exoauth 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: '0417275861e8def76ab9f53cc0e62c74670dcb790c4dd8b695e7debbc3613fbe'
+  data.tar.gz: c1827f16b9a16293079ae609f2f451dd4f7957a4b4740777aacd5299df9b1c31
+SHA512:
+  metadata.gz: 3c89974b8622adbab518a1b5a76c8a87f17a25b8da419347234433d1884cc866aa57f26ee1988913a29a5055c992b8cb06f07b1c390b83322b76652b047932e1
+  data.tar.gz: 2e8a34be42eb834f0ba76b42b9e5c5a19ffe41549576bdafac5a87366764263cbd7f989e0f90d9950410ba50f24f80dc9da81fcd52821c21dff87b892a5c0977

data/README.md

@@ -0,0 +1,17 @@
+# ExoAuth
+
+AuthHelpers: This gem provides auth helpers for a Ruby project.
+
+  - User auth
+
+[reference for gem creation: [newgem-template](https://github.com/wycats/newgem-template)]
+
+[reference for git init: [github init](https://gist.github.com/seankross/8830032)]
+
+
+## Getting started
+
+### Requirements
+
+- Ruby 2.5+
+- JWT 2.3.0

data/lib/exoauth/auth.rb

@@ -0,0 +1,254 @@
+require 'jwt'
+
+module ExoAuth
+  class Auth
+    DEFAULT_ALGORITHM        = 'RS256'
+    DEFAULT_HMAC_SIZE        = 20
+    DEFAULT_RSA_SIZE         = 4096
+    DEFAULT_TOKEN_TTL        = 3600
+    DEFAULT_SIGNING_KEY_PATH = '~/.ssh/exotic-app.rsa'
+    DEFAULT_VERIFY_KEY_PATH  = '~/.ssh/exotic-app.rsa.pub'
+
+    @@conf = ExoBasic::Settings.loaded['user_auth']
+    ExoBasic::Settings.add_on_load_observer(Auth)
+
+    def self.app_algorithm
+      ExoBasic::Settings.try_get_key(@@conf,
+                                     Auth::DEFAULT_ALGORITHM,
+                                     'algorithm')
+    end
+
+    def self.app_expiration_ttl
+      ExoBasic::Settings.try_get_key(@@conf,
+                                     Auth::DEFAULT_TOKEN_TTL,
+                                     'token_ttl')
+    end
+
+    def self.issued_expiration_time(now)
+      now.to_i + Auth.app_expiration_ttl
+    end
+
+    def self.expired?(now, expiration_time)
+      now > Time.at(expiration_time.to_i)
+    end
+
+    def self.show_key(key, algorithm)
+      case algorithm
+      when 'HS256'
+        key
+      when 'ES384', 'ES512'
+        ExoBasic::ECDSAKeys.to_pem(key)
+      when 'RS256'
+        ExoBasic::RSAKeys.to_pem(key)
+      else
+        nil
+      end
+    end
+
+    def self.generate_key(algorithm, parm=nil)
+      case algorithm
+      when 'HS256'
+        if parm.nil?
+          parm = Auth::DEFAULT_HMAC_SIZE
+        end
+
+        ExoBasic::HMACKeys.gen_key(parm)
+      when 'ES384'
+        ExoBasic::ECDSAKeys.gen_key('secp384r1')
+      when 'ES512'
+        ExoBasic::ECDSAKeys.gen_key('secp521r1')
+      when 'RS256'
+        if parm.nil?
+          parm = Auth::DEFAULT_RSA_SIZE
+        end
+
+        ExoBasic::RSAKeys.gen_key(parm)
+      else
+        nil
+      end
+    end
+
+    def self.private_key_from_pem(pem, algorithm)
+      pkey = nil
+      case algorithm
+      when 'HS256'
+        pkey = pem
+      when 'ES384', 'ES512'
+        pkey = ExoBasic::ECDSAKeys.from_pem(pem)
+      when 'RS256'
+        pkey = ExoBasic::RSAKeys.from_pem(pem)
+      end
+
+      pkey
+    end
+
+    def self.public_key_from_pem(pem, algorithm)
+      pub_key = nil
+      case algorithm
+      when 'HS256'
+        pub_key = pem
+      when 'ES384', 'ES512'
+        pub_key = ExoBasic::ECDSAKeys.from_pem(pem)
+        pub_key.private_key = nil
+      when 'RS256'
+        pub_key = ExoBasic::RSAKeys.from_pem(pem)
+      end
+
+      pub_key
+    end
+
+    def self.key_from_file(fname, algorithm)
+      key = nil
+      File.open(fname) do |file|
+        case algorithm
+        when 'HS256'
+          key = file.read
+        when 'ES384', 'ES512', 'RS256'
+          key = OpenSSL::PKey.read(file)
+        end
+      end
+
+      key
+    end
+
+    def self.key_to_file(fname, key)
+      done = false
+      File.open(fname, 'w') do |file|
+        done = file.write(key) > 0
+      end
+
+      done
+    end
+
+    def self.encode(payload, signing_key='default', algorithm='default')
+      if algorithm == 'default'
+        algorithm = Auth.app_algorithm
+      end
+      if signing_key == 'default'
+        signing_key = Auth.get_app_signing_key
+      else
+        signing_key = Auth.private_key_from_pem(signing_key, algorithm)
+      end
+
+      now = Time.now
+      headers = {
+        'iat' => now.to_i,
+        'exp' => Auth.issued_expiration_time(now)
+      }
+      if signing_key.nil?
+        JWT.encode(payload, nil, 'none', headers)
+      else
+        JWT.encode(payload, signing_key, algorithm, headers)
+      end
+    end
+
+    def self.decode(token, verify_key='default', algorithm='default')
+      if algorithm == 'default'
+        algorithm = Auth.app_algorithm
+      end
+      if verify_key == 'default'
+        verify_key = Auth.get_app_verify_key
+      else
+        verify_key = Auth.public_key_from_pem(verify_key, algorithm)
+      end
+
+      begin
+        payload, headers = [nil, nil]
+        if verify_key.nil?
+          payload, headers = JWT.decode(token, nil, false)
+        else
+          payload, headers = JWT.decode(token, verify_key, true, { algorithm: algorithm })
+        end
+
+        now = Time.now
+        if !headers['iat'].nil? &&
+           (headers['iat'].to_f > now.to_f ||
+            Auth.expired?(now, Auth.issued_expiration_time(headers['iat'])))
+
+          false
+        elsif !headers['exp'].nil? &&
+              (headers['exp'].to_i < now.to_i ||
+               Auth.expired?(now, headers['exp']))
+
+          false
+        else
+          payload
+        end
+      rescue JWT::DecodeError => e
+        return false
+      end
+    end
+
+    @@app_signing_key = ExoBasic::Settings.try_get_key(@@conf,
+                                                       true,
+                                                       'signing_enabled') ?
+                        Auth.key_from_file(
+                          File.expand_path(
+                            ExoBasic::Settings.try_get_key(@@conf,
+                                                           Auth::DEFAULT_SIGNING_KEY_PATH,
+                                                           'signing_key_path'),
+                            __FILE__),
+                          Auth.app_algorithm) :
+                        nil
+
+    @@app_verify_key = ExoBasic::Settings.try_get_key(@@conf,
+                                                      true,
+                                                      'verify_enabled') ?
+                       Auth.key_from_file(
+                         File.expand_path(
+                           ExoBasic::Settings.try_get_key(@@conf,
+                                                          Auth::DEFAULT_VERIFY_KEY_PATH,
+                                                          'verify_key_path'),
+                           __FILE__),
+                         Auth.app_algorithm) :
+                       nil
+
+    def self.settings_reloaded
+      @@conf = ExoBasic::Settings.loaded['user_auth']
+
+      @@app_signing_key = ExoBasic::Settings.try_get_key(@@conf,
+                                                         true,
+                                                         'signing_enabled') ?
+                          Auth.key_from_file(
+                            File.expand_path(
+                              ExoBasic::Settings.try_get_key(@@conf,
+                                                             Auth::DEFAULT_SIGNING_KEY_PATH,
+                                                             'signing_key_path'),
+                              __FILE__),
+                            Auth.app_algorithm) :
+                          nil
+
+      @@app_verify_key = ExoBasic::Settings.try_get_key(@@conf,
+                                                        true,
+                                                        'verify_enabled') ?
+                         Auth.key_from_file(
+                           File.expand_path(
+                             ExoBasic::Settings.try_get_key(@@conf,
+                                                            Auth::DEFAULT_VERIFY_KEY_PATH,
+                                                            'verify_key_path'),
+                             __FILE__),
+                           Auth.app_algorithm) :
+                         nil
+    end
+
+    def self.get_app_signing_key
+      @@app_signing_key
+    end
+
+    def self.get_app_verify_key
+      @@app_verify_key
+    end
+
+    def self.app_keys
+      algorithm = Auth.app_algorithm
+
+      {
+        :algorithm => algorithm,
+        :signing_key => Auth.show_key(Auth.get_app_signing_key, algorithm),
+        :verify_key => Auth.show_key(Auth.get_app_verify_key, algorithm),
+        :token_ttl => Auth.app_expiration_ttl
+      }
+    end
+
+  end
+end

data/lib/exoauth/version.rb

@@ -0,0 +1,3 @@
+module ExoAuth
+  VERSION = "0.1.0"
+end

data/lib/exoauth.rb

@@ -0,0 +1 @@
+require 'exoauth/auth'

metadata

@@ -0,0 +1,75 @@
+--- !ruby/object:Gem::Specification
+name: exoauth
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Dionysios Kakolyris
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2021-10-18 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+- !ruby/object:Gem::Dependency
+  name: exobasic
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+description: Exotic Auth Helpers
+email:
+- contact@exotic.industries
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- lib/exoauth.rb
+- lib/exoauth/auth.rb
+- lib/exoauth/version.rb
+homepage: https://bitbucket.org/vertigoindustries/exotic-auth
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 1.3.6
+requirements: []
+rubygems_version: 3.0.6
+signing_key:
+specification_version: 4
+summary: AuthHelpers
+test_files: []