jwt-authorizer 1.0.0.beta1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 428eced648fcb226781a748396f9bf30f3647af418ab5c6e059ef3312f92b416
4
+ data.tar.gz: ec06ac75857191c25081b8a179067a1c216712b05c7bfb11b742f42d45d03509
5
+ SHA512:
6
+ metadata.gz: 12889b5f4b086638b400f5b7fe49182a68b06e054d80e97409334cc5f88a239fbabfdbb643bf1451f07f3b33ce222ce795cb7ab53025255ca17a9f618b9c1e0e
7
+ data.tar.gz: 2a7d53727bd6d7defa4567f218c5b84914edbad8100ad9ea80e6bb281fa53444661c73c3989bf32c3ce4225bd64e50e21017e19a720a1e9e66ca21e5a77ab997
data/.codeclimate.yml ADDED
@@ -0,0 +1,6 @@
1
+ version: "2"
2
+ plugins:
3
+ rubocop:
4
+ enabled: true
5
+ bundler-audit:
6
+ enabled: true
data/.gitignore ADDED
@@ -0,0 +1,11 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /_yardoc/
4
+ /coverage/
5
+ /doc/
6
+ /pkg/
7
+ /spec/reports/
8
+ /tmp/
9
+
10
+ # rspec failure tracking
11
+ .rspec_status
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --format progress
2
+ --color
3
+ --require spec_helper
data/.rubocop.yml ADDED
@@ -0,0 +1,26 @@
1
+ AllCops:
2
+ TargetRubyVersion: 2.4
3
+ Exclude:
4
+ - "db/schema.rb"
5
+
6
+ Lint/MissingCopEnableDirective:
7
+ Enabled: false
8
+
9
+ Style/Documentation:
10
+ Enabled: false
11
+
12
+ Style/Encoding:
13
+ Enabled: false
14
+
15
+ Metrics/LineLength:
16
+ Max: 125
17
+
18
+ Metrics/BlockLength:
19
+ Exclude:
20
+ - "spec/**/*.rb"
21
+
22
+ StringLiterals:
23
+ EnforcedStyle: double_quotes
24
+
25
+ DotPosition:
26
+ EnforcedStyle: leading
data/.travis.yml ADDED
@@ -0,0 +1,14 @@
1
+ sudo: false
2
+ language: ruby
3
+ cache: bundler
4
+ rvm:
5
+ - 2.4.3
6
+ - 2.5.0
7
+ before_install: gem install bundler -v 1.16.1
8
+ before_script:
9
+ - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
10
+ - chmod +x ./cc-test-reporter
11
+ - ./cc-test-reporter before-build
12
+ script: bundle exec rspec
13
+ after_script:
14
+ - ./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT
data/CHANGELOG.md ADDED
@@ -0,0 +1,3 @@
1
+ ## 1.0.0
2
+
3
+ - First release :fireworks:
@@ -0,0 +1,74 @@
1
+ # Contributor Covenant Code of Conduct
2
+
3
+ ## Our Pledge
4
+
5
+ In the interest of fostering an open and welcoming environment, we as
6
+ contributors and maintainers pledge to making participation in our project and
7
+ our community a harassment-free experience for everyone, regardless of age, body
8
+ size, disability, ethnicity, gender identity and expression, level of experience,
9
+ nationality, personal appearance, race, religion, or sexual identity and
10
+ orientation.
11
+
12
+ ## Our Standards
13
+
14
+ Examples of behavior that contributes to creating a positive environment
15
+ include:
16
+
17
+ * Using welcoming and inclusive language
18
+ * Being respectful of differing viewpoints and experiences
19
+ * Gracefully accepting constructive criticism
20
+ * Focusing on what is best for the community
21
+ * Showing empathy towards other community members
22
+
23
+ Examples of unacceptable behavior by participants include:
24
+
25
+ * The use of sexualized language or imagery and unwelcome sexual attention or
26
+ advances
27
+ * Trolling, insulting/derogatory comments, and personal or political attacks
28
+ * Public or private harassment
29
+ * Publishing others' private information, such as a physical or electronic
30
+ address, without explicit permission
31
+ * Other conduct which could reasonably be considered inappropriate in a
32
+ professional setting
33
+
34
+ ## Our Responsibilities
35
+
36
+ Project maintainers are responsible for clarifying the standards of acceptable
37
+ behavior and are expected to take appropriate and fair corrective action in
38
+ response to any instances of unacceptable behavior.
39
+
40
+ Project maintainers have the right and responsibility to remove, edit, or
41
+ reject comments, commits, code, wiki edits, issues, and other contributions
42
+ that are not aligned to this Code of Conduct, or to ban temporarily or
43
+ permanently any contributor for other behaviors that they deem inappropriate,
44
+ threatening, offensive, or harmful.
45
+
46
+ ## Scope
47
+
48
+ This Code of Conduct applies both within project spaces and in public spaces
49
+ when an individual is representing the project or its community. Examples of
50
+ representing a project or community include using an official project e-mail
51
+ address, posting via an official social media account, or acting as an appointed
52
+ representative at an online or offline event. Representation of a project may be
53
+ further defined and clarified by project maintainers.
54
+
55
+ ## Enforcement
56
+
57
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be
58
+ reported by contacting the project team at michal.begejowicz@codesthq.com. All
59
+ complaints will be reviewed and investigated and will result in a response that
60
+ is deemed necessary and appropriate to the circumstances. The project team is
61
+ obligated to maintain confidentiality with regard to the reporter of an incident.
62
+ Further details of specific enforcement policies may be posted separately.
63
+
64
+ Project maintainers who do not follow or enforce the Code of Conduct in good
65
+ faith may face temporary or permanent repercussions as determined by other
66
+ members of the project's leadership.
67
+
68
+ ## Attribution
69
+
70
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71
+ available at [http://contributor-covenant.org/version/1/4][version]
72
+
73
+ [homepage]: http://contributor-covenant.org
74
+ [version]: http://contributor-covenant.org/version/1/4/
data/Gemfile ADDED
@@ -0,0 +1,8 @@
1
+ # frozen_string_literal: true
2
+
3
+ source "https://rubygems.org"
4
+
5
+ git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
6
+
7
+ # Specify your gem's dependencies in jwt-authorizer.gemspec
8
+ gemspec
data/Gemfile.lock ADDED
@@ -0,0 +1,71 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ jwt-authorizer (1.0.0.beta1)
5
+ jwt (~> 2.1)
6
+
7
+ GEM
8
+ remote: https://rubygems.org/
9
+ specs:
10
+ ast (2.4.0)
11
+ coderay (1.1.2)
12
+ diff-lcs (1.3)
13
+ docile (1.1.5)
14
+ json (2.1.0)
15
+ jwt (2.1.0)
16
+ method_source (0.9.0)
17
+ parallel (1.12.1)
18
+ parser (2.5.0.2)
19
+ ast (~> 2.4.0)
20
+ powerpack (0.1.1)
21
+ pry (0.11.3)
22
+ coderay (~> 1.1.0)
23
+ method_source (~> 0.9.0)
24
+ rack (2.0.4)
25
+ rainbow (3.0.0)
26
+ rake (12.3.0)
27
+ rspec (3.7.0)
28
+ rspec-core (~> 3.7.0)
29
+ rspec-expectations (~> 3.7.0)
30
+ rspec-mocks (~> 3.7.0)
31
+ rspec-core (3.7.1)
32
+ rspec-support (~> 3.7.0)
33
+ rspec-expectations (3.7.0)
34
+ diff-lcs (>= 1.2.0, < 2.0)
35
+ rspec-support (~> 3.7.0)
36
+ rspec-mocks (3.7.0)
37
+ diff-lcs (>= 1.2.0, < 2.0)
38
+ rspec-support (~> 3.7.0)
39
+ rspec-support (3.7.1)
40
+ rubocop (0.53.0)
41
+ parallel (~> 1.10)
42
+ parser (>= 2.5)
43
+ powerpack (~> 0.1)
44
+ rainbow (>= 2.2.2, < 4.0)
45
+ ruby-progressbar (~> 1.7)
46
+ unicode-display_width (~> 1.0, >= 1.0.1)
47
+ ruby-progressbar (1.9.0)
48
+ simplecov (0.15.1)
49
+ docile (~> 1.1.0)
50
+ json (>= 1.8, < 3)
51
+ simplecov-html (~> 0.10.0)
52
+ simplecov-html (0.10.2)
53
+ timecop (0.9.1)
54
+ unicode-display_width (1.3.0)
55
+
56
+ PLATFORMS
57
+ ruby
58
+
59
+ DEPENDENCIES
60
+ bundler (~> 1.16)
61
+ jwt-authorizer!
62
+ pry (~> 0.11)
63
+ rack (~> 2.0)
64
+ rake (~> 12.0)
65
+ rspec (~> 3.0)
66
+ rubocop (~> 0.53)
67
+ simplecov (~> 0.15)
68
+ timecop (~> 0.9)
69
+
70
+ BUNDLED WITH
71
+ 1.16.1
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2018 Michał Begejowicz
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,133 @@
1
+ [![Build Status](https://travis-ci.org/codesthq/jwt-authorizer.svg?branch=master)](https://travis-ci.org/codesthq/jwt-authorizer) [![Test Coverage](https://api.codeclimate.com/v1/badges/5f975bb8720b7ee04326/test_coverage)](https://codeclimate.com/github/codesthq/jwt-authorizer/test_coverage) [![Maintainability](https://api.codeclimate.com/v1/badges/5f975bb8720b7ee04326/maintainability)](https://codeclimate.com/github/codesthq/jwt-authorizer/maintainability)
2
+
3
+ # JWT::Authorizer
4
+
5
+ `JWT::Authorizer` makes authorization with [JWT tokens](https://jwt.io/) simple. It allows creating and verifying JWT tokens according to rules (validations) set on specific `Authorizer` class.
6
+
7
+ ## Installation
8
+
9
+ Add this line to your application's Gemfile:
10
+
11
+ ```ruby
12
+ gem 'jwt-authorizer'
13
+ ```
14
+
15
+ And then execute:
16
+
17
+ $ bundle
18
+
19
+ Or install it yourself as:
20
+
21
+ $ gem install jwt-authorizer
22
+
23
+ ## Usage
24
+
25
+ ### Configuration
26
+
27
+ You can configure your `JWT::Authorizer` classes with `.configuration` and `.configure` options:
28
+
29
+ ```ruby
30
+ JWT::Authorizer.configuration
31
+
32
+ JWT::Authorizer.configure do |config|
33
+ config.expiry = 12 * 60 * 60
34
+ config.algorithm = "RS256"
35
+ config.secret = { private_key: nil, public_key: ENV["SECRET_KEY"] }
36
+ end
37
+ ```
38
+
39
+ `JWT::Authorizer` have following options available:
40
+
41
+ * `algorithm` - determines algorithm used on signing and verifying JWT tokens. Defaults to `"HS256"`.
42
+ * `secret` - for [`HMAC`](https://en.wikipedia.org/wiki/HMAC) algorithms it accepts simple `String` with symmetric key, for [`RSA`](https://en.wikipedia.org/wiki/RSA_(cryptosystem)) and [`ECDSA`](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm) it requires hash with `:private_key` and `:public_key` keys.
43
+ * `expiry` - sets default expiry for generated tokens. Defaults to 1 hour. It can be set to `nil` in order to not include `exp` claim in the token
44
+ * `issuer` - sets `iss` claim in the token. Defaults to `nil`.
45
+ * `allowed_issuers` - array of issuers that will be allowed on token verification. Defaults to empty array, tokens with any value in `iss` claim (and without this claim) will be valid. If array contains any elements, *only* listed issuers will be valid.
46
+
47
+ Default options can be overriden during instantiation of `JWT::Authorizer` classes:
48
+
49
+ ```ruby
50
+ JWT::Authorizer.configuration.expiry #=> 3600
51
+ JWT::Authorizer.new(expiry: 60).expiry #=> 60
52
+ ```
53
+
54
+ ### Generating tokens
55
+
56
+ To generate JWT token, create instance of `JWT::Authorizer` and call `#build` method. It accepts hash of additional claims you want in your token.
57
+
58
+ ```ruby
59
+ JWT::Authorizer.configuration.secret = "hmac"
60
+ JWT::Authorizer.new.build(level: :admin)
61
+ #=> "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MjAyODQ3MTcsImxldmVsIjoiYWRtaW4ifQ.nHRIBBjzteHuzygij-BlfXx3YIvfeO39Qh84hq729KQ"
62
+ ```
63
+
64
+ ### Verifying tokens
65
+
66
+ To verify token, use `JWT::Authorizer#verify` method.
67
+
68
+ ```ruby
69
+ JWT::Authorizer.configuration.secret = "hmac"
70
+ token = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MjAyODUwMzd9.CO8K_mqXCZfu8W12tpYcBo1WyrLZAmEMmr8R-HM3a5E"
71
+ JWT::Authorizer.new.verify(token)
72
+ #=> [{"exp"=>1520285037}, {"alg"=>"HS256"}]
73
+ JWT::Authorizer.new.verify(nil)
74
+ # JWT::DecodeError: Nil JSON web token
75
+ JWT::Authorizer.new.verify("eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjB9.nooope")
76
+ # JWT::VerificationError: Signature verification raised
77
+ ```
78
+
79
+ ### Validators
80
+
81
+ You can use validators to verify non-standard claims.
82
+
83
+ ```ruby
84
+ class AdminAuthorizer < JWT::Authorizer
85
+ validate :level, required: true do |value, _context|
86
+ raise JWT::DecodeError, "Level must be admin" unless value == "admin"
87
+ end
88
+ end
89
+
90
+ valid_token = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MjAyODUzMzksImxldmVsIjoiYWRtaW4ifQ.OeIPSbtqlmcSJ1tUkLb7HhhMSlcAXKkrZhSOhgvYRHE"
91
+ AdminAuthorizer.new.verify(valid_token)
92
+ # [{"exp"=>1520285339, "level"=>"admin"}, {"alg"=>"HS256"}]
93
+ missing_claim = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MjAyODUzODd9.ncXmy81O64OjLNP4eCdAyVklAfGqdYiWp0K6FoI1pec"
94
+ AdminAuthorizer.new.verify(missing_claim)
95
+ # JWT::Authorizer::MissingClaim: Token is missing required claim: level
96
+ invalid_value = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MjAyODU0MzQsImxldmVsIjoicmVndWxhciJ9.z16nhJcOpRJmDZdkrDrdo1TetQ9YZpYiQmBdc53lnV0"
97
+ AdminAuthorizer.new.verify(invalid_value)
98
+ # JWT::DecodeError: Level must be admin
99
+ ```
100
+
101
+ `required` option is by default set to `false`. If set to `true`, given claim *must* be present in verified token.
102
+
103
+ You can pass additional context to validators:
104
+
105
+ ```ruby
106
+ class AdminAuthorizer < JWT::Authorizer
107
+ validate :path do |value, rack_request|
108
+ raise JWT::DecodeError, "invalid path" unless value == rack_request.path
109
+ end
110
+ end
111
+
112
+ AdminAuthorizer.new.verify(token, rack_request)
113
+ ```
114
+
115
+ See [`JWT::RequestAuthorizer`](lib/jwt/request_authorizer.rb) and it's [spec](spec/jwt/request_authorizer_spec.rb) for examples.
116
+
117
+ ## Development
118
+
119
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
120
+
121
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
122
+
123
+ ## Contributing
124
+
125
+ Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/jwt-authorizer. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
126
+
127
+ ## License
128
+
129
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
130
+
131
+ ## Code of Conduct
132
+
133
+ Everyone interacting in the JWT::Authorizer project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/jwt-authorizer/blob/master/CODE_OF_CONDUCT.md).
data/Rakefile ADDED
@@ -0,0 +1,8 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "bundler/gem_tasks"
4
+ require "rspec/core/rake_task"
5
+
6
+ RSpec::Core::RakeTask.new(:spec)
7
+
8
+ task default: :spec
data/bin/console ADDED
@@ -0,0 +1,11 @@
1
+ #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
3
+
4
+ require "bundler/setup"
5
+ require "jwt/authorizer"
6
+
7
+ # You can add fixtures and/or initialization code here to make experimenting
8
+ # with your gem easier. You can also use a different console, if you like.
9
+
10
+ require "pry"
11
+ Pry.start
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,31 @@
1
+ # frozen_string_literal: true
2
+
3
+ lib = File.expand_path("lib", __dir__)
4
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
+ require "jwt/authorizer/version"
6
+
7
+ Gem::Specification.new do |spec|
8
+ spec.name = "jwt-authorizer"
9
+ spec.version = JWT::Authorizer::VERSION
10
+ spec.authors = ["Michał Begejowicz"]
11
+ spec.email = ["michal.begejowicz@codesthq.com"]
12
+
13
+ spec.summary = "Authorization of requests for microservices based on JWT"
14
+ spec.description = "Authorization of requests for microservices based on JWT"
15
+ spec.homepage = "https://github.com/codesthq/jwt-authorizer"
16
+ spec.license = "MIT"
17
+
18
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^spec/}) }
19
+ spec.require_paths = ["lib"]
20
+
21
+ spec.add_dependency "jwt", "~> 2.1"
22
+
23
+ spec.add_development_dependency "bundler", "~> 1.16"
24
+ spec.add_development_dependency "pry", "~> 0.11"
25
+ spec.add_development_dependency "rack", "~> 2.0"
26
+ spec.add_development_dependency "rake", "~> 12.0"
27
+ spec.add_development_dependency "rspec", "~> 3.0"
28
+ spec.add_development_dependency "rubocop", "~> 0.53"
29
+ spec.add_development_dependency "simplecov", "~> 0.15"
30
+ spec.add_development_dependency "timecop", "~> 0.9"
31
+ end
@@ -0,0 +1,21 @@
1
+ # frozen_string_literal: true
2
+
3
+ module JWT
4
+ class Authorizer
5
+ module Builder
6
+ def build(claims = {})
7
+ payload = default_claims.merge!(claims)
8
+ JWT.encode payload, secret[:private], algorithm
9
+ end
10
+
11
+ private
12
+
13
+ def default_claims
14
+ {}.tap do |result|
15
+ result[:exp] = (Time.now + expiry).to_i if expiry
16
+ result[:iss] = issuer if issuer
17
+ end
18
+ end
19
+ end
20
+ end
21
+ end
@@ -0,0 +1,32 @@
1
+ # frozen_string_literal: true
2
+
3
+ module JWT
4
+ class Authorizer
5
+ class MissingClaim < StandardError
6
+ attr_reader :claim
7
+
8
+ def initialize(claim)
9
+ @claim = claim
10
+ super("Token is missing required claim: #{claim}")
11
+ end
12
+ end
13
+
14
+ class ClaimValidator
15
+ attr_reader :name, :required, :verifier
16
+
17
+ def initialize(name:, required: false, &block)
18
+ @name = name.to_s
19
+ @required = required
20
+ @verifier = block
21
+ end
22
+
23
+ def validate(token, context)
24
+ value = token.dig(0, name)
25
+ raise MissingClaim, name if required && !value
26
+ return unless value
27
+
28
+ verifier.call(value, context)
29
+ end
30
+ end
31
+ end
32
+ end
@@ -0,0 +1,38 @@
1
+ # frozen_string_literal: true
2
+
3
+ module JWT
4
+ class Authorizer
5
+ module Configurable
6
+ def self.included(base)
7
+ base.extend(ClassMethods)
8
+ base.extend(Forwardable)
9
+ base.delegate %i[algorithm secret expiry issuer allowed_issuers] => :@config
10
+ end
11
+
12
+ def initialize(**options)
13
+ @config = self.class.configuration.dup.merge(options)
14
+ end
15
+
16
+ module ClassMethods
17
+ def inherited(subclass)
18
+ subclass.instance_variable_set("@configuration", configuration.dup)
19
+ super
20
+ end
21
+
22
+ def configuration
23
+ @configuration ||= Configuration.new
24
+ end
25
+
26
+ def configure
27
+ yield configuration
28
+ configuration
29
+ end
30
+
31
+ def new(*args)
32
+ configuration.freeze unless configuration.frozen?
33
+ super
34
+ end
35
+ end
36
+ end
37
+ end
38
+ end
@@ -0,0 +1,77 @@
1
+ # frozen_string_literal: true
2
+
3
+ module JWT
4
+ class Authorizer
5
+ class Configuration
6
+ ATTRIBUTES = %i[algorithm secret expiry issuer allowed_issuers].freeze
7
+
8
+ ALGORITHMS = {
9
+ "HS256" => :hmac, "HS512256" => :hmac, "HS384" => :hmac, "HS512" => :hmac,
10
+ "RS256" => :rsa, "RS384" => :rsa, "RS512" => :rsa,
11
+ "ES256" => :ecdsa, "ES384" => :ecdsa, "ES512" => :ecdsa
12
+ }.freeze
13
+
14
+ def initialize
15
+ @algorithm = "HS256"
16
+ @expiry = 60 * 60
17
+ @allowed_issuers = []
18
+ end
19
+
20
+ attr_accessor :expiry, :allowed_issuers, :issuer
21
+ attr_reader :secret, :algorithm
22
+
23
+ def algorithm=(value)
24
+ assert_algorithm_valid(value)
25
+ @algorithm = value.to_s
26
+ end
27
+
28
+ def secret=(hmac_key = nil, private_key: nil, public_key: nil)
29
+ @secret = case algorithm_type
30
+ when :hmac
31
+ { private: hmac_key, public: hmac_key }
32
+ else
33
+ { private: private_key, public: public_key }
34
+ end
35
+ end
36
+
37
+ def algorithm_type
38
+ ALGORITHMS[algorithm]
39
+ end
40
+
41
+ def to_h
42
+ ATTRIBUTES.each_with_object({}) { |attribute, hash| hash[attribute] = send(attribute) }
43
+ end
44
+
45
+ def merge(options)
46
+ unpermitted_options = options.keys.map(&:to_sym) - ATTRIBUTES
47
+ raise ArgumentError, "Unpermitted options: #{unpermitted_options.join(', ')}" if unpermitted_options.any?
48
+
49
+ options.each do |key, value|
50
+ send("#{key}=", value)
51
+ end
52
+
53
+ self
54
+ end
55
+
56
+ def dup
57
+ super.tap do |new_config|
58
+ new_config.instance_variable_set("@allowed_issuers", allowed_issuers.dup)
59
+ new_config.instance_variable_set("@secret", secret.dup)
60
+ end
61
+ end
62
+
63
+ def freeze
64
+ super
65
+ allowed_issuers.freeze
66
+ secret.freeze
67
+ end
68
+
69
+ private
70
+
71
+ def assert_algorithm_valid(algorithm)
72
+ return if ALGORITHMS.key?(algorithm.to_s)
73
+ raise ArgumentError, "Unknown algorithm: #{algorithm}. Should be one of: #{ALGORITHMS.keys.join(', ')}"
74
+ end
75
+ end
76
+ end
77
+ end
@@ -0,0 +1,40 @@
1
+ # frozen_string_literal: true
2
+
3
+ module JWT
4
+ class Authorizer
5
+ module Validation
6
+ def self.included(base)
7
+ base.extend(ClassMethods)
8
+ end
9
+
10
+ def verify(token, context = nil)
11
+ super(token).tap do |decoded|
12
+ validate_token(decoded, context)
13
+ end
14
+ end
15
+
16
+ private
17
+
18
+ def validate_token(token, context)
19
+ self.class.validators.each do |validator|
20
+ validator.validate(token, context)
21
+ end
22
+ end
23
+
24
+ module ClassMethods
25
+ def inherited(subclass)
26
+ subclass.instance_variable_set("@validators", validators.dup)
27
+ super
28
+ end
29
+
30
+ def validators
31
+ @validators ||= []
32
+ end
33
+
34
+ def validate(claim_name, required: false, &block)
35
+ validators << ClaimValidator.new(name: claim_name, required: required, &block)
36
+ end
37
+ end
38
+ end
39
+ end
40
+ end
@@ -0,0 +1,23 @@
1
+ # frozen_string_literal: true
2
+
3
+ module JWT
4
+ class Authorizer
5
+ module Verifier
6
+ def verify(token)
7
+ JWT.decode token, secret[:public], true, decode_options
8
+ end
9
+
10
+ private
11
+
12
+ def decode_options
13
+ {}.tap do |result|
14
+ if allowed_issuers.any?
15
+ result[:iss] = allowed_issuers
16
+ result[:verify_iss] = true
17
+ end
18
+ result[:algorithm] = algorithm
19
+ end
20
+ end
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,7 @@
1
+ # frozen_string_literal: true
2
+
3
+ module JWT
4
+ class Authorizer
5
+ VERSION = "1.0.0.beta1"
6
+ end
7
+ end
@@ -0,0 +1,23 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "jwt/authorizer/version"
4
+ require "jwt"
5
+
6
+ require "jwt/authorizer/builder"
7
+ require "jwt/authorizer/configuration"
8
+ require "jwt/authorizer/configurable"
9
+ require "jwt/authorizer/verifier"
10
+
11
+ require "jwt/authorizer/claim_validator"
12
+ require "jwt/authorizer/validation"
13
+
14
+ module JWT
15
+ class Authorizer
16
+ include Configurable
17
+ include Builder
18
+ include Verifier
19
+ include Validation
20
+ end
21
+ end
22
+
23
+ require "jwt/request_authorizer"
@@ -0,0 +1,27 @@
1
+ # frozen_string_literal: true
2
+
3
+ module JWT
4
+ class RequestAuthorizer < Authorizer
5
+ class << self
6
+ attr_writer :token_extractor
7
+
8
+ def token_extractor
9
+ @token_extractor ||= proc { |req| req.env["X-Auth-Token"] || req.params["_t"] }
10
+ end
11
+ end
12
+
13
+ validate :path, required: true do |value, rack_req|
14
+ raise JWT::DecodeError, "Unexpected path: #{value}" unless value == rack_req.path
15
+ end
16
+
17
+ validate :verb, required: true do |value, rack_req|
18
+ raise JWT::DecodeError, "Unexpected request method: #{value}" unless value.to_s.upcase == rack_req.request_method
19
+ end
20
+
21
+ def verify(rack_request)
22
+ token = self.class.token_extractor.call(rack_request)
23
+
24
+ super(token, rack_request)
25
+ end
26
+ end
27
+ end
metadata ADDED
@@ -0,0 +1,194 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: jwt-authorizer
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.0.beta1
5
+ platform: ruby
6
+ authors:
7
+ - Michał Begejowicz
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2018-03-06 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: jwt
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.1'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.1'
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.16'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.16'
41
+ - !ruby/object:Gem::Dependency
42
+ name: pry
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '0.11'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '0.11'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rack
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '2.0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '2.0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rake
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '12.0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '12.0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: rspec
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '3.0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '3.0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: rubocop
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: '0.53'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '0.53'
111
+ - !ruby/object:Gem::Dependency
112
+ name: simplecov
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - "~>"
116
+ - !ruby/object:Gem::Version
117
+ version: '0.15'
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - "~>"
123
+ - !ruby/object:Gem::Version
124
+ version: '0.15'
125
+ - !ruby/object:Gem::Dependency
126
+ name: timecop
127
+ requirement: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - "~>"
130
+ - !ruby/object:Gem::Version
131
+ version: '0.9'
132
+ type: :development
133
+ prerelease: false
134
+ version_requirements: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - "~>"
137
+ - !ruby/object:Gem::Version
138
+ version: '0.9'
139
+ description: Authorization of requests for microservices based on JWT
140
+ email:
141
+ - michal.begejowicz@codesthq.com
142
+ executables: []
143
+ extensions: []
144
+ extra_rdoc_files: []
145
+ files:
146
+ - ".codeclimate.yml"
147
+ - ".gitignore"
148
+ - ".rspec"
149
+ - ".rubocop.yml"
150
+ - ".travis.yml"
151
+ - CHANGELOG.md
152
+ - CODE_OF_CONDUCT.md
153
+ - Gemfile
154
+ - Gemfile.lock
155
+ - LICENSE.txt
156
+ - README.md
157
+ - Rakefile
158
+ - bin/console
159
+ - bin/setup
160
+ - jwt-authorizer.gemspec
161
+ - lib/jwt/authorizer.rb
162
+ - lib/jwt/authorizer/builder.rb
163
+ - lib/jwt/authorizer/claim_validator.rb
164
+ - lib/jwt/authorizer/configurable.rb
165
+ - lib/jwt/authorizer/configuration.rb
166
+ - lib/jwt/authorizer/validation.rb
167
+ - lib/jwt/authorizer/verifier.rb
168
+ - lib/jwt/authorizer/version.rb
169
+ - lib/jwt/request_authorizer.rb
170
+ homepage: https://github.com/codesthq/jwt-authorizer
171
+ licenses:
172
+ - MIT
173
+ metadata: {}
174
+ post_install_message:
175
+ rdoc_options: []
176
+ require_paths:
177
+ - lib
178
+ required_ruby_version: !ruby/object:Gem::Requirement
179
+ requirements:
180
+ - - ">="
181
+ - !ruby/object:Gem::Version
182
+ version: '0'
183
+ required_rubygems_version: !ruby/object:Gem::Requirement
184
+ requirements:
185
+ - - ">"
186
+ - !ruby/object:Gem::Version
187
+ version: 1.3.1
188
+ requirements: []
189
+ rubyforge_project:
190
+ rubygems_version: 2.7.3
191
+ signing_key:
192
+ specification_version: 4
193
+ summary: Authorization of requests for microservices based on JWT
194
+ test_files: []