firebase-token-verify 0.0.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +7 -0
  2. data/lib/firebase_ruby_auth.rb +52 -0
  3. data/lib/google_public_cert.rb +50 -0
  4. metadata +156 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 38541700233e3031c7d3b0e18e47c1d32202679acdeb2e3e1acaeeb7ddc1b2b8
4
+ data.tar.gz: e1bbe26f384f855f53583b78d92a18d19f8c6fb9f4ce3f94a3624b9df4c5b15c
5
+ SHA512:
6
+ metadata.gz: a232625dd721a574fe3f0348f2e8ca9984aa09651529a229e9f6ba0ddd4e95085bfef9d058eed84e4dccc92e38bb8d6718a559240b775eab64a8d3324166e1ae
7
+ data.tar.gz: f2f67a0f7844ea46682f7661304f7080e8bb3c618d90bb55361655ea8a392a8f74b18f59ae02ae4c0916410f3ebcd078344e3c44d8ffb06dd956508740e594f7
data/lib/firebase_ruby_auth.rb ADDED
@@ -0,0 +1,52 @@
1
+ # frozen_string_literal: true
2
+
3
+ # https://github.com/jwt/ruby-jwt
4
+ require 'jwt'
5
+
6
+ require 'google_public_cert'
7
+
8
+ # Interacts with data from Firebase
9
+ class FirebaseRubyAuth
10
+ def initialize(firebase_project_id)
11
+ @firebase_project_id = firebase_project_id
12
+ @public_cert = GooglePublicCert.new
13
+ end
14
+
15
+ # token would be a user's ID token
16
+ # https://firebase.google.com/docs/auth/admin/verify-id-tokens
17
+ # This will either return a hash with user data, or an empty hash
18
+ def decode_token(token)
19
+ return {} if @public_cert.keys.empty?
20
+
21
+ token_values = begin
22
+ JWT.decode(token, nil, true, options).first
23
+ rescue JWT::JWKError
24
+ {}
25
+ rescue JWT::DecodeError
26
+ {}
27
+ end
28
+ valid?(token_values) ? token_values : {}
29
+ end
30
+
31
+ private def options
32
+ {
33
+ algorithms: ['RS256'],
34
+
35
+ aud: @firebase_project_id,
36
+ verify_aud: true,
37
+
38
+ verify_iat: true,
39
+
40
+ iss: "https://securetoken.google.com/#{@firebase_project_id}",
41
+ verify_iss: true,
42
+
43
+ jwks: @public_cert.keys
44
+ }
45
+ end
46
+
47
+ private def valid?(token_values)
48
+ token_values['sub'].present? &&
49
+ token_values['auth_time'].present? &&
50
+ token_values['auth_time'].to_i < Time.now.utc.to_i
51
+ end
52
+ end
data/lib/google_public_cert.rb ADDED
@@ -0,0 +1,50 @@
1
+ # frozen_string_literal: true
2
+
3
+ # https://github.com/jwt/ruby-jwt
4
+ require 'jwt'
5
+
6
+ require 'net/http'
7
+
8
+ # Fetches and decodes public certificates from google
9
+ class GooglePublicCert
10
+ # This url is from the Google instructions,
11
+ # https://firebase.google.com/docs/auth/admin/verify-id-tokens
12
+ CERT_URL = 'https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com'
13
+
14
+ def initialize
15
+ fetch_google_public_key
16
+ end
17
+
18
+ def keys
19
+ fetch_google_public_key if @expires < Time.now.utc
20
+ @keys
21
+ end
22
+
23
+ private def fetch_google_public_key
24
+ request = Net::HTTP.get_response(URI(CERT_URL))
25
+ generate_keys(request)
26
+ generate_key_expiry(request)
27
+ end
28
+
29
+ private def generate_keys(request)
30
+ @keys = {
31
+ keys: (JSON.parse request.body).map do |key, value|
32
+ JWT::JWK
33
+ .new(OpenSSL::X509::Certificate.new(value).public_key)
34
+ .export
35
+ .merge(kid: key)
36
+ end
37
+ }
38
+ rescue JSON::ParserError
39
+ @keys = {}
40
+ end
41
+
42
+ private def generate_key_expiry(request)
43
+ headers = /max-age=\d+/.match(request.header['cache-control'].to_s).to_s
44
+ @expires = if headers.present?
45
+ Time.new(headers.split('max-age=')[1].to_i).utc
46
+ else
47
+ Time.now.utc
48
+ end
49
+ end
50
+ end
metadata ADDED
@@ -0,0 +1,156 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: firebase-token-verify
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.6
5
+ platform: ruby
6
+ authors:
7
+ - Emily Ring
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2019-05-30 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: jwt
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: 2.2.1
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: 2.2.1
27
+ - !ruby/object:Gem::Dependency
28
+ name: activesupport
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: 5.2.3
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: 5.2.3
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec-core
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: 3.8.0
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: 3.8.0
55
+ - !ruby/object:Gem::Dependency
56
+ name: rspec-expectations
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: 3.8.0
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: 3.8.0
69
+ - !ruby/object:Gem::Dependency
70
+ name: rspec-mocks
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: 3.8.0
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: 3.8.0
83
+ - !ruby/object:Gem::Dependency
84
+ name: rubocop
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: 0.71.0
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: 0.71.0
97
+ - !ruby/object:Gem::Dependency
98
+ name: simplecov
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: 0.16.1
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: 0.16.1
111
+ - !ruby/object:Gem::Dependency
112
+ name: webmock
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - "~>"
116
+ - !ruby/object:Gem::Version
117
+ version: 3.5.1
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - "~>"
123
+ - !ruby/object:Gem::Version
124
+ version: 3.5.1
125
+ description: Firebase Ruby Auth
126
+ email: railsclt@gmail.com
127
+ executables: []
128
+ extensions: []
129
+ extra_rdoc_files: []
130
+ files:
131
+ - lib/firebase_ruby_auth.rb
132
+ - lib/google_public_cert.rb
133
+ homepage: https://github.com/railscltgroup/firebase_auth
134
+ licenses:
135
+ - MIT
136
+ metadata: {}
137
+ post_install_message:
138
+ rdoc_options: []
139
+ require_paths:
140
+ - lib
141
+ required_ruby_version: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - ">="
144
+ - !ruby/object:Gem::Version
145
+ version: '0'
146
+ required_rubygems_version: !ruby/object:Gem::Requirement
147
+ requirements:
148
+ - - ">="
149
+ - !ruby/object:Gem::Version
150
+ version: '0'
151
+ requirements: []
152
+ rubygems_version: 3.0.3
153
+ signing_key:
154
+ specification_version: 4
155
+ summary: Authenticate Firebase User Tokens in Ruby
156
+ test_files: []