exoauth 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +7 -0
  2. data/README.md +17 -0
  3. data/lib/exoauth/auth.rb +254 -0
  4. data/lib/exoauth/version.rb +3 -0
  5. data/lib/exoauth.rb +1 -0
  6. metadata +75 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: '0417275861e8def76ab9f53cc0e62c74670dcb790c4dd8b695e7debbc3613fbe'
4
+ data.tar.gz: c1827f16b9a16293079ae609f2f451dd4f7957a4b4740777aacd5299df9b1c31
5
+ SHA512:
6
+ metadata.gz: 3c89974b8622adbab518a1b5a76c8a87f17a25b8da419347234433d1884cc866aa57f26ee1988913a29a5055c992b8cb06f07b1c390b83322b76652b047932e1
7
+ data.tar.gz: 2e8a34be42eb834f0ba76b42b9e5c5a19ffe41549576bdafac5a87366764263cbd7f989e0f90d9950410ba50f24f80dc9da81fcd52821c21dff87b892a5c0977
data/README.md ADDED
@@ -0,0 +1,17 @@
1
+ # ExoAuth
2
+
3
+ AuthHelpers: This gem provides auth helpers for a Ruby project.
4
+
5
+ - User auth
6
+
7
+ [reference for gem creation: [newgem-template](https://github.com/wycats/newgem-template)]
8
+
9
+ [reference for git init: [github init](https://gist.github.com/seankross/8830032)]
10
+
11
+
12
+ ## Getting started
13
+
14
+ ### Requirements
15
+
16
+ - Ruby 2.5+
17
+ - JWT 2.3.0
data/lib/exoauth/auth.rb ADDED
@@ -0,0 +1,254 @@
1
+ require 'jwt'
2
+
3
+ module ExoAuth
4
+ class Auth
5
+ DEFAULT_ALGORITHM = 'RS256'
6
+ DEFAULT_HMAC_SIZE = 20
7
+ DEFAULT_RSA_SIZE = 4096
8
+ DEFAULT_TOKEN_TTL = 3600
9
+ DEFAULT_SIGNING_KEY_PATH = '~/.ssh/exotic-app.rsa'
10
+ DEFAULT_VERIFY_KEY_PATH = '~/.ssh/exotic-app.rsa.pub'
11
+
12
+ @@conf = ExoBasic::Settings.loaded['user_auth']
13
+ ExoBasic::Settings.add_on_load_observer(Auth)
14
+
15
+ def self.app_algorithm
16
+ ExoBasic::Settings.try_get_key(@@conf,
17
+ Auth::DEFAULT_ALGORITHM,
18
+ 'algorithm')
19
+ end
20
+
21
+ def self.app_expiration_ttl
22
+ ExoBasic::Settings.try_get_key(@@conf,
23
+ Auth::DEFAULT_TOKEN_TTL,
24
+ 'token_ttl')
25
+ end
26
+
27
+ def self.issued_expiration_time(now)
28
+ now.to_i + Auth.app_expiration_ttl
29
+ end
30
+
31
+ def self.expired?(now, expiration_time)
32
+ now > Time.at(expiration_time.to_i)
33
+ end
34
+
35
+ def self.show_key(key, algorithm)
36
+ case algorithm
37
+ when 'HS256'
38
+ key
39
+ when 'ES384', 'ES512'
40
+ ExoBasic::ECDSAKeys.to_pem(key)
41
+ when 'RS256'
42
+ ExoBasic::RSAKeys.to_pem(key)
43
+ else
44
+ nil
45
+ end
46
+ end
47
+
48
+ def self.generate_key(algorithm, parm=nil)
49
+ case algorithm
50
+ when 'HS256'
51
+ if parm.nil?
52
+ parm = Auth::DEFAULT_HMAC_SIZE
53
+ end
54
+
55
+ ExoBasic::HMACKeys.gen_key(parm)
56
+ when 'ES384'
57
+ ExoBasic::ECDSAKeys.gen_key('secp384r1')
58
+ when 'ES512'
59
+ ExoBasic::ECDSAKeys.gen_key('secp521r1')
60
+ when 'RS256'
61
+ if parm.nil?
62
+ parm = Auth::DEFAULT_RSA_SIZE
63
+ end
64
+
65
+ ExoBasic::RSAKeys.gen_key(parm)
66
+ else
67
+ nil
68
+ end
69
+ end
70
+
71
+ def self.private_key_from_pem(pem, algorithm)
72
+ pkey = nil
73
+ case algorithm
74
+ when 'HS256'
75
+ pkey = pem
76
+ when 'ES384', 'ES512'
77
+ pkey = ExoBasic::ECDSAKeys.from_pem(pem)
78
+ when 'RS256'
79
+ pkey = ExoBasic::RSAKeys.from_pem(pem)
80
+ end
81
+
82
+ pkey
83
+ end
84
+
85
+ def self.public_key_from_pem(pem, algorithm)
86
+ pub_key = nil
87
+ case algorithm
88
+ when 'HS256'
89
+ pub_key = pem
90
+ when 'ES384', 'ES512'
91
+ pub_key = ExoBasic::ECDSAKeys.from_pem(pem)
92
+ pub_key.private_key = nil
93
+ when 'RS256'
94
+ pub_key = ExoBasic::RSAKeys.from_pem(pem)
95
+ end
96
+
97
+ pub_key
98
+ end
99
+
100
+ def self.key_from_file(fname, algorithm)
101
+ key = nil
102
+ File.open(fname) do |file|
103
+ case algorithm
104
+ when 'HS256'
105
+ key = file.read
106
+ when 'ES384', 'ES512', 'RS256'
107
+ key = OpenSSL::PKey.read(file)
108
+ end
109
+ end
110
+
111
+ key
112
+ end
113
+
114
+ def self.key_to_file(fname, key)
115
+ done = false
116
+ File.open(fname, 'w') do |file|
117
+ done = file.write(key) > 0
118
+ end
119
+
120
+ done
121
+ end
122
+
123
+ def self.encode(payload, signing_key='default', algorithm='default')
124
+ if algorithm == 'default'
125
+ algorithm = Auth.app_algorithm
126
+ end
127
+ if signing_key == 'default'
128
+ signing_key = Auth.get_app_signing_key
129
+ else
130
+ signing_key = Auth.private_key_from_pem(signing_key, algorithm)
131
+ end
132
+
133
+ now = Time.now
134
+ headers = {
135
+ 'iat' => now.to_i,
136
+ 'exp' => Auth.issued_expiration_time(now)
137
+ }
138
+ if signing_key.nil?
139
+ JWT.encode(payload, nil, 'none', headers)
140
+ else
141
+ JWT.encode(payload, signing_key, algorithm, headers)
142
+ end
143
+ end
144
+
145
+ def self.decode(token, verify_key='default', algorithm='default')
146
+ if algorithm == 'default'
147
+ algorithm = Auth.app_algorithm
148
+ end
149
+ if verify_key == 'default'
150
+ verify_key = Auth.get_app_verify_key
151
+ else
152
+ verify_key = Auth.public_key_from_pem(verify_key, algorithm)
153
+ end
154
+
155
+ begin
156
+ payload, headers = [nil, nil]
157
+ if verify_key.nil?
158
+ payload, headers = JWT.decode(token, nil, false)
159
+ else
160
+ payload, headers = JWT.decode(token, verify_key, true, { algorithm: algorithm })
161
+ end
162
+
163
+ now = Time.now
164
+ if !headers['iat'].nil? &&
165
+ (headers['iat'].to_f > now.to_f ||
166
+ Auth.expired?(now, Auth.issued_expiration_time(headers['iat'])))
167
+
168
+ false
169
+ elsif !headers['exp'].nil? &&
170
+ (headers['exp'].to_i < now.to_i ||
171
+ Auth.expired?(now, headers['exp']))
172
+
173
+ false
174
+ else
175
+ payload
176
+ end
177
+ rescue JWT::DecodeError => e
178
+ return false
179
+ end
180
+ end
181
+
182
+ @@app_signing_key = ExoBasic::Settings.try_get_key(@@conf,
183
+ true,
184
+ 'signing_enabled') ?
185
+ Auth.key_from_file(
186
+ File.expand_path(
187
+ ExoBasic::Settings.try_get_key(@@conf,
188
+ Auth::DEFAULT_SIGNING_KEY_PATH,
189
+ 'signing_key_path'),
190
+ __FILE__),
191
+ Auth.app_algorithm) :
192
+ nil
193
+
194
+ @@app_verify_key = ExoBasic::Settings.try_get_key(@@conf,
195
+ true,
196
+ 'verify_enabled') ?
197
+ Auth.key_from_file(
198
+ File.expand_path(
199
+ ExoBasic::Settings.try_get_key(@@conf,
200
+ Auth::DEFAULT_VERIFY_KEY_PATH,
201
+ 'verify_key_path'),
202
+ __FILE__),
203
+ Auth.app_algorithm) :
204
+ nil
205
+
206
+ def self.settings_reloaded
207
+ @@conf = ExoBasic::Settings.loaded['user_auth']
208
+
209
+ @@app_signing_key = ExoBasic::Settings.try_get_key(@@conf,
210
+ true,
211
+ 'signing_enabled') ?
212
+ Auth.key_from_file(
213
+ File.expand_path(
214
+ ExoBasic::Settings.try_get_key(@@conf,
215
+ Auth::DEFAULT_SIGNING_KEY_PATH,
216
+ 'signing_key_path'),
217
+ __FILE__),
218
+ Auth.app_algorithm) :
219
+ nil
220
+
221
+ @@app_verify_key = ExoBasic::Settings.try_get_key(@@conf,
222
+ true,
223
+ 'verify_enabled') ?
224
+ Auth.key_from_file(
225
+ File.expand_path(
226
+ ExoBasic::Settings.try_get_key(@@conf,
227
+ Auth::DEFAULT_VERIFY_KEY_PATH,
228
+ 'verify_key_path'),
229
+ __FILE__),
230
+ Auth.app_algorithm) :
231
+ nil
232
+ end
233
+
234
+ def self.get_app_signing_key
235
+ @@app_signing_key
236
+ end
237
+
238
+ def self.get_app_verify_key
239
+ @@app_verify_key
240
+ end
241
+
242
+ def self.app_keys
243
+ algorithm = Auth.app_algorithm
244
+
245
+ {
246
+ :algorithm => algorithm,
247
+ :signing_key => Auth.show_key(Auth.get_app_signing_key, algorithm),
248
+ :verify_key => Auth.show_key(Auth.get_app_verify_key, algorithm),
249
+ :token_ttl => Auth.app_expiration_ttl
250
+ }
251
+ end
252
+
253
+ end
254
+ end
data/lib/exoauth/version.rb ADDED
@@ -0,0 +1,3 @@
1
+ module ExoAuth
2
+ VERSION = "0.1.0"
3
+ end
data/lib/exoauth.rb ADDED
@@ -0,0 +1 @@
1
+ require 'exoauth/auth'
metadata ADDED
@@ -0,0 +1,75 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: exoauth
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Dionysios Kakolyris
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2021-10-18 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: jwt
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: 2.3.0
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: 2.3.0
27
+ - !ruby/object:Gem::Dependency
28
+ name: exobasic
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: 0.1.0
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: 0.1.0
41
+ description: Exotic Auth Helpers
42
+ email:
43
+ - contact@exotic.industries
44
+ executables: []
45
+ extensions: []
46
+ extra_rdoc_files: []
47
+ files:
48
+ - README.md
49
+ - lib/exoauth.rb
50
+ - lib/exoauth/auth.rb
51
+ - lib/exoauth/version.rb
52
+ homepage: https://bitbucket.org/vertigoindustries/exotic-auth
53
+ licenses:
54
+ - MIT
55
+ metadata: {}
56
+ post_install_message:
57
+ rdoc_options: []
58
+ require_paths:
59
+ - lib
60
+ required_ruby_version: !ruby/object:Gem::Requirement
61
+ requirements:
62
+ - - ">="
63
+ - !ruby/object:Gem::Version
64
+ version: '0'
65
+ required_rubygems_version: !ruby/object:Gem::Requirement
66
+ requirements:
67
+ - - ">="
68
+ - !ruby/object:Gem::Version
69
+ version: 1.3.6
70
+ requirements: []
71
+ rubygems_version: 3.0.6
72
+ signing_key:
73
+ specification_version: 4
74
+ summary: AuthHelpers
75
+ test_files: []