RubyGems - firebase-verifier - Versions diffs - 0.1.1 → 0.1.2 - Mend

firebase-verifier 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/firebase-verifier-0.1.1.gem +0 -0
data/lib/firebase-verifier/version.rb +5 -0
data/lib/firebase-verifier.rb +97 -2
metadata +3 -3
data/lib/firebase-verifier/verifier/version.rb +0 -7
data/lib/firebase-verifier/verifier.rb +0 -100

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9ba82cb9c05bac921ca409201ba45c3157e2c9c9050c4d05b839d26e54af6b18
-  data.tar.gz: cbbb89f4ea2f26f48fa7d9b6b34f228d4e0243dd4a85dc7b127830f723ea634e
+  metadata.gz: ec6a37622e586bd362d2a8435447a0bd9f1032ae86bfe6b6f48836c0108e6cb7
+  data.tar.gz: 304865d4091509f73e08a75d111f2382aab8fc0f064b23d0274dcdddfd150b64
 SHA512:
-  metadata.gz: e8904cb82df7fcd92b6a91815ba3b8e1ce109715d465d4afc9395b8d668a38bdb451c2a2a5a7b123fc6f5ff52924a7aee3e22b72a4b7b078795843aec7c578cb
-  data.tar.gz: 3aebcf7585b5a67f729af6836f9cdeaf05342c54ef4a5d22ac7ed88d5a7c02e7e60ac5d70f3eb1531b4a8d3fc100545bd4aa277538dd4714743715397c4b5937
+  metadata.gz: a43723c7e762feb715ef087de087beac7de787e707b0a74b776b9f2a44d791b028798818dfdff929e8203f66833d33a454276dabedb30aaaa42ddc8ed7395cbc
+  data.tar.gz: 00da9c1b6d851f4dd989630084d39487ebee3672ecd50015a733ad033b483709bc89823b72aa87cdb4b7dd08b8e663eafda64689969563917480a915634f58d0

data/firebase-verifier-0.1.1.gem ADDED Viewed

Binary file

data/lib/firebase-verifier/version.rb ADDED Viewed

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+class FirebaseVerifier
+  VERSION = "0.1.2"
+end

data/lib/firebase-verifier.rb CHANGED Viewed

@@ -1,2 +1,97 @@
-require "firebase-verifier/verifier/version"
-require "firebase-verifier/verifier"
+# frozen_string_literal: true
+require_relative "firebase-verifier/version"
+require 'net/http'
+require 'json'
+require 'jwt'
+class FirebaseVerifier
+  VALID_JWT_PUBLIC_KEYS_RESPONSE_CACHE_KEY = "firebase_jwt_public_keys_cache_key"
+  JWT_ALGORITHM = 'RS256'
+  def initialize(firebase_project_id)
+    @firebase_project_id = firebase_project_id
+  end
+  def decode(id_token)
+    payload, header = decode_jwt_token(id_token, @firebase_project_id)
+    alg = header['alg']
+    raise "Invalid access token 'alg' header (#{alg}). Must be '#{JWT_ALGORITHM}'." unless alg == JWT_ALGORITHM
+    typ = header['typ']
+    raise "Invalid access token 'typ' header (#{typ}). Must be 'JWT'." unless typ == 'JWT'
+    iss = payload['iss']
+    issuer = "https://securetoken.google.com/#{@firebase_project_id}"
+    raise "Invalid access token 'iss' payload (#{iss}). Must be '#{issuer}'." unless iss == issuer
+    exp = payload['exp']
+    raise "Invalid access token 'exp' payload (#{exp}). Token has expired." unless Time.at(exp) > Time.now
+    aud = payload['aud']
+    audience = @firebase_project_id
+    raise "Invalid access token 'aud' payload (#{aud}). Must be '#{audience}'." unless aud == audience
+    kid = header['kid']
+    valid_public_keys = retrieve_and_cache_jwt_valid_public_keys
+    raise "Invalid access token 'kid' header, do not correspond to valid public keys." unless valid_public_keys.keys.include?(kid)
+    sub = payload['sub']
+    raise "Invalid access token. 'Subject' (sub) must be a non-empty string." if sub.nil? || sub.empty?
+    payload
+  end
+  private
+  def decode_jwt_token(firebase_jwt_token, firebase_project_id)
+    public_key = nil
+    custom_options = {
+      verify_iat: true,
+      verify_aud: true,
+      aud: firebase_project_id,
+      verify_iss: true,
+      iss: "https://securetoken.google.com/#{firebase_project_id}"
+    }
+    custom_options[:algorithm] = JWT_ALGORITHM unless public_key.nil?
+    begin
+      decoded_token = JWT.decode(firebase_jwt_token, public_key, !public_key.nil?, custom_options)
+    rescue JWT::ExpiredSignature
+      return nil, "Invalid access token. 'Expiration time' (exp) must be in the future."
+    rescue JWT::InvalidIatError
+      return nil, "Invalid access token. 'Issued-at time' (iat) must be in the past."
+    rescue JWT::InvalidAudError
+      return nil, "Invalid access token. 'Audience' (aud) must be your Firebase project ID, the unique identifier for your Firebase project."
+    rescue JWT::InvalidIssuerError
+      return nil, "Invalid access token. 'Issuer' (iss) Must be 'https://securetoken.google.com/<projectId>', where <projectId> is your Firebase project ID."
+    rescue JWT::VerificationError
+      return nil, "Invalid access token. Signature verification failed."
+    end
+    return decoded_token
+  end
+  def retrieve_and_cache_jwt_valid_public_keys
+    valid_public_keys = Rails.cache.read(VALID_JWT_PUBLIC_KEYS_RESPONSE_CACHE_KEY)
+    if valid_public_keys.nil?
+      uri = URI("https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com")
+      response = Net::HTTP.get_response(uri)
+      if response.code != '200'
+        raise "Something went wrong: can't obtain valid JWT public keys from Google."
+      end
+      valid_public_keys = JSON.parse(response.body)
+      cc = response["cache-control"]
+      max_age = cc[/max-age=(\d+?),/m, 1]
+      Rails.cache.write(VALID_JWT_PUBLIC_KEYS_RESPONSE_CACHE_KEY, valid_public_keys, :expires_in => max_age.to_i)
+    end
+    valid_public_keys
+  end
+end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: firebase-verifier
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - KuruStudio
@@ -22,9 +22,9 @@ files:
 - README.md
 - Rakefile
 - firebase-verifier-0.1.0.gem
+- firebase-verifier-0.1.1.gem
 - lib/firebase-verifier.rb
-- lib/firebase-verifier/verifier.rb
-- lib/firebase-verifier/verifier/version.rb
+- lib/firebase-verifier/version.rb
 - sig/firebase-verifier/verifier.rbs
 homepage: https://kuru.studio
 licenses: []

data/lib/firebase-verifier/verifier/version.rb DELETED Viewed

@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-module FirebaseVerifier
-  module Verifier
-    VERSION = "0.1.1"
-  end
-end

data/lib/firebase-verifier/verifier.rb DELETED Viewed

@@ -1,100 +0,0 @@
-# frozen_string_literal: true
-require_relative "verifier/version"
-require 'net/http'
-require 'json'
-require 'jwt'
-module FirebaseVerifier
-  module Verifier
-    class Error < StandardError; end
-    VALID_JWT_PUBLIC_KEYS_RESPONSE_CACHE_KEY = "firebase_jwt_public_keys_cache_key"
-    JWT_ALGORITHM = 'RS256'
-    def initialize(firebase_project_id)
-      @firebase_project_id = firebase_project_id
-    end
-    def decode(id_token)
-      payload, header = decode_jwt_token(id_token, @firebase_project_id)
-      alg = header['alg']
-      raise "Invalid access token 'alg' header (#{alg}). Must be '#{JWT_ALGORITHM}'." unless alg == JWT_ALGORITHM
-      typ = header['typ']
-      raise "Invalid access token 'typ' header (#{typ}). Must be 'JWT'." unless typ == 'JWT'
-      iss = payload['iss']
-      issuer = "https://securetoken.google.com/#{@firebase_project_id}"
-      raise "Invalid access token 'iss' payload (#{iss}). Must be '#{issuer}'." unless iss == issuer
-      exp = payload['exp']
-      raise "Invalid access token 'exp' payload (#{exp}). Token has expired." unless Time.at(exp) > Time.now
-      aud = payload['aud']
-      audience = @firebase_project_id
-      raise "Invalid access token 'aud' payload (#{aud}). Must be '#{audience}'." unless aud == audience
-      kid = header['kid']
-      valid_public_keys = retrieve_and_cache_jwt_valid_public_keys
-      raise "Invalid access token 'kid' header, do not correspond to valid public keys." unless valid_public_keys.keys.include?(kid)
-      sub = payload['sub']
-      raise "Invalid access token. 'Subject' (sub) must be a non-empty string." if sub.nil? || sub.empty?
-      payload
-    end
-    private
-    def decode_jwt_token(firebase_jwt_token, firebase_project_id)
-      public_key = nil
-      custom_options = {
-        verify_iat: true,
-        verify_aud: true,
-        aud: firebase_project_id,
-        verify_iss: true,
-        iss: "https://securetoken.google.com/#{firebase_project_id}"
-      }
-      custom_options[:algorithm] = JWT_ALGORITHM unless public_key.nil?
-      begin
-        decoded_token = JWT.decode(firebase_jwt_token, public_key, !public_key.nil?, custom_options)
-      rescue JWT::ExpiredSignature
-        return nil, "Invalid access token. 'Expiration time' (exp) must be in the future."
-      rescue JWT::InvalidIatError
-        return nil, "Invalid access token. 'Issued-at time' (iat) must be in the past."
-      rescue JWT::InvalidAudError
-        return nil, "Invalid access token. 'Audience' (aud) must be your Firebase project ID, the unique identifier for your Firebase project."
-      rescue JWT::InvalidIssuerError
-        return nil, "Invalid access token. 'Issuer' (iss) Must be 'https://securetoken.google.com/<projectId>', where <projectId> is your Firebase project ID."
-      rescue JWT::VerificationError
-        return nil, "Invalid access token. Signature verification failed."
-      end
-      return decoded_token
-    end
-    def retrieve_and_cache_jwt_valid_public_keys
-      valid_public_keys = Rails.cache.read(VALID_JWT_PUBLIC_KEYS_RESPONSE_CACHE_KEY)
-      if valid_public_keys.nil?
-        uri = URI("https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com")
-        response = Net::HTTP.get_response(uri)
-        if response.code != '200'
-          raise "Something went wrong: can't obtain valid JWT public keys from Google."
-        end
-        valid_public_keys = JSON.parse(response.body)
-        cc = response["cache-control"]
-        max_age = cc[/max-age=(\d+?),/m, 1]
-        Rails.cache.write(VALID_JWT_PUBLIC_KEYS_RESPONSE_CACHE_KEY, valid_public_keys, :expires_in => max_age.to_i)
-      end
-      valid_public_keys
-    end
-  end
-end