iap-verifier 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +7 -0
  2. data/lib/iap-verifier.rb +1 -0
  3. data/lib/rack/iap_verifier.rb +62 -0
  4. metadata +115 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: b6f9808c587d72c1cd62fe86b164d0cd9b72d035
4
+ data.tar.gz: '062409b3d179043d70dc77bce466dfd9dd47ec84'
5
+ SHA512:
6
+ metadata.gz: 3baf23a9fc678fec86f9212aca4b8d18f08c021b20d2cf49bccefdb5ed743d66beb13eafd165ad44a6d78e4989e58a0922b8fd12e673080b4f62316a7b1a053f
7
+ data.tar.gz: 20e0c0dfc90e3064ba6d29b659abe5d1ca9109ce64ab1be59a5f1d588265d171b8a50eedda774671a59d648869842cbcd9ba54119e09fd07912f4bfa6bcef384
data/lib/iap-verifier.rb ADDED
@@ -0,0 +1 @@
1
+ require 'rack/iap_verifier'
data/lib/rack/iap_verifier.rb ADDED
@@ -0,0 +1,62 @@
1
+ require 'json'
2
+ require 'jwt'
3
+ require 'open-uri'
4
+
5
+ module Rack
6
+ class IapVerifier
7
+ ALGORITHM = 'ES256'.freeze
8
+ HEADER_NAME = 'HTTP_X_GOOG_IAP_JWT_ASSERTION'.freeze
9
+ PUBLIC_KEYS_ENDPOINT = 'https://www.gstatic.com/iap/verify/public_key'.freeze
10
+ ISSUER = 'https://cloud.google.com/iap'.freeze
11
+
12
+ def initialize(app, audience:)
13
+ @app = app
14
+ @audience = audience
15
+ @public_keys = {}
16
+ end
17
+
18
+ def call(env)
19
+ if valid_jwt?(env[HEADER_NAME])
20
+ app.call(env)
21
+ else
22
+ [403, {}, []]
23
+ end
24
+ end
25
+
26
+ private
27
+
28
+ attr_reader :app, :public_keys, :audience
29
+
30
+ def valid_jwt?(token)
31
+ return false unless token
32
+
33
+ key = public_key(token)
34
+ return false unless key
35
+
36
+ !!JWT.decode(token, key, true,
37
+ aud: @audience,
38
+ verify_aud: true,
39
+ iss: ISSUER,
40
+ verify_iss: true,
41
+ algorithm: ALGORITHM
42
+ )
43
+ rescue JWT::DecodeError
44
+ false
45
+ end
46
+
47
+ def public_key(token)
48
+ _, header = JWT.decode(token, nil, false)
49
+ OpenSSL::PKey.read(fetch_public_key(header['kid']))
50
+ end
51
+
52
+ def fetch_public_key(kid)
53
+ cached_key = public_keys[kid]
54
+ return cached_key if cached_key
55
+
56
+ @public_keys = JSON.parse(open(PUBLIC_KEYS_ENDPOINT).read)
57
+
58
+ cached_key = public_keys[kid]
59
+ return cached_key if cached_key
60
+ end
61
+ end
62
+ end
metadata ADDED
@@ -0,0 +1,115 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: iap-verifier
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - dawid.janczak@yourgolftravel.com
8
+ - kwasi.appiah@yourgolftravel.com
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2017-10-19 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: rack
16
+ requirement: !ruby/object:Gem::Requirement
17
+ requirements:
18
+ - - "~>"
19
+ - !ruby/object:Gem::Version
20
+ version: '2.0'
21
+ type: :development
22
+ prerelease: false
23
+ version_requirements: !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - "~>"
26
+ - !ruby/object:Gem::Version
27
+ version: '2.0'
28
+ - !ruby/object:Gem::Dependency
29
+ name: bundler
30
+ requirement: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - "~>"
33
+ - !ruby/object:Gem::Version
34
+ version: '1.15'
35
+ type: :development
36
+ prerelease: false
37
+ version_requirements: !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - "~>"
40
+ - !ruby/object:Gem::Version
41
+ version: '1.15'
42
+ - !ruby/object:Gem::Dependency
43
+ name: rake
44
+ requirement: !ruby/object:Gem::Requirement
45
+ requirements:
46
+ - - "~>"
47
+ - !ruby/object:Gem::Version
48
+ version: '10.0'
49
+ type: :development
50
+ prerelease: false
51
+ version_requirements: !ruby/object:Gem::Requirement
52
+ requirements:
53
+ - - "~>"
54
+ - !ruby/object:Gem::Version
55
+ version: '10.0'
56
+ - !ruby/object:Gem::Dependency
57
+ name: rspec
58
+ requirement: !ruby/object:Gem::Requirement
59
+ requirements:
60
+ - - "~>"
61
+ - !ruby/object:Gem::Version
62
+ version: '3.6'
63
+ type: :development
64
+ prerelease: false
65
+ version_requirements: !ruby/object:Gem::Requirement
66
+ requirements:
67
+ - - "~>"
68
+ - !ruby/object:Gem::Version
69
+ version: '3.6'
70
+ - !ruby/object:Gem::Dependency
71
+ name: jwt
72
+ requirement: !ruby/object:Gem::Requirement
73
+ requirements:
74
+ - - "~>"
75
+ - !ruby/object:Gem::Version
76
+ version: '2.0'
77
+ type: :runtime
78
+ prerelease: false
79
+ version_requirements: !ruby/object:Gem::Requirement
80
+ requirements:
81
+ - - "~>"
82
+ - !ruby/object:Gem::Version
83
+ version: '2.0'
84
+ description:
85
+ email:
86
+ executables: []
87
+ extensions: []
88
+ extra_rdoc_files: []
89
+ files:
90
+ - lib/iap-verifier.rb
91
+ - lib/rack/iap_verifier.rb
92
+ homepage:
93
+ licenses: []
94
+ metadata: {}
95
+ post_install_message:
96
+ rdoc_options: []
97
+ require_paths:
98
+ - lib
99
+ required_ruby_version: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ required_rubygems_version: !ruby/object:Gem::Requirement
105
+ requirements:
106
+ - - ">="
107
+ - !ruby/object:Gem::Version
108
+ version: '0'
109
+ requirements: []
110
+ rubyforge_project:
111
+ rubygems_version: 2.6.14
112
+ signing_key:
113
+ specification_version: 4
114
+ summary: IAP Verifier middleware
115
+ test_files: []