iap-verifier 0.1.1 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/lib/rack/iap_verifier.rb +18 -9
- metadata +14 -14
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: fceb7ebeab21bcdc0a3524d264cabbf9cdf08cb24722578579f955f0479a30c6
|
|
4
|
+
data.tar.gz: c4d109dbb1148f5eac052d5efb5786f2e2e688974bd03a26644c1ba1e3891089
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ff56babfe74a9b96452f8a09250d9e3d42aabaf73386fd4f5a7069c90a7375d6f97261a3174bbb1867a8eee656be3bd522ee66b294a0ef4a990307ec54248171
|
|
7
|
+
data.tar.gz: c36b35f0a8cf8cd46960616b9353f5ababfcb22a504e07771dc406bfd2d27748d4b71601624ae4f154b5726a00b19b5a4512e42fc3d351aff2c84f8513abaca0
|
data/lib/rack/iap_verifier.rb
CHANGED
|
@@ -9,14 +9,16 @@ module Rack
|
|
|
9
9
|
PUBLIC_KEYS_ENDPOINT = 'https://www.gstatic.com/iap/verify/public_key'.freeze
|
|
10
10
|
ISSUER = 'https://cloud.google.com/iap'.freeze
|
|
11
11
|
|
|
12
|
-
def initialize(app, audience
|
|
12
|
+
def initialize(app, audience, skip_localhost = false, skip_paths = [])
|
|
13
13
|
@app = app
|
|
14
14
|
@audience = audience
|
|
15
|
+
@skip_localhost = skip_localhost
|
|
16
|
+
@skip_paths = skip_paths
|
|
15
17
|
@public_keys = {}
|
|
16
18
|
end
|
|
17
19
|
|
|
18
20
|
def call(env)
|
|
19
|
-
if valid_jwt?(env[HEADER_NAME])
|
|
21
|
+
if skip_localhost?(env) || skip_path?(env) || valid_jwt?(env[HEADER_NAME])
|
|
20
22
|
app.call(env)
|
|
21
23
|
else
|
|
22
24
|
[403, {}, []]
|
|
@@ -25,7 +27,15 @@ module Rack
|
|
|
25
27
|
|
|
26
28
|
private
|
|
27
29
|
|
|
28
|
-
attr_reader :app, :public_keys, :audience
|
|
30
|
+
attr_reader :app, :public_keys, :audience, :skip_localhost, :skip_paths
|
|
31
|
+
|
|
32
|
+
def skip_localhost?(env)
|
|
33
|
+
skip_localhost && env['REMOTE_ADDR'] == '127.0.0.1'
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def skip_path?(env)
|
|
37
|
+
skip_paths.include?(env['PATH_INFO'])
|
|
38
|
+
end
|
|
29
39
|
|
|
30
40
|
def valid_jwt?(token)
|
|
31
41
|
return false unless token
|
|
@@ -34,12 +44,11 @@ module Rack
|
|
|
34
44
|
return false unless key
|
|
35
45
|
|
|
36
46
|
!!JWT.decode(token, key, true,
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
)
|
|
47
|
+
aud: @audience,
|
|
48
|
+
verify_aud: true,
|
|
49
|
+
iss: ISSUER,
|
|
50
|
+
verify_iss: true,
|
|
51
|
+
algorithm: ALGORITHM)
|
|
43
52
|
rescue JWT::DecodeError
|
|
44
53
|
false
|
|
45
54
|
end
|
metadata
CHANGED
|
@@ -1,15 +1,16 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: iap-verifier
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- dawid.janczak@yourgolftravel.com
|
|
8
8
|
- kwasi.appiah@yourgolftravel.com
|
|
9
|
-
|
|
9
|
+
- tom.omara@yourgolftravel.com
|
|
10
|
+
autorequire:
|
|
10
11
|
bindir: bin
|
|
11
12
|
cert_chain: []
|
|
12
|
-
date:
|
|
13
|
+
date: 2022-02-15 00:00:00.000000000 Z
|
|
13
14
|
dependencies:
|
|
14
15
|
- !ruby/object:Gem::Dependency
|
|
15
16
|
name: rack
|
|
@@ -71,28 +72,28 @@ dependencies:
|
|
|
71
72
|
name: jwt
|
|
72
73
|
requirement: !ruby/object:Gem::Requirement
|
|
73
74
|
requirements:
|
|
74
|
-
- - "
|
|
75
|
+
- - "~>"
|
|
75
76
|
- !ruby/object:Gem::Version
|
|
76
|
-
version:
|
|
77
|
+
version: '2.0'
|
|
77
78
|
type: :runtime
|
|
78
79
|
prerelease: false
|
|
79
80
|
version_requirements: !ruby/object:Gem::Requirement
|
|
80
81
|
requirements:
|
|
81
|
-
- - "
|
|
82
|
+
- - "~>"
|
|
82
83
|
- !ruby/object:Gem::Version
|
|
83
|
-
version:
|
|
84
|
-
description:
|
|
85
|
-
email:
|
|
84
|
+
version: '2.0'
|
|
85
|
+
description:
|
|
86
|
+
email:
|
|
86
87
|
executables: []
|
|
87
88
|
extensions: []
|
|
88
89
|
extra_rdoc_files: []
|
|
89
90
|
files:
|
|
90
91
|
- lib/iap-verifier.rb
|
|
91
92
|
- lib/rack/iap_verifier.rb
|
|
92
|
-
homepage:
|
|
93
|
+
homepage:
|
|
93
94
|
licenses: []
|
|
94
95
|
metadata: {}
|
|
95
|
-
post_install_message:
|
|
96
|
+
post_install_message:
|
|
96
97
|
rdoc_options: []
|
|
97
98
|
require_paths:
|
|
98
99
|
- lib
|
|
@@ -107,9 +108,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
107
108
|
- !ruby/object:Gem::Version
|
|
108
109
|
version: '0'
|
|
109
110
|
requirements: []
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
signing_key:
|
|
111
|
+
rubygems_version: 3.1.2
|
|
112
|
+
signing_key:
|
|
113
113
|
specification_version: 4
|
|
114
114
|
summary: IAP Verifier middleware
|
|
115
115
|
test_files: []
|