easy_jwt_auth 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: bdb72f71463698bea4bf0bdeae3604bfdf61217f
+  data.tar.gz: 2dca509e9a4b28f06ecdf8e5ad3056c4c240e201
+SHA512:
+  metadata.gz: a61272b4f484efb0eb04da710d7c80d46d05bdf4edfc0896292d158e63d18d56ac33367acb564c40bedd71a51ff5878791bcdaa3bece34809786de065b284d62
+  data.tar.gz: 5b5220cd1fedf188b19d6b468a077c33fb7093a67db3c2cd1fe2d8569e036297434fa412e893a1c08f13d4b701df768b4d270b9222bce0d0cccf9e7476498f71

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,49 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, and in the interest of
+fostering an open and welcoming community, we pledge to respect all people who
+contribute through reporting issues, posting feature requests, updating
+documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free
+experience for everyone, regardless of level of experience, gender, gender
+identity and expression, sexual orientation, disability, personal appearance,
+body size, race, ethnicity, age, religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing other's private information, such as physical or electronic
+  addresses, without explicit permission
+* Other unethical or unprofessional conduct
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+By adopting this Code of Conduct, project maintainers commit themselves to
+fairly and consistently applying these principles to every aspect of managing
+this project. Project maintainers who do not follow or enforce the Code of
+Conduct may be permanently removed from the project team.
+
+This code of conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting a project maintainer at pvratsalis@gmail.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. Maintainers are
+obligated to maintain confidentiality with regard to the reporter of an
+incident.
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 1.3.0, available at
+[http://contributor-covenant.org/version/1/3/0/][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/3/0/

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in easy_jwt_auth.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Pantelis Vratsalis
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,149 @@
+# EasyJwtAuth
+
+Welcome to EasyJwtAuth! EasyJwtAuth is a ruby gem that allows easy use of JWT tokens in any ruby project or rails application, typically for authenticating and authorizing requests.
+
+A typical usecase of JWT tokens is when building an API. JWT tokens can be sent as authorization tokens in headers. The advantage of using JWT tokens is that they are signed with a secret, so the information inside them cannot be tampered. This makes them ideal for embeding both authentication and authorization information in one step (e.g. by "decoding" the token, one can get information about the user and the roles a user has in case of a role-based authorization). 
+
+Also, the fact that expiration timestamps can be embedded in the data of the token and be handled automatically, can be used to easily build short-lived tokens, making an API more secure.
+
+
+## Dependencies
+
+The only dependency of EasyJwtAuth is the [jwt gem](https://github.com/jwt/ruby-jwt).
+
+## Installation
+
+### Using rubygems
+
+```ruby
+gem install easy_jwt_auth
+```
+
+### Using bundler
+
+Add the following to your Gemfile
+```ruby
+gem 'easy_jwt_auth'
+```
+and the run
+```bash
+bundle install
+```
+
+## Usage
+
+#### In Rails projects
+For Rails project, the only real configuration needed is to create an initializer (e.g. easy_jwt_auth.rb):
+
+#### Setup
+```ruby
+EasyJwtAuth::Config.tap do |c|
+  c.set_expiration 3600 # expiration of jwt token in seconds
+  c.set_algo 'HS256' # the algorithm used for signing the data
+  c.set_secret 's3cr3t' # the secret to use for signing the data
+  c.set_finder_method ->(id) { User.find(id) }
+end
+```
+The first 3 configuration settings are self explanatory, but in short:
+* **set_expiration** is used to set the expiration of the token in seconds. If a token is expired, it will be treated as invalid
+* **set_algo is** used to set the algorithm used for signing the payload of the JWT token
+* **set_secret** is used to set secret used in the algorithm for signing the paylod
+
+The **set_finder_method** setting accepts an object that responds to the call method, so either an object can be passed or a lambda function as in the example. This eliminates the dependency of easy_jwt_auth on ActiveRecord and allows you have a model different than User or even get users via repositories. The only requirement of set_finder_method is to be set to an object that responds to call and accepts an id argument (though if you're using ActiveRecord, it's not mandatory to be the id of the model, it can be an email address, a uuid, whatever).
+
+That's it! This is the only setup needed. EasyJwtAuth comes with a couple of useful helper methods for Rails. To use them in your controllers, just include them in your ApplicationController. For example:
+
+#### Helpers
+
+```ruby
+class ApplicationController < ActionController::API
+  include EasyJwtAuth::RailsHelpers
+end
+```
+
+With this line of code you have gained access to 2 methods:
+* **jwt_current_user** which gets the Authorization header from the request and finds the user associated with this header (based on the finder method of the configuration step). The result of the jwt_current_user is memoized, so you can use it as many times as you wish without performing extra database queries or expensive operations.
+* **jwt_authenticate!** which returns a 403 forbidden response with empty response body in case there is no jwt_current_user. This method is useful for authorizing requests to routes you wish to protect as a before_action filter.
+
+Examples:
+
+The code below protects the my_secret_route action against non-authorized requests:
+
+```ruby
+class SecretController < ApplicationController
+  before_action :jwt_authenticate!, only: [:my_secret_route]
+  
+  # this action needs an authorization header with a proper token
+  def my_secret_route
+    render json: { 'user_id': jwt_current_user.id }, status: :ok
+  end
+  
+  # this action does not
+  def other_route
+    render json: {}, status: :ok
+  end
+end
+```
+
+#### Generating tokens
+
+In order to generate a jwt token, you can use the EasyJwtAuth::TokenBuilder's build_token method. The method accepts an id (either the id of the user, which it stores in the token and is used by the finder method of the user finder and jwt_current_user method).
+
+Example:
+
+```ruby
+class LoginController < ApplicationController
+  def login
+    # login logic, eg validate credentials from a login form and find the user
+    token_builder = EasyJwtAuth::TokenBuilder.new
+    render json: { token: token_builder.build_token(user.id) }, status: :ok
+  end
+end
+```
+
+In the example above, the token is returned by the API and can be used for subsequent calls to protected resources (by setting the Authorization header in subsequent requests as "Bearer token_value").
+
+#### Outside of Rails projects
+The gem includes a couple of helpers that can be used only in Rails projects, but the rest of the classes can be used by any other project. Specifically:
+
+**EasyJwtAuth::Config**
+This is the only requirement in order to configure the gem. The configuration is quite simple. This is common both for Rails and non-Rails projects (for more information see Setup section for Rails projects above).
+
+**EasyJwtAuth::TokenBuilder**
+The token builder can be used to generate new tokens. The Config setup should come first before using any of the other classes (like the TokenBuilder). Example:
+
+```ruby
+token_builder = EasyJwtAuth::TokenBuilder.new
+
+# the argument passed is the id used for finding the user by the finder_method configured in the setup step.
+
+# the id could be a model id
+token_builder.build_token(50)
+
+# or an email address for example
+token_builder.build_token('john@example.com')
+```
+
+**EasyJwtAuth::UserFinder**
+The UserFinder is used to retrieve a user based on the authorization header of the request. The authorization header should be in the form "Bearer token_value". The UserFinder extracts the token_value and finds the id of the user and uses that in order to retrieve the user (by using the finder_method of the setup step).
+
+Example:
+
+```ruby
+# let's build a token
+token_builder = EasyJwtAuth::TokenBuilder.new
+token = token_builder.build_token(50)
+
+header = "Bearer #{token}"
+uf = EasyJwtAuth::UserFinder.new
+user = uf.user_from_header(header)
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/m1lt0n/easy_jwt_auth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "easy_jwt_auth"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/easy_jwt_auth.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'easy_jwt_auth/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "easy_jwt_auth"
+  spec.version       = EasyJwtAuth::VERSION
+  spec.authors       = ["Pantelis Vratsalis"]
+  spec.email         = ["pvratsalis@gmail.com"]
+
+  spec.summary       = %q{easy_jwt_auth is a small gems that can be used in APIs and allows authentication with the use of jwt tokens.}
+  spec.description   = %q{With easy_jwt_auth, a client can send a jwt token as the authorization header and the gem will check this header and load the appropriate user if the token is valid and has not expired}
+  spec.homepage      = "https://github.com/m1lt0n/easy_jwt_auth"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.12"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.5"
+  spec.add_dependency "jwt", "~> 1.5"
+end

data/lib/easy_jwt_auth/config.rb

@@ -0,0 +1,25 @@
+module EasyJwtAuth
+  class Config
+    class << self
+      attr_reader :algo, :expiration, :finder_method, :secret
+
+      def set_algo(algo)
+        @algo = algo
+      end
+
+      def set_expiration(expiration)
+        @expiration = expiration
+      end
+
+      def set_finder_method(finder_method)
+        raise InvalidFinderMethod unless finder_method.respond_to?(:call)
+
+        @finder_method = finder_method
+      end
+
+      def set_secret(secret)
+        @secret = secret
+      end
+    end
+  end
+end

data/lib/easy_jwt_auth/errors.rb

@@ -0,0 +1,4 @@
+module EasyJwtAuth
+  class InvalidFinderMethod < StandardError; end
+  class InvalidAuthHeader < StandardError; end
+end

data/lib/easy_jwt_auth/rails_helper.rb

@@ -0,0 +1,16 @@
+module EasyJwtAuth
+  module RailsHelper
+    def jwt_current_user
+      return @_jwt_current_user if defined?(@_jwt_current_user)
+
+      auth_header = request.headers['Authorization']
+      @_jwt_current_user = EasyJwtAuth::UserFinder.new.user_from_header(auth_header)
+    rescue StandardError => e
+      nil
+    end
+
+    def jwt_authenticate!
+      head(403) if jwt_current_user.nil?
+    end
+  end
+end

data/lib/easy_jwt_auth/token_builder.rb

@@ -0,0 +1,21 @@
+module EasyJwtAuth
+  class TokenBuilder
+    def initialize
+      @algo = Config.algo
+      @expiration = Config.expiration
+      @secret = Config.secret
+    end
+
+    def build_token(id)
+      iat = Time.now.to_i
+      exp = iat + expiration
+      payload = { id: id, iat: iat, exp: exp }
+
+      JWT.encode(payload, secret, algo)
+    end
+
+    private
+
+    attr_reader :algo, :expiration, :secret
+  end
+end

data/lib/easy_jwt_auth/user_finder.rb

@@ -0,0 +1,32 @@
+module EasyJwtAuth
+  class UserFinder
+    def initialize
+      @algo = Config.algo
+      @finder_method = Config.finder_method
+      @secret = Config.secret
+    end
+
+    def user_from_header(auth_header)
+      raise InvalidAuthHeader unless valid_header?(auth_header)
+
+      decoded_token = JWT.decode(
+        token_from_header(auth_header), secret, true, { algorithm: algo }
+      )
+
+      data = decoded_token.first
+      finder_method.call(data['id'])
+    end
+
+    private
+
+    attr_reader :algo, :secret, :finder_method
+
+    def token_from_header(auth_header)
+      auth_header.split.last
+    end
+
+    def valid_header?(auth_header)
+      /Bearer (.+)/.match(auth_header)
+    end
+  end
+end

data/lib/easy_jwt_auth/version.rb

@@ -0,0 +1,3 @@
+module EasyJwtAuth
+  VERSION = "0.1.0"
+end

data/lib/easy_jwt_auth.rb

@@ -0,0 +1,7 @@
+require "jwt"
+require "easy_jwt_auth/version"
+require "easy_jwt_auth/errors"
+require "easy_jwt_auth/config"
+require "easy_jwt_auth/token_builder"
+require "easy_jwt_auth/user_finder"
+require "easy_jwt_auth/rails_helper"

metadata

@@ -0,0 +1,119 @@
+--- !ruby/object:Gem::Specification
+name: easy_jwt_auth
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Pantelis Vratsalis
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-04-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+description: With easy_jwt_auth, a client can send a jwt token as the authorization
+  header and the gem will check this header and load the appropriate user if the token
+  is valid and has not expired
+email:
+- pvratsalis@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- easy_jwt_auth.gemspec
+- lib/easy_jwt_auth.rb
+- lib/easy_jwt_auth/config.rb
+- lib/easy_jwt_auth/errors.rb
+- lib/easy_jwt_auth/rails_helper.rb
+- lib/easy_jwt_auth/token_builder.rb
+- lib/easy_jwt_auth/user_finder.rb
+- lib/easy_jwt_auth/version.rb
+homepage: https://github.com/m1lt0n/easy_jwt_auth
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: easy_jwt_auth is a small gems that can be used in APIs and allows authentication
+  with the use of jwt tokens.
+test_files: []