firebase_auth 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 149cb50806f0f024c102a3b43a43b7fb52bcb11deb55639321dc1e5f0b7b0a0c
+  data.tar.gz: 3c6f03309195161399b618f17a98b914e0f7a1329c82087a2d5d5597570488c6
+SHA512:
+  metadata.gz: 79d19e062517ea6a1ac84fd56f15250c6fa3aa4947dfa11039e0023db0cbdcb2b430a82eb08cadaa615fafaab8e7e4bf13b591080ffdc186c4dc6ee90afa46e4
+  data.tar.gz: 753f332ba91bca2c64e1596d693dd465a707f505d9e7f1dc76d7b0933691eaa2ba1f5022a46901ee12c2026751f35aebbb28b59eb809439f045cac369b13c4a3

data/.gitignore

@@ -0,0 +1,8 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/Gemfile

@@ -0,0 +1,5 @@
+source 'https://rubygems.org'
+
+gemspec
+
+gem 'rake', '~> 12.0'

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2020 Injung Chung
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,40 @@
+# FirebaseAuth
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/firebase_auth`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'firebase_auth'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install firebase_auth
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/firebase_auth.
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,3 @@
+require 'bundler/gem_tasks'
+
+task :default => :spec

data/firebase_auth.gemspec

@@ -0,0 +1,20 @@
+require_relative 'lib/firebase_auth/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'firebase_auth'
+  spec.version       = FirebaseAuth::VERSION
+  spec.authors       = ['mu29']
+  spec.email         = ['mu29@yeoubi.net']
+
+  spec.summary       = 'Verify & decode Firebase ID token on Ruby'
+  spec.homepage      = 'https://github.com/mu29/firebase_auth'
+  spec.license       = 'MIT'
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.3.0')
+
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'httparty'
+end

data/lib/firebase_auth.rb

@@ -0,0 +1,42 @@
+require 'httparty'
+require 'firebase_auth/id_token_verifier'
+require 'firebase_auth/public_keys'
+
+module FirebaseAuth
+  class Auth
+    include Singleton
+
+    def initialize
+      refresh
+    end
+
+    def public_keys
+      resolve { @public_keys }
+    end
+
+    def verify_id_token(id_token)
+      result = resolve { @id_token_verifier.verify(id_token) }
+
+      if result
+        OpenStruct.new(result.payload)
+      end
+    end
+
+    class << self
+      delegate :verify_id_token, :public_keys, to: :instance
+    end
+
+    private
+
+    def refresh
+      @public_keys = PublicKeys.new
+      @id_token_verifier = IDTokenVerifier.new(@public_keys)
+    end
+
+    def resolve
+      refresh unless @public_keys.valid?
+
+      yield
+    end
+  end
+end

data/lib/firebase_auth/id_token_verifier.rb

@@ -0,0 +1,20 @@
+module FirebaseAuth
+  class IDTokenVerifier
+    JWT_OPTIONS = { algorithm: 'RS256', verify_iat: true }
+
+    def initialize(public_keys)
+      @public_keys = public_keys
+    end
+
+    def verify(id_token)
+      kid = JWT.decode(id_token, nil, false).last['kid'] rescue nil
+      decode_jwt(id_token, @public_keys.look_up(kid))
+    end
+
+    private
+
+    def decode_jwt(id_token, x509)
+      JWT.decode(id_token, x509.public_key, true, JWT_OPTIONS) rescue nil
+    end
+  end
+end

data/lib/firebase_auth/public_keys.rb

@@ -0,0 +1,39 @@
+module FirebaseAuth
+  class PublicKeys
+    URL = 'https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com'
+    EXPIRES_HEADER = 'expires'
+
+    attr_reader :response
+
+    delegate :keys, :values, to: :data
+
+    def initialize
+      @response = fetch
+    end
+
+    def valid?
+      Time.now.utc < time_to_expire
+    end
+
+    def data
+      @parsed_body ||= JSON.parse(response.body)
+    end
+
+    def look_up(kid)
+      @certificate_hash ||= Hash[data.map { |k, v| [k, OpenSSL::X509::Certificate.new(v)] }]
+      @certificate_hash[kid]
+    end
+
+    private
+
+    def time_to_expire
+      @time_to_expire ||= Time.parse(
+        response.headers[EXPIRES_HEADER]
+      )
+    end
+
+    def fetch
+      HTTParty.get(URL)
+    end
+  end
+end

data/lib/firebase_auth/version.rb

@@ -0,0 +1,3 @@
+module FirebaseAuth
+  VERSION = '1.0.0'
+end

metadata

@@ -0,0 +1,67 @@
+--- !ruby/object:Gem::Specification
+name: firebase_auth
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- mu29
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-06-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- mu29@yeoubi.net
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- firebase_auth.gemspec
+- lib/firebase_auth.rb
+- lib/firebase_auth/id_token_verifier.rb
+- lib/firebase_auth/public_keys.rb
+- lib/firebase_auth/version.rb
+homepage: https://github.com/mu29/firebase_auth
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key: 
+specification_version: 4
+summary: Verify & decode Firebase ID token on Ruby
+test_files: []