iap-verifier 0.2.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/rack/iap_verifier.rb +14 -10
- metadata +9 -9
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8dca263ae6583b73eefca96d4b1b09f328e38f7aec33d555ef673a664b0e4982
|
4
|
+
data.tar.gz: 4b505cf89438196a8e3d2f08d133493817c1f868df157d1279d85cc8a414a40b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '083ab73669440331e6817f69374da0678e049dedd9e1b306d6a8f22d46b9c250fb889c3eb11af388a374d31aa3da958125da428e1f584c93b71282df031c46a0'
|
7
|
+
data.tar.gz: 73f1b5bb0e7f1644bf4a02e0085b02b72a2e475af9f364f5517205294677ea58d4a18b58cc73b68b7fccfdebb54f79a6c39c6817ccda350be29f5a8927d0d6fb
|
data/lib/rack/iap_verifier.rb
CHANGED
@@ -9,15 +9,16 @@ module Rack
|
|
9
9
|
PUBLIC_KEYS_ENDPOINT = 'https://www.gstatic.com/iap/verify/public_key'.freeze
|
10
10
|
ISSUER = 'https://cloud.google.com/iap'.freeze
|
11
11
|
|
12
|
-
def initialize(app, audience
|
12
|
+
def initialize(app, audience, skip_localhost = false, skip_paths = [])
|
13
13
|
@app = app
|
14
14
|
@audience = audience
|
15
15
|
@skip_localhost = skip_localhost
|
16
|
+
@skip_paths = skip_paths
|
16
17
|
@public_keys = {}
|
17
18
|
end
|
18
19
|
|
19
20
|
def call(env)
|
20
|
-
if skip_localhost?(env) || valid_jwt?(env[HEADER_NAME])
|
21
|
+
if skip_localhost?(env) || skip_path?(env) || valid_jwt?(env[HEADER_NAME])
|
21
22
|
app.call(env)
|
22
23
|
else
|
23
24
|
[403, {}, []]
|
@@ -26,12 +27,16 @@ module Rack
|
|
26
27
|
|
27
28
|
private
|
28
29
|
|
29
|
-
attr_reader :app, :public_keys, :audience, :skip_localhost
|
30
|
+
attr_reader :app, :public_keys, :audience, :skip_localhost, :skip_paths
|
30
31
|
|
31
32
|
def skip_localhost?(env)
|
32
33
|
skip_localhost && env['REMOTE_ADDR'] == '127.0.0.1'
|
33
34
|
end
|
34
35
|
|
36
|
+
def skip_path?(env)
|
37
|
+
skip_paths.include?(env['PATH_INFO'])
|
38
|
+
end
|
39
|
+
|
35
40
|
def valid_jwt?(token)
|
36
41
|
return false unless token
|
37
42
|
|
@@ -39,12 +44,11 @@ module Rack
|
|
39
44
|
return false unless key
|
40
45
|
|
41
46
|
!!JWT.decode(token, key, true,
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
)
|
47
|
+
aud: @audience,
|
48
|
+
verify_aud: true,
|
49
|
+
iss: ISSUER,
|
50
|
+
verify_iss: true,
|
51
|
+
algorithm: ALGORITHM)
|
48
52
|
rescue JWT::DecodeError
|
49
53
|
false
|
50
54
|
end
|
@@ -58,7 +62,7 @@ module Rack
|
|
58
62
|
cached_key = public_keys[kid]
|
59
63
|
return cached_key if cached_key
|
60
64
|
|
61
|
-
@public_keys = JSON.parse(open(PUBLIC_KEYS_ENDPOINT).read)
|
65
|
+
@public_keys = JSON.parse(URI.open(PUBLIC_KEYS_ENDPOINT).read)
|
62
66
|
|
63
67
|
cached_key = public_keys[kid]
|
64
68
|
return cached_key if cached_key
|
metadata
CHANGED
@@ -1,16 +1,16 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: iap-verifier
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- dawid.janczak@yourgolftravel.com
|
8
8
|
- kwasi.appiah@yourgolftravel.com
|
9
9
|
- tom.omara@yourgolftravel.com
|
10
|
-
autorequire:
|
10
|
+
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2022-03-08 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: rack
|
@@ -82,18 +82,18 @@ dependencies:
|
|
82
82
|
- - "~>"
|
83
83
|
- !ruby/object:Gem::Version
|
84
84
|
version: '2.0'
|
85
|
-
description:
|
86
|
-
email:
|
85
|
+
description:
|
86
|
+
email:
|
87
87
|
executables: []
|
88
88
|
extensions: []
|
89
89
|
extra_rdoc_files: []
|
90
90
|
files:
|
91
91
|
- lib/iap-verifier.rb
|
92
92
|
- lib/rack/iap_verifier.rb
|
93
|
-
homepage:
|
93
|
+
homepage:
|
94
94
|
licenses: []
|
95
95
|
metadata: {}
|
96
|
-
post_install_message:
|
96
|
+
post_install_message:
|
97
97
|
rdoc_options: []
|
98
98
|
require_paths:
|
99
99
|
- lib
|
@@ -108,8 +108,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
108
108
|
- !ruby/object:Gem::Version
|
109
109
|
version: '0'
|
110
110
|
requirements: []
|
111
|
-
rubygems_version: 3.
|
112
|
-
signing_key:
|
111
|
+
rubygems_version: 3.1.2
|
112
|
+
signing_key:
|
113
113
|
specification_version: 4
|
114
114
|
summary: IAP Verifier middleware
|
115
115
|
test_files: []
|