jay_doubleu_tee 0.2.1 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +31 -9
- data/lib/jay_doubleu_tee/authorization.rb +18 -2
- data/lib/jay_doubleu_tee/version.rb +1 -1
- data/lib/jay_doubleu_tee.rb +2 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 99f790e08b792c0ba695a3a4f58a763d9dde8ce4115e945f28d3cf43da6c4118
|
|
4
|
+
data.tar.gz: e2041a8d8edf5a0b2caf14dbfeb6e64839e3bc4146a80b08e02df6f071fa724c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 173ceb6452a1084064adb766cf711b0ed4f4891da056e67bb1cd1cfec2584591f270a13a0e1caa74b3338fbe3941480e601f7c81a721a3162587a7165bb7f63f
|
|
7
|
+
data.tar.gz: 44b3582ca38846273810922bbfd7175f65da84bbfd71a66057af29bf382211c89fea23982e24caf9f62eaf6ec2755b0f1eb860aa672dcfdea745fe2e50ac7f49
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -49,12 +49,7 @@ class App
|
|
|
49
49
|
include JayDoubleuTee::Auth
|
|
50
50
|
|
|
51
51
|
def call(env)
|
|
52
|
-
status, body =
|
|
53
|
-
if auth.success?
|
|
54
|
-
[200, [{ message: "Hello, World!", auth: auth.value! }]]
|
|
55
|
-
else
|
|
56
|
-
[401, [{ error: auth.failure }.to_json]]
|
|
57
|
-
end
|
|
52
|
+
status, body = [200, [{ message: "Hello, World!", auth: auth.value! }]]
|
|
58
53
|
|
|
59
54
|
[status, headers, body]
|
|
60
55
|
end
|
|
@@ -66,7 +61,12 @@ class App
|
|
|
66
61
|
end
|
|
67
62
|
end
|
|
68
63
|
|
|
69
|
-
|
|
64
|
+
JayDoubleuTee.configure do |config|
|
|
65
|
+
config.algorithm = 'RS256'
|
|
66
|
+
config.secret = ENV['JAY_DOUBLEU_TEE_PUBLIC_KEY']
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
use JayDoubleuTee::Authorization
|
|
70
70
|
|
|
71
71
|
run App.new
|
|
72
72
|
```
|
|
@@ -98,7 +98,7 @@ curl --location --request GET 'http://localhost:9292' \
|
|
|
98
98
|
# config.ru
|
|
99
99
|
|
|
100
100
|
require "jay_doubleu_tee"
|
|
101
|
-
use JayDoubleuTee::
|
|
101
|
+
use JayDoubleuTee::Authorization
|
|
102
102
|
```
|
|
103
103
|
|
|
104
104
|
### Rails
|
|
@@ -107,7 +107,7 @@ use JayDoubleuTee::Authentication
|
|
|
107
107
|
# config.ru
|
|
108
108
|
|
|
109
109
|
require "jay_doubleu_tee"
|
|
110
|
-
use JayDoubleuTee::
|
|
110
|
+
use JayDoubleuTee::Authorization
|
|
111
111
|
```
|
|
112
112
|
|
|
113
113
|
#### Supported algorithms
|
|
@@ -135,6 +135,28 @@ end
|
|
|
135
135
|
|
|
136
136
|
Again, for information how to generate private and public keys, [jwt documentation](https://github.com/jwt/ruby-jwt#algorithms-and-usage) or check out the [spec files](https://github.com/hanamimastery/jay_doubleu_tee/tree/master/spec/jay_doubleu_tee/decoder_spec.rb)
|
|
137
137
|
|
|
138
|
+
**Authorizing by default**
|
|
139
|
+
|
|
140
|
+
JayDoubleuTee uses secure by default principle, adding authorization to all endpoints using the middleware. If you don't want to authorize all responses by default, you can override the corresponding setting.
|
|
141
|
+
|
|
142
|
+
```ruby
|
|
143
|
+
JayDoubleuTee.configure do |config|
|
|
144
|
+
config.authorize_by_default = false
|
|
145
|
+
end
|
|
146
|
+
```
|
|
147
|
+
|
|
148
|
+
Then in your action you need to handle authorization failure on your own.
|
|
149
|
+
|
|
150
|
+
```ruby
|
|
151
|
+
if auth.success?
|
|
152
|
+
[200, [{ message: "Hello, World!", auth: auth.value! }]]
|
|
153
|
+
else
|
|
154
|
+
[401, [{ error: auth.failure }.to_json]]
|
|
155
|
+
end
|
|
156
|
+
```
|
|
157
|
+
|
|
158
|
+
This may be useful if you have only one component in your application using the JWT flow, while the rest use different authorization mechanism.
|
|
159
|
+
|
|
138
160
|
## Development
|
|
139
161
|
|
|
140
162
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
|
@@ -7,17 +7,33 @@ module JayDoubleuTee
|
|
|
7
7
|
class Authorization
|
|
8
8
|
include Dry::Effects::Handler.Reader(:auth)
|
|
9
9
|
|
|
10
|
-
attr_reader :decoder
|
|
10
|
+
attr_reader :decoder, :config
|
|
11
11
|
|
|
12
12
|
def initialize(app)
|
|
13
13
|
@app = app
|
|
14
14
|
@decoder = Decoder.new
|
|
15
|
+
@config = JayDoubleuTee.config
|
|
15
16
|
end
|
|
16
17
|
|
|
17
18
|
def call(env)
|
|
18
|
-
|
|
19
|
+
auth = decoder.call(env["HTTP_AUTHORIZATION"])
|
|
20
|
+
|
|
21
|
+
return authorization_error(auth) if unauthorized?(auth)
|
|
22
|
+
|
|
23
|
+
with_auth(auth) do
|
|
19
24
|
@app.call(env)
|
|
20
25
|
end
|
|
21
26
|
end
|
|
27
|
+
|
|
28
|
+
private
|
|
29
|
+
|
|
30
|
+
def authorization_error(auth)
|
|
31
|
+
headers = { 'Content-Type' => 'application/json' }
|
|
32
|
+
[ 401, headers, [{ error: auth.failure }.to_json]]
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def unauthorized?(auth)
|
|
36
|
+
config.authorize_by_default && auth.failure?
|
|
37
|
+
end
|
|
22
38
|
end
|
|
23
39
|
end
|
data/lib/jay_doubleu_tee.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jay_doubleu_tee
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sebastian Wilgosz
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-12-
|
|
11
|
+
date: 2021-12-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jwt
|