iap-verifier 0.2.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/rack/iap_verifier.rb +14 -10
- metadata +9 -9
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8dca263ae6583b73eefca96d4b1b09f328e38f7aec33d555ef673a664b0e4982
|
|
4
|
+
data.tar.gz: 4b505cf89438196a8e3d2f08d133493817c1f868df157d1279d85cc8a414a40b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: '083ab73669440331e6817f69374da0678e049dedd9e1b306d6a8f22d46b9c250fb889c3eb11af388a374d31aa3da958125da428e1f584c93b71282df031c46a0'
|
|
7
|
+
data.tar.gz: 73f1b5bb0e7f1644bf4a02e0085b02b72a2e475af9f364f5517205294677ea58d4a18b58cc73b68b7fccfdebb54f79a6c39c6817ccda350be29f5a8927d0d6fb
|
data/lib/rack/iap_verifier.rb
CHANGED
|
@@ -9,15 +9,16 @@ module Rack
|
|
|
9
9
|
PUBLIC_KEYS_ENDPOINT = 'https://www.gstatic.com/iap/verify/public_key'.freeze
|
|
10
10
|
ISSUER = 'https://cloud.google.com/iap'.freeze
|
|
11
11
|
|
|
12
|
-
def initialize(app, audience
|
|
12
|
+
def initialize(app, audience, skip_localhost = false, skip_paths = [])
|
|
13
13
|
@app = app
|
|
14
14
|
@audience = audience
|
|
15
15
|
@skip_localhost = skip_localhost
|
|
16
|
+
@skip_paths = skip_paths
|
|
16
17
|
@public_keys = {}
|
|
17
18
|
end
|
|
18
19
|
|
|
19
20
|
def call(env)
|
|
20
|
-
if skip_localhost?(env) || valid_jwt?(env[HEADER_NAME])
|
|
21
|
+
if skip_localhost?(env) || skip_path?(env) || valid_jwt?(env[HEADER_NAME])
|
|
21
22
|
app.call(env)
|
|
22
23
|
else
|
|
23
24
|
[403, {}, []]
|
|
@@ -26,12 +27,16 @@ module Rack
|
|
|
26
27
|
|
|
27
28
|
private
|
|
28
29
|
|
|
29
|
-
attr_reader :app, :public_keys, :audience, :skip_localhost
|
|
30
|
+
attr_reader :app, :public_keys, :audience, :skip_localhost, :skip_paths
|
|
30
31
|
|
|
31
32
|
def skip_localhost?(env)
|
|
32
33
|
skip_localhost && env['REMOTE_ADDR'] == '127.0.0.1'
|
|
33
34
|
end
|
|
34
35
|
|
|
36
|
+
def skip_path?(env)
|
|
37
|
+
skip_paths.include?(env['PATH_INFO'])
|
|
38
|
+
end
|
|
39
|
+
|
|
35
40
|
def valid_jwt?(token)
|
|
36
41
|
return false unless token
|
|
37
42
|
|
|
@@ -39,12 +44,11 @@ module Rack
|
|
|
39
44
|
return false unless key
|
|
40
45
|
|
|
41
46
|
!!JWT.decode(token, key, true,
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
)
|
|
47
|
+
aud: @audience,
|
|
48
|
+
verify_aud: true,
|
|
49
|
+
iss: ISSUER,
|
|
50
|
+
verify_iss: true,
|
|
51
|
+
algorithm: ALGORITHM)
|
|
48
52
|
rescue JWT::DecodeError
|
|
49
53
|
false
|
|
50
54
|
end
|
|
@@ -58,7 +62,7 @@ module Rack
|
|
|
58
62
|
cached_key = public_keys[kid]
|
|
59
63
|
return cached_key if cached_key
|
|
60
64
|
|
|
61
|
-
@public_keys = JSON.parse(open(PUBLIC_KEYS_ENDPOINT).read)
|
|
65
|
+
@public_keys = JSON.parse(URI.open(PUBLIC_KEYS_ENDPOINT).read)
|
|
62
66
|
|
|
63
67
|
cached_key = public_keys[kid]
|
|
64
68
|
return cached_key if cached_key
|
metadata
CHANGED
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: iap-verifier
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- dawid.janczak@yourgolftravel.com
|
|
8
8
|
- kwasi.appiah@yourgolftravel.com
|
|
9
9
|
- tom.omara@yourgolftravel.com
|
|
10
|
-
autorequire:
|
|
10
|
+
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2022-03-08 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: rack
|
|
@@ -82,18 +82,18 @@ dependencies:
|
|
|
82
82
|
- - "~>"
|
|
83
83
|
- !ruby/object:Gem::Version
|
|
84
84
|
version: '2.0'
|
|
85
|
-
description:
|
|
86
|
-
email:
|
|
85
|
+
description:
|
|
86
|
+
email:
|
|
87
87
|
executables: []
|
|
88
88
|
extensions: []
|
|
89
89
|
extra_rdoc_files: []
|
|
90
90
|
files:
|
|
91
91
|
- lib/iap-verifier.rb
|
|
92
92
|
- lib/rack/iap_verifier.rb
|
|
93
|
-
homepage:
|
|
93
|
+
homepage:
|
|
94
94
|
licenses: []
|
|
95
95
|
metadata: {}
|
|
96
|
-
post_install_message:
|
|
96
|
+
post_install_message:
|
|
97
97
|
rdoc_options: []
|
|
98
98
|
require_paths:
|
|
99
99
|
- lib
|
|
@@ -108,8 +108,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
108
108
|
- !ruby/object:Gem::Version
|
|
109
109
|
version: '0'
|
|
110
110
|
requirements: []
|
|
111
|
-
rubygems_version: 3.
|
|
112
|
-
signing_key:
|
|
111
|
+
rubygems_version: 3.1.2
|
|
112
|
+
signing_key:
|
|
113
113
|
specification_version: 4
|
|
114
114
|
summary: IAP Verifier middleware
|
|
115
115
|
test_files: []
|