jay_doubleu_tee 0.2.1 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.tool-versions +1 -0
- data/Gemfile.lock +2 -2
- data/README.md +32 -9
- data/lib/jay_doubleu_tee/authorization.rb +18 -2
- data/lib/jay_doubleu_tee/version.rb +1 -1
- data/lib/jay_doubleu_tee.rb +3 -1
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1ca496fec80501e8e98bc75a5965dfc18cce6768e9285c7ec234de1296256e9f
|
|
4
|
+
data.tar.gz: 5ad933fb852efaff69de32b0d14066e4801fb6954e43e97c1bf29949a6b52b69
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7e124fc6bfe66c4ec3d9e65e6a1c07f9f509b174727b7e77f6cf1c18cb699876abea9c9e1174a0d166739dfc8aab6b4b2f4e5b95d88c97abd394f5d76130d6c3
|
|
7
|
+
data.tar.gz: d7c8b055c577e28513cede0ae6473df26d15c88b38f83829a6ab689aef397d692816e59f742125432478c2c9a61928bb236cc0933f9b0a83c3ba90d362597bf1
|
data/.tool-versions
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
ruby 3.0.2
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -49,12 +49,7 @@ class App
|
|
|
49
49
|
include JayDoubleuTee::Auth
|
|
50
50
|
|
|
51
51
|
def call(env)
|
|
52
|
-
status, body =
|
|
53
|
-
if auth.success?
|
|
54
|
-
[200, [{ message: "Hello, World!", auth: auth.value! }]]
|
|
55
|
-
else
|
|
56
|
-
[401, [{ error: auth.failure }.to_json]]
|
|
57
|
-
end
|
|
52
|
+
status, body = [200, [{ message: "Hello, World!", auth: auth.value! }]]
|
|
58
53
|
|
|
59
54
|
[status, headers, body]
|
|
60
55
|
end
|
|
@@ -66,7 +61,12 @@ class App
|
|
|
66
61
|
end
|
|
67
62
|
end
|
|
68
63
|
|
|
69
|
-
|
|
64
|
+
JayDoubleuTee.configure do |config|
|
|
65
|
+
config.algorithm = 'RS256'
|
|
66
|
+
config.secret = ENV['JAY_DOUBLEU_TEE_PUBLIC_KEY']
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
use JayDoubleuTee::Authorization
|
|
70
70
|
|
|
71
71
|
run App.new
|
|
72
72
|
```
|
|
@@ -98,7 +98,7 @@ curl --location --request GET 'http://localhost:9292' \
|
|
|
98
98
|
# config.ru
|
|
99
99
|
|
|
100
100
|
require "jay_doubleu_tee"
|
|
101
|
-
use JayDoubleuTee::
|
|
101
|
+
use JayDoubleuTee::Authorization
|
|
102
102
|
```
|
|
103
103
|
|
|
104
104
|
### Rails
|
|
@@ -107,7 +107,7 @@ use JayDoubleuTee::Authentication
|
|
|
107
107
|
# config.ru
|
|
108
108
|
|
|
109
109
|
require "jay_doubleu_tee"
|
|
110
|
-
use JayDoubleuTee::
|
|
110
|
+
use JayDoubleuTee::Authorization
|
|
111
111
|
```
|
|
112
112
|
|
|
113
113
|
#### Supported algorithms
|
|
@@ -135,6 +135,28 @@ end
|
|
|
135
135
|
|
|
136
136
|
Again, for information how to generate private and public keys, [jwt documentation](https://github.com/jwt/ruby-jwt#algorithms-and-usage) or check out the [spec files](https://github.com/hanamimastery/jay_doubleu_tee/tree/master/spec/jay_doubleu_tee/decoder_spec.rb)
|
|
137
137
|
|
|
138
|
+
**Authorizing by default**
|
|
139
|
+
|
|
140
|
+
JayDoubleuTee uses secure by default principle, adding authorization to all endpoints using the middleware. If you don't want to authorize all responses by default, you can override the corresponding setting.
|
|
141
|
+
|
|
142
|
+
```ruby
|
|
143
|
+
JayDoubleuTee.configure do |config|
|
|
144
|
+
config.authorize_by_default = false
|
|
145
|
+
end
|
|
146
|
+
```
|
|
147
|
+
|
|
148
|
+
Then in your action you need to handle authorization failure on your own.
|
|
149
|
+
|
|
150
|
+
```ruby
|
|
151
|
+
if auth.success?
|
|
152
|
+
[200, [{ message: "Hello, World!", auth: auth.value! }]]
|
|
153
|
+
else
|
|
154
|
+
[401, [{ error: auth.failure }.to_json]]
|
|
155
|
+
end
|
|
156
|
+
```
|
|
157
|
+
|
|
158
|
+
This may be useful if you have only one component in your application using the JWT flow, while the rest use different authorization mechanism.
|
|
159
|
+
|
|
138
160
|
## Development
|
|
139
161
|
|
|
140
162
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
|
@@ -145,6 +167,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
|
145
167
|
|
|
146
168
|
It's built on top of several gems to ensure the best user experience.
|
|
147
169
|
|
|
170
|
+
- [Hanami Mastery screencast](https://hanamimastery.com/episodes/12-authorization-with-jwt)
|
|
148
171
|
- [JWT](https://github.com/jwt/ruby-jwt#algorithms-and-usage)
|
|
149
172
|
- [dry-effects](https://dry-rb.org/gems/dry-effects). Here is the [video tutorial for dry-effects](https://hanamimastery.com/episodes/11-effective-ruby-programming-with-dry-effects)
|
|
150
173
|
- [dry-monads](https://dry-rb.org/gems/dry-monads). Here is a [video tutorial for dry-monads](https://hanamimastery.com/episodes/7-untangle-your-app-with-dry-monads)
|
|
@@ -7,17 +7,33 @@ module JayDoubleuTee
|
|
|
7
7
|
class Authorization
|
|
8
8
|
include Dry::Effects::Handler.Reader(:auth)
|
|
9
9
|
|
|
10
|
-
attr_reader :decoder
|
|
10
|
+
attr_reader :decoder, :config
|
|
11
11
|
|
|
12
12
|
def initialize(app)
|
|
13
13
|
@app = app
|
|
14
14
|
@decoder = Decoder.new
|
|
15
|
+
@config = JayDoubleuTee.config
|
|
15
16
|
end
|
|
16
17
|
|
|
17
18
|
def call(env)
|
|
18
|
-
|
|
19
|
+
auth = decoder.call(env["HTTP_AUTHORIZATION"])
|
|
20
|
+
|
|
21
|
+
return authorization_error(auth) if unauthorized?(auth)
|
|
22
|
+
|
|
23
|
+
with_auth(auth) do
|
|
19
24
|
@app.call(env)
|
|
20
25
|
end
|
|
21
26
|
end
|
|
27
|
+
|
|
28
|
+
private
|
|
29
|
+
|
|
30
|
+
def authorization_error(auth)
|
|
31
|
+
headers = { 'Content-Type' => 'application/json' }
|
|
32
|
+
[ 401, headers, [{ error: auth.failure }.to_json]]
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def unauthorized?(auth)
|
|
36
|
+
config.authorize_by_default && auth.failure?
|
|
37
|
+
end
|
|
22
38
|
end
|
|
23
39
|
end
|
data/lib/jay_doubleu_tee.rb
CHANGED
|
@@ -14,10 +14,12 @@ module JayDoubleuTee
|
|
|
14
14
|
|
|
15
15
|
extend Dry::Configurable
|
|
16
16
|
|
|
17
|
-
setting :algorithm, default: 'RS256'
|
|
17
|
+
setting :algorithm, default: 'RS256', constructor: ->(value) do
|
|
18
18
|
raise ConfigurationError, "Unsupported algorithm." unless ALGORITHMS.include?(value)
|
|
19
19
|
value
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
setting :secret, default: ENV['JAY_DOUBLEU_TEE_PUBLIC_KEY']
|
|
23
|
+
|
|
24
|
+
setting :authorize_by_default, default: true
|
|
23
25
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jay_doubleu_tee
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sebastian Wilgosz
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-01-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jwt
|
|
@@ -76,6 +76,7 @@ extra_rdoc_files: []
|
|
|
76
76
|
files:
|
|
77
77
|
- ".gitignore"
|
|
78
78
|
- ".rspec"
|
|
79
|
+
- ".tool-versions"
|
|
79
80
|
- ".travis.yml"
|
|
80
81
|
- CODE_OF_CONDUCT.md
|
|
81
82
|
- Gemfile
|
|
@@ -116,7 +117,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
116
117
|
- !ruby/object:Gem::Version
|
|
117
118
|
version: '0'
|
|
118
119
|
requirements: []
|
|
119
|
-
rubygems_version: 3.
|
|
120
|
+
rubygems_version: 3.2.31
|
|
120
121
|
signing_key:
|
|
121
122
|
specification_version: 4
|
|
122
123
|
summary: A JWT authorization solution for any ruby web app.
|