RubyGems - itsi-server - Versions diffs - 0.1.13 → 0.1.14 - Mend

itsi-server 0.1.13 → 0.1.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/Cargo.lock +20 -515
data/ext/itsi_server/Cargo.toml +1 -1
data/ext/itsi_server/src/server/middleware_stack/middlewares/auth_jwt.rs +111 -168
data/lib/itsi/server/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 670883c9765e511a9214665d8da8bc714ccb1f81d2fba3fde99f0b1ea5c2326f
-  data.tar.gz: 1b987efac022c4e0c3d9675ee0c19f5d50b0379086506326bb575ec6c64c79ce
+  metadata.gz: b713c8d83848f636422950aa7c89d62edd41e8f0455625a0ab935151b6bc4adc
+  data.tar.gz: af94fbd39cf1797bebc930520958bf4f34e7c071cc026271ae6c7b593d572b1d
 SHA512:
-  metadata.gz: 536978e9b83fa36774611a1532bafa4b81fdb22b1e534254309c3a71c5217716a2e47c5a47871d9ac864e1e081cad060cff05c7665cd6c4405c15269d7ebbca8
-  data.tar.gz: 43d0f3deec03e66785b2f88c130f128e9427f752623ed3f1a85f65696821909edf9c0c8e46306ead54bda0fab92c23b896b4deed9aab43c3d35f7c9b9f27b59f
+  metadata.gz: e5a5a75089e98efded82954a4582217313f89c7d50e2f166ecce7165336c6ee2b79bf658e9eb5730ce11169c88d2693c33264ff0ebaf70640dc1912770c69de7
+  data.tar.gz: 786a18a2e7c0e89dad58e789dba54f54fa2285981e19fd399306f2b2eed22aa4fb52fdf7164004b39afe60d5db0b2b7047101e3fc7343f7f34aad70b56a10167

data/Cargo.lock CHANGED Viewed

@@ -56,30 +56,12 @@ dependencies = [
  "libc",
 ]
-[[package]]
-name = "anyhow"
-version = "1.0.97"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dcfed56ad506cb2c684a14971b8861fdc3baaaae314b9e5f9bb532cbe3ba7a4f"
 [[package]]
 name = "arc-swap"
 version = "1.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "69f7f8c3906b62b754cd5326047894316021dcfe5a194c8ea52bdd94934a3457"
-[[package]]
-name = "arrayref"
-version = "0.3.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "76a2e8124351fda1ef8aaaa3bbd7ebbcb486bbcd4225aca0aa0d84bb2db8fecb"
-[[package]]
-name = "arrayvec"
-version = "0.7.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7c02d123df017efcdfbd739ef81735b36c5ba83ec3c59c80a9d7ecc718f92e50"
 [[package]]
 name = "asn1-rs"
 version = "0.6.2"
@@ -198,7 +180,7 @@ version = "0.26.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0f9dd2e03ee80ca2822dd6ea431163d2ef259f2066a4d6ccaca6d9dcb386aa43"
 dependencies = [
- "bindgen 0.69.5",
+ "bindgen",
  "cc",
  "cmake",
  "dunce",
@@ -230,24 +212,12 @@ dependencies = [
  "windows-targets 0.52.6",
 ]
-[[package]]
-name = "base16ct"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf"
 [[package]]
 name = "base64"
 version = "0.22.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
-[[package]]
-name = "base64ct"
-version = "1.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "89e25b6adfb930f02d1981565a6e5d9c547ac15a96606256d3b59040e5cd4ca3"
 [[package]]
 name = "bindgen"
 version = "0.69.5"
@@ -271,30 +241,6 @@ dependencies = [
  "which",
 ]
-[[package]]
-name = "bindgen"
-version = "0.70.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f49d8fed880d473ea71efb9bf597651e77201bdd4893efe54c9e5d65ae04ce6f"
-dependencies = [
- "bitflags 2.8.0",
- "cexpr",
- "clang-sys",
- "itertools",
- "proc-macro2",
- "quote",
- "regex",
- "rustc-hash 1.1.0",
- "shlex",
- "syn",
-]
-[[package]]
-name = "binstring"
-version = "0.1.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ed79c2a8151273c70956b5e3cdfdc1ff6c1a8b9779ba59c6807d281b32ee2f86"
 [[package]]
 name = "bitflags"
 version = "1.3.2"
@@ -307,17 +253,6 @@ version = "2.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8f68f53c83ab957f72c32642f3868eec03eb974d1fb82e453128456482613d36"
-[[package]]
-name = "blake2b_simd"
-version = "1.0.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "06e903a20b159e944f91ec8499fe1e55651480c541ea0a584f5d967c49ad9d99"
-dependencies = [
- "arrayref",
- "arrayvec",
- "constant_time_eq",
-]
 [[package]]
 name = "block-buffer"
 version = "0.10.4"
@@ -327,32 +262,6 @@ dependencies = [
  "generic-array",
 ]
-[[package]]
-name = "boring"
-version = "4.15.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c84a16a47c850f899c5cb6f2ef47bedf7268447c3cb84a89b7bc35f140c859d6"
-dependencies = [
- "bitflags 2.8.0",
- "boring-sys",
- "foreign-types 0.5.0",
- "libc",
- "openssl-macros",
-]
-[[package]]
-name = "boring-sys"
-version = "4.15.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3cf7466056d7ca35a356fbc27c89eb2f1493fb2e61c24c5f9f0277e8f402dc9e"
-dependencies = [
- "autocfg",
- "bindgen 0.70.1",
- "cmake",
- "fs_extra",
- "fslock",
-]
 [[package]]
 name = "brotli"
 version = "7.0.0"
@@ -390,12 +299,6 @@ version = "3.17.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1628fb46dfa0b37568d12e5edd512553eccf6a22a78e8bde00bb4aed84d5bdbf"
-[[package]]
-name = "byteorder"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
 [[package]]
 name = "bytes"
 version = "1.10.1"
@@ -468,17 +371,6 @@ dependencies = [
  "cc",
 ]
-[[package]]
-name = "coarsetime"
-version = "0.1.36"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "91849686042de1b41cd81490edc83afbcb0abe5a9b6f2c4114f23ce8cca1bcf4"
-dependencies = [
- "libc",
- "wasix",
- "wasm-bindgen",
-]
 [[package]]
 name = "combine"
 version = "4.6.7"
@@ -502,18 +394,6 @@ dependencies = [
  "crossbeam-utils",
 ]
-[[package]]
-name = "const-oid"
-version = "0.9.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
-[[package]]
-name = "constant_time_eq"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7c74b8349d32d297c9134b8c88677813a227df8f779daa29bfc29c183fe3dca6"
 [[package]]
 name = "core-foundation"
 version = "0.9.4"
@@ -614,18 +494,6 @@ version = "0.8.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28"
-[[package]]
-name = "crypto-bigint"
-version = "0.5.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76"
-dependencies = [
- "generic-array",
- "rand_core 0.6.4",
- "subtle",
- "zeroize",
-]
 [[package]]
 name = "crypto-common"
 version = "0.1.6"
@@ -636,12 +504,6 @@ dependencies = [
  "typenum",
 ]
-[[package]]
-name = "ct-codecs"
-version = "1.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b916ba8ce9e4182696896f015e8a5ae6081b305f74690baa8465e35f5a142ea4"
 [[package]]
 name = "dashmap"
 version = "6.1.0"
@@ -662,17 +524,6 @@ version = "2.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "575f75dfd25738df5b91b8e43e14d44bda14637a58fae779fd2b064f8bf3e010"
-[[package]]
-name = "der"
-version = "0.7.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0"
-dependencies = [
- "const-oid",
- "pem-rfc7468",
- "zeroize",
-]
 [[package]]
 name = "der-parser"
 version = "9.0.0"
@@ -724,7 +575,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
 dependencies = [
  "block-buffer",
- "const-oid",
  "crypto-common",
  "subtle",
 ]
@@ -767,57 +617,12 @@ version = "1.0.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813"
-[[package]]
-name = "ecdsa"
-version = "0.16.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca"
-dependencies = [
- "der",
- "digest",
- "elliptic-curve",
- "rfc6979",
- "signature",
- "spki",
-]
-[[package]]
-name = "ed25519-compact"
-version = "2.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e9b3460f44bea8cd47f45a0c70892f1eff856d97cd55358b2f73f663789f6190"
-dependencies = [
- "ct-codecs",
- "getrandom 0.2.15",
-]
 [[package]]
 name = "either"
 version = "1.15.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719"
-[[package]]
-name = "elliptic-curve"
-version = "0.13.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47"
-dependencies = [
- "base16ct",
- "crypto-bigint",
- "digest",
- "ff",
- "generic-array",
- "group",
- "hkdf",
- "pem-rfc7468",
- "pkcs8",
- "rand_core 0.6.4",
- "sec1",
- "subtle",
- "zeroize",
-]
 [[package]]
 name = "encoding_rs"
 version = "0.8.35"
@@ -870,16 +675,6 @@ version = "2.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be"
-[[package]]
-name = "ff"
-version = "0.13.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393"
-dependencies = [
- "rand_core 0.6.4",
- "subtle",
-]
 [[package]]
 name = "filetime"
 version = "0.2.25"
@@ -914,28 +709,7 @@ version = "0.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
 dependencies = [
- "foreign-types-shared 0.1.1",
-]
-[[package]]
-name = "foreign-types"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d737d9aa519fb7b749cbc3b962edcf310a8dd1f4b67c91c4f83975dbdd17d965"
-dependencies = [
- "foreign-types-macros",
- "foreign-types-shared 0.3.1",
-]
-[[package]]
-name = "foreign-types-macros"
-version = "0.2.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1a5c6c585bc94aaf2c7b51dd4c2ba22680844aba4c687be581871a6f518c5742"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
+ "foreign-types-shared",
 ]
 [[package]]
@@ -944,12 +718,6 @@ version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
-[[package]]
-name = "foreign-types-shared"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aa9a19cbb55df58761df49b23516a86d432839add4af60fc256da840f66ed35b"
 [[package]]
 name = "form_urlencoded"
 version = "1.2.1"
@@ -984,16 +752,6 @@ dependencies = [
  "libc",
 ]
-[[package]]
-name = "fslock"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "04412b8935272e3a9bae6f48c7bfff74c2911f60525404edfdd28e49884c3bfb"
-dependencies = [
- "libc",
- "winapi",
-]
 [[package]]
 name = "futures"
 version = "0.3.31"
@@ -1104,7 +862,6 @@ checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
 dependencies = [
  "typenum",
  "version_check",
- "zeroize",
 ]
 [[package]]
@@ -1157,17 +914,6 @@ dependencies = [
  "regex-syntax 0.8.5",
 ]
-[[package]]
-name = "group"
-version = "0.13.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63"
-dependencies = [
- "ff",
- "rand_core 0.6.4",
- "subtle",
-]
 [[package]]
 name = "h2"
 version = "0.4.8"
@@ -1214,15 +960,6 @@ version = "0.3.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024"
-[[package]]
-name = "hkdf"
-version = "0.12.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7"
-dependencies = [
- "hmac",
-]
 [[package]]
 name = "hmac"
 version = "0.12.1"
@@ -1232,30 +969,6 @@ dependencies = [
  "digest",
 ]
-[[package]]
-name = "hmac-sha1-compact"
-version = "1.1.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "18492c9f6f9a560e0d346369b665ad2bdbc89fa9bceca75796584e79042694c3"
-[[package]]
-name = "hmac-sha256"
-version = "1.1.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4a8575493d277c9092b988c780c94737fb9fd8651a1001e16bee3eccfc1baedb"
-dependencies = [
- "digest",
-]
-[[package]]
-name = "hmac-sha512"
-version = "1.1.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b0b3a0f572aa8389d325f5852b9e0a333a15b0f86ecccbb3fdb6e97cd86dc67c"
-dependencies = [
- "digest",
-]
 [[package]]
 name = "home"
 version = "0.5.11"
@@ -1653,7 +1366,7 @@ dependencies = [
  "itsi_error",
  "itsi_rb_helpers",
  "itsi_tracing",
- "jwt-simple",
+ "jsonwebtoken",
  "magnus",
  "md5",
  "moka",
@@ -1742,44 +1455,18 @@ dependencies = [
 ]
 [[package]]
-name = "jwt-simple"
-version = "0.12.12"
+name = "jsonwebtoken"
+version = "9.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "731011e9647a71ff4f8474176ff6ce6e0d2de87a0173f15613af3a84c3e3401a"
+checksum = "5a87cc7a48537badeae96744432de36f4be2b4a34a05a5ef32e9dd8a1c169dde"
 dependencies = [
- "anyhow",
- "binstring",
- "blake2b_simd",
- "boring",
- "coarsetime",
- "ct-codecs",
- "ed25519-compact",
- "hmac-sha1-compact",
- "hmac-sha256",
- "hmac-sha512",
- "k256",
- "p256",
- "p384",
- "rand 0.8.5",
+ "base64",
+ "js-sys",
+ "pem",
+ "ring",
  "serde",
  "serde_json",
- "superboring",
- "thiserror 2.0.12",
- "zeroize",
-]
-[[package]]
-name = "k256"
-version = "0.13.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f6e3919bbaa2945715f0bb6d3934a173d1e9a59ac23767fbaaef277265a7411b"
-dependencies = [
- "cfg-if",
- "ecdsa",
- "elliptic-curve",
- "once_cell",
- "sha2",
- "signature",
+ "simple_asn1",
 ]
 [[package]]
@@ -1807,9 +1494,6 @@ name = "lazy_static"
 version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
-dependencies = [
- "spin",
-]
 [[package]]
 name = "lazycell"
@@ -1833,12 +1517,6 @@ dependencies = [
  "windows-targets 0.52.6",
 ]
-[[package]]
-name = "libm"
-version = "0.2.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8355be11b20d696c8f18f6cc018c4e372165b1fa8126cef092399c9951984ffa"
 [[package]]
 name = "libredox"
 version = "0.1.3"
@@ -2107,23 +1785,6 @@ dependencies = [
  "num-traits",
 ]
-[[package]]
-name = "num-bigint-dig"
-version = "0.8.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dc84195820f291c7697304f3cbdadd1cb7199c0efc917ff5eafd71225c136151"
-dependencies = [
- "byteorder",
- "lazy_static",
- "libm",
- "num-integer",
- "num-iter",
- "num-traits",
- "rand 0.8.5",
- "smallvec",
- "zeroize",
-]
 [[package]]
 name = "num-conv"
 version = "0.1.0"
@@ -2139,17 +1800,6 @@ dependencies = [
  "num-traits",
 ]
-[[package]]
-name = "num-iter"
-version = "0.1.45"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf"
-dependencies = [
- "autocfg",
- "num-integer",
- "num-traits",
-]
 [[package]]
 name = "num-traits"
 version = "0.2.19"
@@ -2157,7 +1807,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
 dependencies = [
  "autocfg",
- "libm",
 ]
 [[package]]
@@ -2202,7 +1851,7 @@ checksum = "5e14130c6a98cd258fdcb0fb6d744152343ff729cbfcb28c656a9d12b999fbcd"
 dependencies = [
  "bitflags 2.8.0",
  "cfg-if",
- "foreign-types 0.3.2",
+ "foreign-types",
  "libc",
  "once_cell",
  "openssl-macros",
@@ -2250,30 +1899,6 @@ version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
-[[package]]
-name = "p256"
-version = "0.13.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b"
-dependencies = [
- "ecdsa",
- "elliptic-curve",
- "primeorder",
- "sha2",
-]
-[[package]]
-name = "p384"
-version = "0.13.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fe42f1670a52a47d448f14b6a5c61dd78fce51856e68edaa38f7ae3a46b8d6b6"
-dependencies = [
- "ecdsa",
- "elliptic-curve",
- "primeorder",
- "sha2",
-]
 [[package]]
 name = "parking"
 version = "2.2.1"
@@ -2319,15 +1944,6 @@ dependencies = [
  "serde",
 ]
-[[package]]
-name = "pem-rfc7468"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412"
-dependencies = [
- "base64ct",
-]
 [[package]]
 name = "percent-encoding"
 version = "2.3.1"
@@ -2366,27 +1982,6 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
-[[package]]
-name = "pkcs1"
-version = "0.7.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f"
-dependencies = [
- "der",
- "pkcs8",
- "spki",
-]
-[[package]]
-name = "pkcs8"
-version = "0.10.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
-dependencies = [
- "der",
- "spki",
-]
 [[package]]
 name = "pkg-config"
 version = "0.3.32"
@@ -2424,15 +2019,6 @@ dependencies = [
  "syn",
 ]
-[[package]]
-name = "primeorder"
-version = "0.13.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6"
-dependencies = [
- "elliptic-curve",
-]
 [[package]]
 name = "proc-macro2"
 version = "1.0.93"
@@ -2609,7 +2195,7 @@ version = "0.9.111"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "64691175abc704862f60a9ca8ef06174080cc50615f2bf1d4759f46db18b4d29"
 dependencies = [
- "bindgen 0.69.5",
+ "bindgen",
  "lazy_static",
  "proc-macro2",
  "quote",
@@ -2781,16 +2367,6 @@ dependencies = [
  "windows-registry",
 ]
-[[package]]
-name = "rfc6979"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2"
-dependencies = [
- "hmac",
- "subtle",
-]
 [[package]]
 name = "ring"
 version = "0.17.14"
@@ -2811,27 +2387,6 @@ version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "afab94fb28594581f62d981211a9a4d53cc8130bbcbbb89a0440d9b8e81a7746"
-[[package]]
-name = "rsa"
-version = "0.9.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "78928ac1ed176a5ca1d17e578a1825f3d81ca54cf41053a592584b020cfd691b"
-dependencies = [
- "const-oid",
- "digest",
- "num-bigint-dig",
- "num-integer",
- "num-traits",
- "pkcs1",
- "pkcs8",
- "rand_core 0.6.4",
- "sha2",
- "signature",
- "spki",
- "subtle",
- "zeroize",
-]
 [[package]]
 name = "rustc-demangle"
 version = "0.1.24"
@@ -3003,20 +2558,6 @@ version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
-[[package]]
-name = "sec1"
-version = "0.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc"
-dependencies = [
- "base16ct",
- "der",
- "generic-array",
- "pkcs8",
- "subtle",
- "zeroize",
-]
 [[package]]
 name = "security-framework"
 version = "2.11.1"
@@ -3168,13 +2709,15 @@ dependencies = [
 ]
 [[package]]
-name = "signature"
-version = "2.2.0"
+name = "simple_asn1"
+version = "0.6.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
+checksum = "297f631f50729c8c99b84667867963997ec0b50f32b2a7dbcab828ef0541e8bb"
 dependencies = [
- "digest",
- "rand_core 0.6.4",
+ "num-bigint",
+ "num-traits",
+ "thiserror 2.0.12",
+ "time",
 ]
 [[package]]
@@ -3202,22 +2745,6 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
-[[package]]
-name = "spin"
-version = "0.9.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
-[[package]]
-name = "spki"
-version = "0.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
-dependencies = [
- "base64ct",
- "der",
-]
 [[package]]
 name = "stable_deref_trait"
 version = "1.2.0"
@@ -3230,19 +2757,6 @@ version = "2.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
-[[package]]
-name = "superboring"
-version = "0.1.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "515cce34a781d7250b8a65706e0f2a5b99236ea605cb235d4baed6685820478f"
-dependencies = [
- "getrandom 0.2.15",
- "hmac-sha256",
- "hmac-sha512",
- "rand 0.8.5",
- "rsa",
-]
 [[package]]
 name = "syn"
 version = "2.0.98"
@@ -3775,15 +3289,6 @@ dependencies = [
  "wit-bindgen-rt",
 ]
-[[package]]
-name = "wasix"
-version = "0.12.21"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c1fbb4ef9bbca0c1170e0b00dd28abc9e3b68669821600cad1caaed606583c6d"
-dependencies = [
- "wasi 0.11.0+wasi-snapshot-preview1",
-]
 [[package]]
 name = "wasm-bindgen"
 version = "0.2.100"

data/ext/itsi_server/Cargo.toml CHANGED Viewed

@@ -42,7 +42,7 @@ hyper-util = { version = "0.1.10", features = ["full"] }
 itsi_error = { path = "../itsi_error" }
 itsi_rb_helpers = { path = "../itsi_rb_helpers" }
 itsi_tracing = { path = "../itsi_tracing" }
-jwt-simple = "0.12.12"
+jsonwebtoken = "9.3.1"
 magnus = { version = "0.7.1", features = ["bytes", "rb-sys"] }
 moka = { version = "0.12.10", features = ["sync"] }
 notify = { version = "8.0.0" }

data/ext/itsi_server/src/server/middleware_stack/middlewares/auth_jwt.rs CHANGED Viewed

@@ -5,20 +5,14 @@ use crate::server::{
 };
 use async_trait::async_trait;
 use base64::{engine::general_purpose, Engine};
+use derive_more::Debug;
 use either::Either;
 use itsi_error::ItsiError;
-use jwt_simple::{
-    claims::{self, JWTClaims, NoCustomClaims},
-    prelude::{
-        ECDSAP256PublicKeyLike, ECDSAP384PublicKeyLike, ES256PublicKey, ES384PublicKey, HS256Key,
-        HS384Key, HS512Key, MACLike, PS256PublicKey, PS384PublicKey, PS512PublicKey,
-        RS256PublicKey, RS384PublicKey, RS512PublicKey, RSAPublicKeyLike,
-    },
-    token::Token,
+use jsonwebtoken::{
+    decode, decode_header, Algorithm as JwtAlg, DecodingKey, TokenData, Validation,
 };
 use magnus::error::Result;
 use serde::Deserialize;
-use std::str;
 use std::{
     collections::{HashMap, HashSet},
     sync::OnceLock,
@@ -27,9 +21,12 @@ use std::{
 #[derive(Debug, Clone, Deserialize)]
 pub struct AuthJwt {
     pub token_source: TokenSource,
+    // The verifiers map still holds base64-encoded key strings keyed by algorithm.
     pub verifiers: HashMap<JwtAlgorithm, Vec<String>>,
+    // We now store jsonwebtoken’s DecodingKey in our OnceLock.
     #[serde(skip_deserializing)]
-    pub keys: OnceLock<HashMap<JwtAlgorithm, Vec<JwtKey>>>,
+    #[debug(skip)]
+    pub keys: OnceLock<HashMap<JwtAlgorithm, Vec<DecodingKey>>>,
     pub audiences: Option<HashSet<String>>,
     pub subjects: Option<HashSet<String>>,
     pub issuers: Option<HashSet<String>>,
@@ -63,161 +60,90 @@ pub enum JwtAlgorithm {
     Ps512,
 }
+// Allow conversion from jsonwebtoken’s Algorithm to our JwtAlgorithm.
+impl From<JwtAlg> for JwtAlgorithm {
+    fn from(alg: JwtAlg) -> Self {
+        match alg {
+            JwtAlg::HS256 => JwtAlgorithm::Hs256,
+            JwtAlg::HS384 => JwtAlgorithm::Hs384,
+            JwtAlg::HS512 => JwtAlgorithm::Hs512,
+            JwtAlg::RS256 => JwtAlgorithm::Rs256,
+            JwtAlg::RS384 => JwtAlgorithm::Rs384,
+            JwtAlg::RS512 => JwtAlgorithm::Rs512,
+            JwtAlg::ES256 => JwtAlgorithm::Es256,
+            JwtAlg::ES384 => JwtAlgorithm::Es384,
+            JwtAlg::PS256 => JwtAlgorithm::Ps256,
+            JwtAlg::PS384 => JwtAlgorithm::Ps384,
+            JwtAlg::PS512 => JwtAlgorithm::Ps512,
+            _ => panic!("Unsupported algorithm"),
+        }
+    }
+}
 impl JwtAlgorithm {
-    pub fn key_from(&self, base64: &str) -> Result<JwtKey> {
+    /// Given a base64-encoded key string, decode and construct a jsonwebtoken::DecodingKey.
+    pub fn key_from(&self, base64: &str) -> itsi_error::Result<DecodingKey> {
         let bytes = general_purpose::STANDARD
             .decode(base64)
             .map_err(ItsiError::default)?;
         match self {
-            JwtAlgorithm::Hs256 => Ok(JwtKey::Hs256(HS256Key::from_bytes(&bytes))),
-            JwtAlgorithm::Hs384 => Ok(JwtKey::Hs384(HS384Key::from_bytes(&bytes))),
-            JwtAlgorithm::Hs512 => Ok(JwtKey::Hs512(HS512Key::from_bytes(&bytes))),
-            JwtAlgorithm::Rs256 => Ok(RS256PublicKey::from_der(&bytes)
-                .or_else(|_| {
-                    RS256PublicKey::from_pem(
-                        &String::from_utf8(bytes.clone()).map_err(ItsiError::default)?,
-                    )
-                })
-                .map(JwtKey::Rs256)
-                .map_err(ItsiError::default)?),
-            JwtAlgorithm::Rs384 => Ok(RS384PublicKey::from_der(&bytes)
-                .or_else(|_| {
-                    RS384PublicKey::from_pem(
-                        &String::from_utf8(bytes.clone()).map_err(ItsiError::default)?,
-                    )
-                })
-                .map(JwtKey::Rs384)
-                .map_err(ItsiError::default)?),
-            JwtAlgorithm::Rs512 => Ok(RS512PublicKey::from_der(&bytes)
-                .or_else(|_| {
-                    RS512PublicKey::from_pem(
-                        &String::from_utf8(bytes.clone()).map_err(ItsiError::default)?,
-                    )
-                })
-                .map(JwtKey::Rs512)
-                .map_err(ItsiError::default)?),
-            JwtAlgorithm::Es256 => Ok(ES256PublicKey::from_der(&bytes)
-                .or_else(|_| {
-                    ES256PublicKey::from_pem(
-                        &String::from_utf8(bytes.clone()).map_err(ItsiError::default)?,
-                    )
-                })
-                .map(JwtKey::Es256)
-                .map_err(ItsiError::default)?),
-            JwtAlgorithm::Es384 => Ok(ES384PublicKey::from_der(&bytes)
-                .or_else(|_| {
-                    ES384PublicKey::from_pem(
-                        &String::from_utf8(bytes.clone()).map_err(ItsiError::default)?,
-                    )
-                })
-                .map(JwtKey::Es384)
-                .map_err(ItsiError::default)?),
-            JwtAlgorithm::Ps256 => Ok(PS256PublicKey::from_der(&bytes)
-                .or_else(|_| {
-                    PS256PublicKey::from_pem(
-                        &String::from_utf8(bytes.clone()).map_err(ItsiError::default)?,
-                    )
-                })
-                .map(JwtKey::Ps256)
-                .map_err(ItsiError::default)?),
-            JwtAlgorithm::Ps384 => Ok(PS384PublicKey::from_der(&bytes)
-                .or_else(|_| {
-                    PS384PublicKey::from_pem(
-                        &String::from_utf8(bytes.clone()).map_err(ItsiError::default)?,
-                    )
-                })
-                .map(JwtKey::Ps384)
-                .map_err(ItsiError::default)?),
-            JwtAlgorithm::Ps512 => Ok(PS512PublicKey::from_der(&bytes)
-                .or_else(|_| {
-                    PS512PublicKey::from_pem(
-                        &String::from_utf8(bytes.clone()).map_err(ItsiError::default)?,
-                    )
-                })
-                .map(JwtKey::Ps512)
-                .map_err(ItsiError::default)?),
+            // For HMAC algorithms, use the secret directly.
+            JwtAlgorithm::Hs256 | JwtAlgorithm::Hs384 | JwtAlgorithm::Hs512 => {
+                Ok(DecodingKey::from_secret(&bytes))
+            }
+            // For RSA (and PS) algorithms, expect a PEM-formatted key.
+            JwtAlgorithm::Rs256
+            | JwtAlgorithm::Rs384
+            | JwtAlgorithm::Rs512
+            | JwtAlgorithm::Ps256
+            | JwtAlgorithm::Ps384
+            | JwtAlgorithm::Ps512 => {
+                DecodingKey::from_rsa_pem(&bytes).map_err(|e| ItsiError::default(e.to_string()))
+            }
+            // For ECDSA algorithms, expect a PEM-formatted key.
+            JwtAlgorithm::Es256 | JwtAlgorithm::Es384 => {
+                DecodingKey::from_ec_pem(&bytes).map_err(|e| ItsiError::default(e.to_string()))
+            }
         }
     }
 }
-#[derive(Debug, Clone)]
-pub enum JwtKey {
-    Hs256(HS256Key),
-    Hs384(HS384Key),
-    Hs512(HS512Key),
-    Rs256(RS256PublicKey),
-    Rs384(RS384PublicKey),
-    Rs512(RS512PublicKey),
-    Es256(ES256PublicKey),
-    Es384(ES384PublicKey),
-    Ps256(PS256PublicKey),
-    Ps384(PS384PublicKey),
-    Ps512(PS512PublicKey),
+#[derive(Debug, Deserialize)]
+#[serde(untagged)]
+enum Audience {
+    Single(String),
+    Multiple(Vec<String>),
 }
-impl TryFrom<&str> for JwtAlgorithm {
-    type Error = itsi_error::ItsiError;
-    fn try_from(value: &str) -> std::result::Result<Self, Self::Error> {
-        match value.to_ascii_lowercase().as_str() {
-            "hs256" => Ok(JwtAlgorithm::Hs256),
-            "hs384" => Ok(JwtAlgorithm::Hs384),
-            "hs512" => Ok(JwtAlgorithm::Hs512),
-            "rs256" => Ok(JwtAlgorithm::Rs256),
-            "rs384" => Ok(JwtAlgorithm::Rs384),
-            "rs512" => Ok(JwtAlgorithm::Rs512),
-            "es256" => Ok(JwtAlgorithm::Es256),
-            "es384" => Ok(JwtAlgorithm::Es384),
-            "ps256" => Ok(JwtAlgorithm::Ps256),
-            "ps384" => Ok(JwtAlgorithm::Ps384),
-            "ps512" => Ok(JwtAlgorithm::Ps512),
-            _ => Err(itsi_error::ItsiError::UnsupportedProtocol(
-                "Unsupported JWT Algorithm".to_string(),
-            )),
-        }
-    }
-}
-impl JwtKey {
-    pub fn verify(
-        &self,
-        token: &str,
-    ) -> std::result::Result<JWTClaims<claims::NoCustomClaims>, jwt_simple::Error> {
-        match self {
-            JwtKey::Hs256(key) => key.verify_token::<NoCustomClaims>(token, None),
-            JwtKey::Hs384(key) => key.verify_token::<NoCustomClaims>(token, None),
-            JwtKey::Hs512(key) => key.verify_token::<NoCustomClaims>(token, None),
-            JwtKey::Rs256(key) => key.verify_token::<NoCustomClaims>(token, None),
-            JwtKey::Rs384(key) => key.verify_token::<NoCustomClaims>(token, None),
-            JwtKey::Rs512(key) => key.verify_token::<NoCustomClaims>(token, None),
-            JwtKey::Es256(key) => key.verify_token::<NoCustomClaims>(token, None),
-            JwtKey::Es384(key) => key.verify_token::<NoCustomClaims>(token, None),
-            JwtKey::Ps256(key) => key.verify_token::<NoCustomClaims>(token, None),
-            JwtKey::Ps384(key) => key.verify_token::<NoCustomClaims>(token, None),
-            JwtKey::Ps512(key) => key.verify_token::<NoCustomClaims>(token, None),
-        }
-    }
+#[derive(Debug, Deserialize)]
+struct Claims {
+    // Here we assume the token includes an expiration.
+    #[allow(dead_code)]
+    exp: usize,
+    // The audience claim may be a single string or an array.
+    aud: Option<Audience>,
+    sub: Option<String>,
+    iss: Option<String>,
 }
 #[async_trait]
 impl MiddlewareLayer for AuthJwt {
     async fn initialize(&self) -> Result<()> {
-        let keys: HashMap<JwtAlgorithm, Vec<JwtKey>> = self
+        let keys: HashMap<JwtAlgorithm, Vec<DecodingKey>> = self
             .verifiers
             .iter()
             .map(|(algorithm, key_strings)| {
                 let algo = algorithm.clone();
-                let keys: Result<Vec<JwtKey>> = key_strings
+                let keys: itsi_error::Result<Vec<DecodingKey>> = key_strings
                     .iter()
                     .map(|key_string| algorithm.key_from(key_string))
                     .collect();
                 keys.map(|keys| (algo, keys))
             })
-            .collect::<Result<HashMap<JwtAlgorithm, Vec<JwtKey>>>>()?;
+            .collect::<itsi_error::Result<HashMap<JwtAlgorithm, Vec<DecodingKey>>>>()?;
         self.keys
             .set(keys)
-            .map_err(|e| ItsiError::default(format!("Failed to set keys: {:?}", e)))?;
+            .map_err(|_| ItsiError::default("Failed to set keys".to_string()))?;
         Ok(())
     }
@@ -226,6 +152,7 @@ impl MiddlewareLayer for AuthJwt {
         req: HttpRequest,
         _context: &mut RequestContext,
     ) -> Result<Either<HttpRequest, HttpResponse>> {
+        // Retrieve the JWT token from either a header or a query parameter.
         let token_str = match &self.token_source {
             TokenSource::Header { name, prefix } => {
                 if let Some(header) = req.header(name) {
@@ -246,45 +173,61 @@ impl MiddlewareLayer for AuthJwt {
                 self.error_response.to_http_response(&req).await,
             ));
         }
         let token_str = token_str.unwrap();
-        let token_meta = Token::decode_metadata(token_str);
-        if token_meta.is_err() {
-            return Ok(Either::Right(
-                self.error_response.to_http_response(&req).await,
-            ));
-        }
-        let token_meta: std::result::Result<JwtAlgorithm, ItsiError> =
-            token_meta.unwrap().algorithm().try_into();
-        if token_meta.is_err() {
-            return Ok(Either::Right(
-                self.error_response.to_http_response(&req).await,
-            ));
-        }
-        let algorithm = token_meta.unwrap();
+        // Use jsonwebtoken's decode_header to inspect the token and determine its algorithm.
+        let header =
+            decode_header(token_str).map_err(|_| ItsiError::default("Invalid token header"))?;
+        let alg: JwtAlgorithm = header.alg.into();
-        if !self.verifiers.contains_key(&algorithm) {
+        if !self.verifiers.contains_key(&alg) {
             return Ok(Either::Right(
                 self.error_response.to_http_response(&req).await,
             ));
         }
+        let keys = self.keys.get().unwrap().get(&alg).unwrap();
-        let keys = self.keys.get().unwrap().get(&algorithm).unwrap();
+        // Build validation based on the algorithm and optional leeway.
+        let mut validation = Validation::new(match alg {
+            JwtAlgorithm::Hs256 => JwtAlg::HS256,
+            JwtAlgorithm::Hs384 => JwtAlg::HS384,
+            JwtAlgorithm::Hs512 => JwtAlg::HS512,
+            JwtAlgorithm::Rs256 => JwtAlg::RS256,
+            JwtAlgorithm::Rs384 => JwtAlg::RS384,
+            JwtAlgorithm::Rs512 => JwtAlg::RS512,
+            JwtAlgorithm::Es256 => JwtAlg::ES256,
+            JwtAlgorithm::Es384 => JwtAlg::ES384,
+            JwtAlgorithm::Ps256 => JwtAlg::PS256,
+            JwtAlgorithm::Ps384 => JwtAlg::PS384,
+            JwtAlgorithm::Ps512 => JwtAlg::PS512,
+        });
+        if let Some(leeway) = self.leeway {
+            validation.leeway = leeway;
+        }
+        // (Optional) You could set expected issuer or audience on `validation` here.
-        let verified_claims = keys.iter().find_map(|key| key.verify(token_str).ok());
-        if verified_claims.is_none() {
+        // Try verifying the token using each key until one succeeds.
+        let token_data: Option<TokenData<Claims>> = keys
+            .iter()
+            .find_map(|key| decode::<Claims>(token_str, key, &validation).ok());
+        let token_data = if let Some(data) = token_data {
+            data
+        } else {
             return Ok(Either::Right(
                 self.error_response.to_http_response(&req).await,
             ));
-        }
+        };
-        let claims = verified_claims.unwrap();
+        let claims = token_data.claims;
+        // Verify expected audiences.
         if let Some(expected_audiences) = &self.audiences {
-            // The aud claim may be a string or an array.
-            if let Some(audiences) = &claims.audiences {
-                if !audiences.contains(expected_audiences) {
+            if let Some(aud) = &claims.aud {
+                let token_auds: HashSet<String> = match aud {
+                    Audience::Single(s) => [s.clone()].into_iter().collect(),
+                    Audience::Multiple(v) => v.iter().cloned().collect(),
+                };
+                if expected_audiences.is_disjoint(&token_auds) {
                     return Ok(Either::Right(
                         self.error_response.to_http_response(&req).await,
                     ));
@@ -292,10 +235,10 @@ impl MiddlewareLayer for AuthJwt {
             }
         }
+        // Verify expected subject.
         if let Some(expected_subjects) = &self.subjects {
-            // The aud claim may be a string or an array.
-            if let Some(subject) = &claims.subject {
-                if !expected_subjects.contains(subject) {
+            if let Some(sub) = &claims.sub {
+                if !expected_subjects.contains(sub) {
                     return Ok(Either::Right(
                         self.error_response.to_http_response(&req).await,
                     ));
@@ -303,10 +246,10 @@ impl MiddlewareLayer for AuthJwt {
             }
         }
+        // Verify expected issuer.
         if let Some(expected_issuers) = &self.issuers {
-            // The aud claim may be a string or an array.
-            if let Some(issuer) = &claims.issuer {
-                if !expected_issuers.contains(issuer) {
+            if let Some(iss) = &claims.iss {
+                if !expected_issuers.contains(iss) {
                     return Ok(Either::Right(
                         self.error_response.to_http_response(&req).await,
                     ));

data/lib/itsi/server/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Itsi
   class Server
-    VERSION = "0.1.13"
+    VERSION = "0.1.14"
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: itsi-server
 version: !ruby/object:Gem::Version
-  version: 0.1.13
+  version: 0.1.14
 platform: ruby
 authors:
 - Wouter Coppieters