iap-verifier 0.1.1 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 546d25e006ea9878b0258bd6de72d881f7e50965
-  data.tar.gz: b0c27944ef3db0104d20fd05f751052677b9cd59
+SHA256:
+  metadata.gz: fceb7ebeab21bcdc0a3524d264cabbf9cdf08cb24722578579f955f0479a30c6
+  data.tar.gz: c4d109dbb1148f5eac052d5efb5786f2e2e688974bd03a26644c1ba1e3891089
 SHA512:
-  metadata.gz: 33148e60acfddae8e1057778f4f4999b7ac9d3dd52d392a921911ffd6bd39fd1920e75eca24a1ce9f9588746481c99b62ce2d459f153ea7c1bf2ca4c5d788bd8
-  data.tar.gz: e935074f8655ec238e0d8b4ef8c0bf0d10d693d6a0477c53d9411c01b9d70812c42390fb66c72b68e78f472260ba4ffd0b3fdd081a7b37b0383c7e7bf96c989d
+  metadata.gz: ff56babfe74a9b96452f8a09250d9e3d42aabaf73386fd4f5a7069c90a7375d6f97261a3174bbb1867a8eee656be3bd522ee66b294a0ef4a990307ec54248171
+  data.tar.gz: c36b35f0a8cf8cd46960616b9353f5ababfcb22a504e07771dc406bfd2d27748d4b71601624ae4f154b5726a00b19b5a4512e42fc3d351aff2c84f8513abaca0

data/lib/rack/iap_verifier.rb

@@ -9,14 +9,16 @@ module Rack
     PUBLIC_KEYS_ENDPOINT = 'https://www.gstatic.com/iap/verify/public_key'.freeze
     ISSUER = 'https://cloud.google.com/iap'.freeze
 
-    def initialize(app, audience:)
+    def initialize(app, audience, skip_localhost = false, skip_paths = [])
       @app = app
       @audience = audience
+      @skip_localhost = skip_localhost
+      @skip_paths = skip_paths
       @public_keys = {}
     end
 
     def call(env)
-      if valid_jwt?(env[HEADER_NAME])
+      if skip_localhost?(env) || skip_path?(env) || valid_jwt?(env[HEADER_NAME])
         app.call(env)
       else
         [403, {}, []]
@@ -25,7 +27,15 @@ module Rack
 
     private
 
-    attr_reader :app, :public_keys, :audience
+    attr_reader :app, :public_keys, :audience, :skip_localhost, :skip_paths
+
+    def skip_localhost?(env)
+      skip_localhost && env['REMOTE_ADDR'] == '127.0.0.1'
+    end
+
+    def skip_path?(env)
+      skip_paths.include?(env['PATH_INFO'])
+    end
 
     def valid_jwt?(token)
       return false unless token
@@ -34,12 +44,11 @@ module Rack
       return false unless key
 
       !!JWT.decode(token, key, true,
-        aud: @audience,
-        verify_aud: true,
-        iss: ISSUER,
-        verify_iss: true,
-        algorithm: ALGORITHM
-      )
+                   aud: @audience,
+                   verify_aud: true,
+                   iss: ISSUER,
+                   verify_iss: true,
+                   algorithm: ALGORITHM)
     rescue JWT::DecodeError
       false
     end

metadata

@@ -1,15 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: iap-verifier
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 1.0.0
 platform: ruby
 authors:
 - dawid.janczak@yourgolftravel.com
 - kwasi.appiah@yourgolftravel.com
-autorequire: 
+- tom.omara@yourgolftravel.com
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-10-20 00:00:00.000000000 Z
+date: 2022-02-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -71,28 +72,28 @@ dependencies:
   name: jwt
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.6
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.6
-description: 
-email: 
+        version: '2.0'
+description:
+email:
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
 - lib/iap-verifier.rb
 - lib/rack/iap_verifier.rb
-homepage: 
+homepage:
 licenses: []
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -107,9 +108,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.14
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: IAP Verifier middleware
 test_files: []