.present?
-          headers['X-Clowk-Publishable-Key'] = publishable_key if publishable_key.present?
+          headers["X-Clowk-Secret-Key"] = secret_key if secret_key.present?
+          headers["X-Clowk-Publishable-Key"] = publishable_key if publishable_key.present?
         end
       end
     end

data/lib/clowk/sdk/resource.rb CHANGED Viewed

@@ -1,12 +1,12 @@
 # frozen_string_literal: true
-require 'erb'
+require "erb"
 module Clowk
   module SDK
     class Resource
       def self.resource_path
-        raise NotImplementedError, 'resource_path must be implemented'
+        raise NotImplementedError, "resource_path must be implemented"
       end
       def initialize(client)
@@ -31,10 +31,10 @@ module Clowk
       # @return [Clowk::Http::Response]
       def search(raw_query = nil, **filters)
         query = if raw_query.is_a?(String)
-                  raw_query
-                else
-                  filters.map { |k, v| "#{k}:#{v}" }.join(' ')
-                end
+          raw_query
+        else
+          filters.map { |k, v| "#{k}:#{v}" }.join(" ")
+        end
         client.get("#{self.class.resource_path}/search?query=#{ERB::Util.url_encode(query)}")
       end

data/lib/clowk/sdk/session.rb CHANGED Viewed

@@ -4,7 +4,24 @@ module Clowk
   module SDK
     class Session < Resource
       def self.resource_path
-        'sessions'
+        "sessions"
+      end
+      # @param raw_query [String, nil] Raw query string (forwarded to the base search)
+      # @param email [String, nil] Email to search for via the legacy ILIKE endpoint
+      # @param filters [Hash] Keyword filters (forwarded to the base search)
+      # @return [Clowk::Http::Response]
+      def search(raw_query = nil, email: nil, **filters)
+        return super(raw_query, **filters) unless email
+        client.get("#{self.class.resource_path}/search?email=#{ERB::Util.url_encode(email)}")
+      end
+      # Revokes a session by its session_id (clk_session_UUID)
+      # @param session_id [String]
+      # @return [Clowk::Http::Response]
+      def revoke(session_id)
+        destroy(session_id)
       end
     end
   end

data/lib/clowk/sdk/session_config.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module Clowk
+  module SDK
+    class SessionConfig < Resource
+      def self.resource_path
+        "session_config"
+      end
+      def fetch
+        response = client.get(self.class.resource_path)
+        response.body_parsed&.deep_symbolize_keys
+      end
+    end
+  end
+end

data/lib/clowk/sdk/subdomain.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module Clowk
   module SDK
     class Subdomain < Resource
       def self.resource_path
-        'instances'
+        "instances"
       end
       def find_by_pk(key = nil)

data/lib/clowk/sdk/token.rb CHANGED Viewed

@@ -4,11 +4,23 @@ module Clowk
   module SDK
     class Token < Resource
       def self.resource_path
-        'tokens'
+        "tokens"
       end
       def verify(token:)
-        client.post("#{self.class.resource_path}/verify", { token: token })
+        client.post("#{self.class.resource_path}/verify", {token: token})
+      end
+      def verify_with_session(token:)
+        response = verify(token:)
+        unless response.success?
+          raise Clowk::InvalidTokenError, response.body_parsed&.dig("error") || "token verification failed"
+        end
+        data = response.body_parsed&.dig("data") || response.body_parsed
+        data&.deep_symbolize_keys
       end
     end
   end

data/lib/clowk/sdk/user.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module Clowk
   module SDK
     class User < Resource
       def self.resource_path
-        'users'
+        "users"
       end
     end
   end

data/lib/clowk/subdomain.rb CHANGED Viewed

@@ -1,11 +1,13 @@
 # frozen_string_literal: true
-require 'uri'
+require "uri"
 module Clowk
   class Subdomain
     CACHE_TTL = 60
-    DEFAULT_SUBDOMAIN_BASE = 'clowk.dev'
+    DEFAULT_SUBDOMAIN_BASE = "clowk.dev"
+    @cache_mutex = Mutex.new
     class << self
       def resolve_url!(...)
@@ -13,24 +15,28 @@ module Clowk
       end
       def clear_cache!
-        @cache = {}
+        @cache_mutex.synchronize { @cache = {} }
       end
       def read_cache(key)
-        entry = cache[key]
+        @cache_mutex.synchronize do
+          entry = cache[key]
-        return unless entry
-        return entry[:value] if entry[:expires_at] > Time.now
+          return unless entry
+          return entry[:value] if entry[:expires_at] > Time.now
-        cache.delete(key)
-        nil
+          cache.delete(key)
+          nil
+        end
       end
       def write_cache(key, value, ttl:)
-        cache[key] = {
-          value: value,
-          expires_at: Time.now + ttl
-        }
+        @cache_mutex.synchronize do
+          cache[key] = {
+            value: value,
+            expires_at: Time.now + ttl
+          }
+        end
       end
       private
@@ -42,7 +48,6 @@ module Clowk
     def initialize(options = {})
       @publishable_key = options.fetch(:publishable_key, Clowk.config.publishable_key)
-      @api_base_url = options.fetch(:api_base_url, Clowk.config.api_base_url)
       @subdomain_url = options.fetch(:subdomain_url, Clowk.config.subdomain_url)
     end
@@ -50,12 +55,12 @@ module Clowk
       return resolve_from_key if publishable_key.present?
       return normalize_url(subdomain_url) if subdomain_url.present?
-      raise ConfigurationError, 'set publishable_key or subdomain_url to build Clowk URLs'
+      raise ConfigurationError, "set publishable_key or subdomain_url to build Clowk URLs"
     end
     private
-    attr_reader :api_base_url, :publishable_key, :subdomain_url
+    attr_reader :publishable_key, :subdomain_url
     def resolve_from_key
       cached = self.class.read_cache(cache_key)
@@ -64,7 +69,7 @@ module Clowk
       response = client.subdomains.find_by_pk(publishable_key)
       resolved = extract_url_from_instance(response.body_parsed)
-      raise ConfigurationError, 'could not resolve subdomain_url from publishable_key' if resolved.blank?
+      raise ConfigurationError, "could not resolve subdomain_url from publishable_key" if resolved.blank?
       self.class.write_cache(cache_key, resolved, ttl: CACHE_TTL)
       resolved
@@ -77,22 +82,28 @@ module Clowk
     def extract_url_from_instance(payload)
       return if payload.blank?
-      instance = payload.is_a?(Hash) ? payload : {}
-      instance_data = instance['instance'].is_a?(Hash) ? instance['instance'] : instance
+      root = payload.is_a?(Hash) ? payload : {}
+      instance_data = if root["instance"].is_a?(Hash)
+        root["instance"]
+      elsif root["data"].is_a?(Hash)
+        root["data"]
+      else
+        root
+      end
-      explicit_url = instance_data['url'] || instance_data['subdomain_url'] || instance_data['instance_url']
+      explicit_url = instance_data["url"] || instance_data["subdomain_url"] || instance_data["instance_url"]
       return normalize_url(explicit_url) if explicit_url.present?
-      host = instance_data['host'] || instance_data['domain'] || instance_data['hostname']
+      host = instance_data["host"] || instance_data["domain"] || instance_data["hostname"]
       return normalize_url(host_to_url(host)) if host.present?
-      subdomain = instance_data['subdomain']
+      subdomain = instance_data["subdomain"]
       normalize_url("https://#{subdomain}.#{default_subdomain_base}") if subdomain.present?
     end
     def host_to_url(host)
       value = host.to_s
-      return value if value.start_with?('http://', 'https://')
+      return value if value.start_with?("http://", "https://")
       "https://#{value}"
     end
@@ -104,17 +115,17 @@ module Clowk
       uri = URI.parse(configured)
       return DEFAULT_SUBDOMAIN_BASE if uri.host.blank?
-      uri.host.split('.').drop(1).join('.')
+      uri.host.split(".").drop(1).join(".")
     rescue URI::InvalidURIError
       DEFAULT_SUBDOMAIN_BASE
     end
     def normalize_url(value)
-      value.to_s.sub(%r{/$}, '')
+      value.to_s.sub(%r{/$}, "")
     end
     def client
-      @client ||= Clowk::SDK::Client.new
+      @client ||= Clowk::SDK::Client.new(api_base_url: Clowk.config.api_base_url)
     end
   end
 end

data/lib/clowk/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Clowk
-  VERSION = '0.1.0'
+  VERSION = "0.3.3"
 end

data/lib/clowk.rb CHANGED Viewed

@@ -1,15 +1,15 @@
 # frozen_string_literal: true
-require 'rails'
-require 'rails/engine'
-require 'action_controller/railtie'
-require 'active_support'
-require 'active_support/core_ext/hash'
-require 'active_support/core_ext/object/blank'
-require 'rack'
+require "rails"
+require "rails/engine"
+require "action_controller/railtie"
+require "active_support"
+require "active_support/core_ext/hash"
+require "active_support/core_ext/object/blank"
+require "rack"
-require_relative 'clowk/version'
-require_relative 'clowk/configuration'
+require_relative "clowk/version"
+require_relative "clowk/configuration"
 module Clowk
   class Error < StandardError; end
@@ -24,6 +24,7 @@ module Clowk
     def configure
       yield(config)
+      config.validate!
     end
     def reset!
@@ -33,24 +34,25 @@ module Clowk
   end
 end
-require_relative 'clowk/current'
-require_relative 'clowk/http/response'
-require_relative 'clowk/http/logger_middleware'
-require_relative 'clowk/http/retry_middleware'
-require_relative 'clowk/http/timeout_middleware'
-require_relative 'clowk/http/client'
-require_relative 'clowk/sdk/resource'
-require_relative 'clowk/sdk/user'
-require_relative 'clowk/sdk/session'
-require_relative 'clowk/sdk/subdomain'
-require_relative 'clowk/sdk/token'
-require_relative 'clowk/sdk/client'
-require_relative 'clowk/subdomain'
-require_relative 'clowk/jwt_verifier'
-require_relative 'clowk/helpers/url_helpers'
-require_relative 'clowk/middleware/token_extractor'
-require_relative 'clowk/authenticable'
-require_relative 'clowk/controllers/base_controller'
-require_relative 'clowk/controllers/callbacks_controller'
-require_relative 'clowk/controllers/sessions_controller'
-require_relative 'clowk/engine'
+require_relative "clowk/current"
+require_relative "clowk/http/response"
+require_relative "clowk/http/logger_middleware"
+require_relative "clowk/http/retry_middleware"
+require_relative "clowk/http/timeout_middleware"
+require_relative "clowk/http/client"
+require_relative "clowk/sdk/resource"
+require_relative "clowk/sdk/user"
+require_relative "clowk/sdk/session"
+require_relative "clowk/sdk/subdomain"
+require_relative "clowk/sdk/token"
+require_relative "clowk/sdk/session_config"
+require_relative "clowk/sdk/client"
+require_relative "clowk/subdomain"
+require_relative "clowk/jwt_verifier"
+require_relative "clowk/helpers/url_helpers"
+require_relative "clowk/middleware/token_extractor"
+require_relative "clowk/authenticable"
+require_relative "clowk/controllers/base_controller"
+require_relative "clowk/controllers/callbacks_controller"
+require_relative "clowk/controllers/sessions_controller"
+require_relative "clowk/engine"

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: clowk
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.3.3
 platform: ruby
 authors:
 - Clowk
 bindir: bin
 cert_chain: []
-date: 2026-03-23 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -77,6 +77,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: standard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
 description: Clowk Authentication, JWT verification, and future API access
 email:
 - support@clowk.in
@@ -106,6 +120,7 @@ files:
 - lib/clowk/sdk/client.rb
 - lib/clowk/sdk/resource.rb
 - lib/clowk/sdk/session.rb
+- lib/clowk/sdk/session_config.rb
 - lib/clowk/sdk/subdomain.rb
 - lib/clowk/sdk/token.rb
 - lib/clowk/sdk/user.rb
@@ -113,7 +128,7 @@ files:
 - lib/clowk/version.rb
 homepage: https://clowk.in
 licenses:
-- AGPL-3.0
+- AGPL-3.0-only
 metadata:
   rubygems_mfa_required: 'true'
 rdoc_options: []
@@ -130,7 +145,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Rails SDK for Clowk authentication
 test_files: []