RubyGems - firebase_token_authentication - Versions diffs - 0.1.4 → 0.1.5 - Mend

firebase_token_authentication 0.1.4 → 0.1.5

Files changed (6) hide show

checksums.yaml +4 -4
data/README.md +77 -7
data/lib/firebase_token_authentication/access_token.rb +2 -2
data/lib/firebase_token_authentication/version.rb +1 -1
metadata +5 -5
data/Gemfile.lock +0 -82

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 46b815bea1125de46657346311dcebb824599311002a855b01c1f547e3fa7ebc
-  data.tar.gz: cd5a9fb3d6cae10429b344426909f143706a1c9d607a8b9b69d4d9dcc066e439
+  metadata.gz: 5a55c30f4e1bca8c32eba0ef7d317e81e6ac99432d2f5f60f851e2a19514e629
+  data.tar.gz: eee31410315e81f0a4579684b6e6eabe12d6ec9d891b792752398dadb1456811
 SHA512:
-  metadata.gz: 3be745baa590030ed8de336a11879a3f99afbe7da023af3a8242c3a4370b814edd36f36c2e0aa060535100158aaadd20c1117a287b72682bd21fb837f6e96f37
-  data.tar.gz: b29b18965dfa204ba17f6f32e88254c1a8dee1b049723bf8836977367af32f10a5e65148f16bbf6250fe1b2f2b591c6e7b1d357ac0048d9cbea6e58ee2f271e4
+  metadata.gz: 9cb923b4c7e9a0444231e6a81f37ba854b1b08f14d23474aead6f8793eb2f77a24b0f2425c249242f6ef175c3532d73e7887e76fdc10958098c53438fd9cb474
+  data.tar.gz: 6625152e878d4c580e1fb05a319c7534b6d4b62736fd8ba64b255aca185833f541fe59edabed3bc7ef516eb979352cf2b90dd32677dd98e5b44509401cb07765

data/README.md CHANGED Viewed

@@ -1,15 +1,17 @@
-# FirebaseAuth
+# Firebase Token Authentication
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/firebase_auth`. To experiment with that code, run `bin/console` for an interactive prompt.
+A light weight Firebase access token validator which utilizes HTTP caching to reduce network traffic when validating against Google's X509 Certificates.
-TODO: Delete this and the text above, and describe your gem
+The goal of this project was to create a reusable, light weight, non-rails dependent library to validate [Firebase Authentication](https://firebase.google.com/docs/auth) access tokens which could utilize an efficient cache without a required external dependency, like Redis. Moreover I wanted a solution flexible enough to host on Heroku which could safely survive dyno refreshes. After a dyno refreshes, on each dyno, the first call to fetch the Google X509 certs will go over the network, but from then on be cached.
+Underneath we are using the [ruby-jwt](https://github.com/jwt/ruby-jwt) gem to decode the access token. If the token does not decode properly it will raise an exception. We wrap the exception inside a `FirebaseTokenAuthentication::Error` to help differentiate between your application's own JWT implementation.
 ## Installation
 Add this line to your application's Gemfile:
 ```ruby
-gem 'firebase_auth'
+gem 'firebase_token_authentication'
 ```
 And then execute:
@@ -18,21 +20,89 @@ And then execute:
 Or install it yourself as:
-    $ gem install firebase_auth
+    $ gem install firebase_token_authentication
 ## Usage
-TODO: Write usage instructions here
+### Configuration
+```ruby
+# config/initializers/firebase_token_authentication.rb
+FirebaseTokenAuthentication.configure do |config|
+  # Your Firebase Project ID
+  config.firebase_project_id = ENV['firebase_project_id']
+  # An optional cache store to persist X509 Certificates
+  config.cache_store = CacheStore.new
+  # An optional logger hook to view cache status
+  config.logger = Logger.new(STDOUT)
+end
+```
+### Cache Store
+The gem uses [Faraday](https://github.com/lostisland/faraday) with the [faraday-http-cache](https://github.com/sourcelevel/faraday-http-cache) middleware gem to manage the cache.
+Any cache object that responds to `write(key, value)`, `read(key)`, and `delete(key)` is a valid cache store. To that extent you could roll your own cache store quite easily.
+A very rough, but easy to understand, example with a plain ol' ruby object:
+```ruby
+class CacheStore
+  def write(key, value)
+    store[key] = value
+  end
+  def read(key)
+    store[key]
+  end
+  def delete(key)
+    store.delete(key)
+    store
+  end
+  def store
+    @store ||= {}
+  end
+end
+```
+#### Rails Cache
+The [Rails.cache](https://guides.rubyonrails.org/caching_with_rails.html) is a valid cache store. As a reminder though it is disabled in Development and Test environments and has many different config options. I recommend you review [the docs](https://guides.rubyonrails.org/caching_with_rails.html).
+### Logger
+The `config.logger` allows you to view the status of the cache. An example of a log:
+`HTTP Cache: [GET /robot/v1/metadata/x509/securetoken@system.gserviceaccount.com] fresh`
+Pulled directly from the [faraday-http-cache](https://github.com/sourcelevel/faraday-http-cache) docs, the keys represent the following:
+- `:unacceptable` means that the request did not go through the cache at all.
+- `:miss` means that no cached response could be found.
+- `:invalid` means that the cached response could not be validated against the server.
+- `:valid` means that the cached response could be validated against the server.
+- `:fresh` means that the cached response was still fresh and could be returned without even calling the server.
 ## Development
+### TODOs
+- [ ] Complete the test suite
+- [ ] Class and method documentation
+- [ ] Add support for non shared cache [RFC 2616 Shared and Non-Shared Caches](https://datatracker.ietf.org/doc/html/rfc2616#section-13.7) which seems simple [with this config](https://github.com/sourcelevel/faraday-http-cache#shared-vs-non-shared-caches).
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
 To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
 ## Contributing
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/firebase_auth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/firebase_auth/blob/main/CODE_OF_CONDUCT.md).
+Bug reports and pull requests are welcome on GitHub at https://github.com/alphabites/firebase_auth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/alphabites/firebase_auth/blob/main/CODE_OF_CONDUCT.md).
 ## License

data/lib/firebase_token_authentication/access_token.rb CHANGED Viewed

@@ -21,14 +21,14 @@ module FirebaseTokenAuthentication
     def verify
       decode(key: certificate.find(key_id))
-    rescue StandardError => e
-      raise FirebaseTokenAuthentication::Error, e.message
     end
     private
     def decode(key: nil, verify_key: true)
       JWT.decode(firebase_token, key&.public_key, verify_key, decode_options)
+    rescue StandardError => e
+      raise FirebaseTokenAuthentication::Error, e.message
     end
     def decode_options

data/lib/firebase_token_authentication/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module FirebaseTokenAuthentication
-  VERSION = "0.1.4"
+  VERSION = "0.1.5"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: firebase_token_authentication
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.5
 platform: ruby
 authors:
 - Nick Fuller
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-01-18 00:00:00.000000000 Z
+date: 2022-01-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -94,7 +94,8 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description:
+description: A light weight Firebase access token validator whichutilizes HTTP caching
+  to reduce network traffic whenvalidating against Google's X509 Certificates.
 email:
 - nfuller52@gmail.com
 executables: []
@@ -106,7 +107,6 @@ files:
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
-- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
@@ -142,5 +142,5 @@ requirements: []
 rubygems_version: 3.3.3
 signing_key:
 specification_version: 4
-summary: Simple tool for verifying Firebase Authentication JWT tokens.
+summary: Simple tool for verifying Firebase JWT access tokens.
 test_files: []

data/Gemfile.lock DELETED Viewed

@@ -1,82 +0,0 @@
-PATH
-  remote: .
-  specs:
-    firebase_token_authentication (0.1.1)
-      faraday
-      faraday-http-cache
-      jwt
-GEM
-  remote: https://rubygems.org/
-  specs:
-    ast (2.4.2)
-    debug (1.4.0)
-      irb (>= 1.3.6)
-      reline (>= 0.2.7)
-    diff-lcs (1.5.0)
-    faraday (2.1.0)
-      faraday-net_http (~> 2.0)
-      ruby2_keywords (>= 0.0.4)
-    faraday-http-cache (2.2.0)
-      faraday (>= 0.8)
-    faraday-net_http (2.0.1)
-    io-console (0.5.11)
-    irb (1.4.1)
-      reline (>= 0.3.0)
-    jwt (2.3.0)
-    parallel (1.21.0)
-    parser (3.1.0.0)
-      ast (~> 2.4.1)
-    rainbow (3.1.1)
-    rake (13.0.6)
-    regexp_parser (2.2.0)
-    reline (0.3.1)
-      io-console (~> 0.5)
-    rexml (3.2.5)
-    rspec (3.10.0)
-      rspec-core (~> 3.10.0)
-      rspec-expectations (~> 3.10.0)
-      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.1)
-      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.2)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-mocks (3.10.2)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-support (3.10.3)
-    rubocop (1.24.1)
-      parallel (~> 1.10)
-      parser (>= 3.0.0.0)
-      rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
-      rexml
-      rubocop-ast (>= 1.15.1, < 2.0)
-      ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.15.1)
-      parser (>= 3.0.1.1)
-    rubocop-rake (0.6.0)
-      rubocop (~> 1.0)
-    rubocop-rspec (2.7.0)
-      rubocop (~> 1.19)
-    ruby-progressbar (1.11.0)
-    ruby2_keywords (0.0.5)
-    unicode-display_width (2.1.0)
-PLATFORMS
-  arm64-darwin-20
-  x86_64-linux
-DEPENDENCIES
-  debug
-  firebase_token_authentication!
-  rake (~> 13.0)
-  rspec (~> 3.0)
-  rubocop (~> 1.21)
-  rubocop-rake
-  rubocop-rspec
-BUNDLED WITH
-   2.3.5