iap-verifier 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +7 -0
  2. data/lib/iap-verifier.rb +1 -0
  3. data/lib/rack/iap_verifier.rb +62 -0
  4. metadata +115 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: b6f9808c587d72c1cd62fe86b164d0cd9b72d035
4
+ data.tar.gz: '062409b3d179043d70dc77bce466dfd9dd47ec84'
5
+ SHA512:
6
+ metadata.gz: 3baf23a9fc678fec86f9212aca4b8d18f08c021b20d2cf49bccefdb5ed743d66beb13eafd165ad44a6d78e4989e58a0922b8fd12e673080b4f62316a7b1a053f
7
+ data.tar.gz: 20e0c0dfc90e3064ba6d29b659abe5d1ca9109ce64ab1be59a5f1d588265d171b8a50eedda774671a59d648869842cbcd9ba54119e09fd07912f4bfa6bcef384
data/lib/iap-verifier.rb ADDED
@@ -0,0 +1 @@
1
+ require 'rack/iap_verifier'
data/lib/rack/iap_verifier.rb ADDED
@@ -0,0 +1,62 @@
1
+ require 'json'
2
+ require 'jwt'
3
+ require 'open-uri'
4
+
5
+ module Rack
6
+ class IapVerifier
7
+ ALGORITHM = 'ES256'.freeze
8
+ HEADER_NAME = 'HTTP_X_GOOG_IAP_JWT_ASSERTION'.freeze
9
+ PUBLIC_KEYS_ENDPOINT = 'https://www.gstatic.com/iap/verify/public_key'.freeze
10
+ ISSUER = 'https://cloud.google.com/iap'.freeze
11
+
12
+ def initialize(app, audience:)
13
+ @app = app
14
+ @audience = audience
15
+ @public_keys = {}
16
+ end
17
+
18
+ def call(env)
19
+ if valid_jwt?(env[HEADER_NAME])
20
+ app.call(env)
21
+ else
22
+ [403, {}, []]
23
+ end
24
+ end
25
+
26
+ private
27
+
28
+ attr_reader :app, :public_keys, :audience
29
+
30
+ def valid_jwt?(token)
31
+ return false unless token
32
+
33
+ key = public_key(token)
34
+ return false unless key
35
+
36
+ !!JWT.decode(token, key, true,
37
+ aud: @audience,
38
+ verify_aud: true,
39
+ iss: ISSUER,
40
+ verify_iss: true,
41
+ algorithm: ALGORITHM
42
+ )
43
+ rescue JWT::DecodeError
44
+ false
45
+ end
46
+
47
+ def public_key(token)
48
+ _, header = JWT.decode(token, nil, false)
49
+ OpenSSL::PKey.read(fetch_public_key(header['kid']))
50
+ end
51
+
52
+ def fetch_public_key(kid)
53
+ cached_key = public_keys[kid]
54
+ return cached_key if cached_key
55
+
56
+ @public_keys = JSON.parse(open(PUBLIC_KEYS_ENDPOINT).read)
57
+
58
+ cached_key = public_keys[kid]
59
+ return cached_key if cached_key
60
+ end
61
+ end
62
+ end
metadata ADDED
@@ -0,0 +1,115 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: iap-verifier
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - dawid.janczak@yourgolftravel.com
8
+ - kwasi.appiah@yourgolftravel.com
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2017-10-19 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: rack
16
+ requirement: !ruby/object:Gem::Requirement
17
+ requirements:
18
+ - - "~>"
19
+ - !ruby/object:Gem::Version
20
+ version: '2.0'
21
+ type: :development
22
+ prerelease: false
23
+ version_requirements: !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - "~>"
26
+ - !ruby/object:Gem::Version
27
+ version: '2.0'
28
+ - !ruby/object:Gem::Dependency
29
+ name: bundler
30
+ requirement: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - "~>"
33
+ - !ruby/object:Gem::Version
34
+ version: '1.15'
35
+ type: :development
36
+ prerelease: false
37
+ version_requirements: !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - "~>"
40
+ - !ruby/object:Gem::Version
41
+ version: '1.15'
42
+ - !ruby/object:Gem::Dependency
43
+ name: rake
44
+ requirement: !ruby/object:Gem::Requirement
45
+ requirements:
46
+ - - "~>"
47
+ - !ruby/object:Gem::Version
48
+ version: '10.0'
49
+ type: :development
50
+ prerelease: false
51
+ version_requirements: !ruby/object:Gem::Requirement
52
+ requirements:
53
+ - - "~>"
54
+ - !ruby/object:Gem::Version
55
+ version: '10.0'
56
+ - !ruby/object:Gem::Dependency
57
+ name: rspec
58
+ requirement: !ruby/object:Gem::Requirement
59
+ requirements:
60
+ - - "~>"
61
+ - !ruby/object:Gem::Version
62
+ version: '3.6'
63
+ type: :development
64
+ prerelease: false
65
+ version_requirements: !ruby/object:Gem::Requirement
66
+ requirements:
67
+ - - "~>"
68
+ - !ruby/object:Gem::Version
69
+ version: '3.6'
70
+ - !ruby/object:Gem::Dependency
71
+ name: jwt
72
+ requirement: !ruby/object:Gem::Requirement
73
+ requirements:
74
+ - - "~>"
75
+ - !ruby/object:Gem::Version
76
+ version: '2.0'
77
+ type: :runtime
78
+ prerelease: false
79
+ version_requirements: !ruby/object:Gem::Requirement
80
+ requirements:
81
+ - - "~>"
82
+ - !ruby/object:Gem::Version
83
+ version: '2.0'
84
+ description:
85
+ email:
86
+ executables: []
87
+ extensions: []
88
+ extra_rdoc_files: []
89
+ files:
90
+ - lib/iap-verifier.rb
91
+ - lib/rack/iap_verifier.rb
92
+ homepage:
93
+ licenses: []
94
+ metadata: {}
95
+ post_install_message:
96
+ rdoc_options: []
97
+ require_paths:
98
+ - lib
99
+ required_ruby_version: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ required_rubygems_version: !ruby/object:Gem::Requirement
105
+ requirements:
106
+ - - ">="
107
+ - !ruby/object:Gem::Version
108
+ version: '0'
109
+ requirements: []
110
+ rubyforge_project:
111
+ rubygems_version: 2.6.14
112
+ signing_key:
113
+ specification_version: 4
114
+ summary: IAP Verifier middleware
115
+ test_files: []