jwtauth 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/bin/jwtauth +4 -0
- data/lib/jwtauth/introduction.rb +18 -0
- data/lib/jwtauth/user.rb +11 -0
- data/lib/jwtauth.rb +160 -0
- metadata +62 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 5fc65225671b2d557630b80c4f2d576d446247ee
|
4
|
+
data.tar.gz: 76a714b5f6158b60a34c09b14b0bee6b3c5f6fa7
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: f68598055d510df2381f0673cf256119a236e719d5f200ed3bd9ad85825753a63ae2c0e70c46b13fe04559cf115e0c7b615d8a56aca0b015a42dd2975b14f5d5
|
7
|
+
data.tar.gz: 1d3ab2b18156e18aae99b96669f383faf66f097b16ae7ae6d0dcacffd3ce94d6b903457c2147541cdee68f61dfd4803b437f994db3e3ce7eb3740f11b3b89634
|
data/bin/jwtauth
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
module Jwtauth
|
2
|
+
class Introduction
|
3
|
+
class << self
|
4
|
+
# Say hi to you & talk about gem!
|
5
|
+
#
|
6
|
+
# Example:
|
7
|
+
# >> Introduction.about("spanish")
|
8
|
+
# => hello spanish
|
9
|
+
#
|
10
|
+
# Arguments:
|
11
|
+
# yourname: (String)
|
12
|
+
|
13
|
+
def about yourname
|
14
|
+
"hello #{yourname}. This is a library for jwt auth"
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
data/lib/jwtauth/user.rb
ADDED
data/lib/jwtauth.rb
ADDED
@@ -0,0 +1,160 @@
|
|
1
|
+
require 'jwt'
|
2
|
+
|
3
|
+
module Jwtauth
|
4
|
+
autoload :Introduction, 'jwtauth/introduction'
|
5
|
+
autoload :User, 'jwtauth/user'
|
6
|
+
|
7
|
+
# Entity represent for current session
|
8
|
+
# mattr_accessor :session_entity
|
9
|
+
@@session_entity = Jwtauth::User
|
10
|
+
|
11
|
+
# Read file contain public key used when decoding jwt.
|
12
|
+
# mattr_accessor :jwt_rsa_pub
|
13
|
+
@@jwt_rsa_pub = nil
|
14
|
+
|
15
|
+
# Define authservice path for get session (jwt)
|
16
|
+
# mattr_accessor :session_path
|
17
|
+
@@session_path = nil
|
18
|
+
|
19
|
+
# Algorithm, JWT use to encode
|
20
|
+
# mattr_accessor :algorithm
|
21
|
+
@@algorithm = 'RS256'
|
22
|
+
|
23
|
+
# Default way to set up Jwtauth.
|
24
|
+
# a fresh initializer with all configuration values.
|
25
|
+
def self.setup
|
26
|
+
yield self
|
27
|
+
end
|
28
|
+
|
29
|
+
def self.session_entity
|
30
|
+
@@session_entity
|
31
|
+
end
|
32
|
+
|
33
|
+
def self.session_entity=(session_entity)
|
34
|
+
@@session_entity = session_entity
|
35
|
+
end
|
36
|
+
|
37
|
+
def self.jwt_rsa_pub
|
38
|
+
@@jwt_rsa_pub
|
39
|
+
end
|
40
|
+
|
41
|
+
def self.jwt_rsa_pub=(jwt_rsa_pub)
|
42
|
+
@@jwt_rsa_pub = jwt_rsa_pub
|
43
|
+
end
|
44
|
+
|
45
|
+
def self.session_path
|
46
|
+
@@session_path
|
47
|
+
end
|
48
|
+
|
49
|
+
def self.session_path=(session_path)
|
50
|
+
@@session_path = session_path
|
51
|
+
end
|
52
|
+
|
53
|
+
def self.algorithm
|
54
|
+
@@algorithm
|
55
|
+
end
|
56
|
+
|
57
|
+
def self.algorithm=(algorithm)
|
58
|
+
@@algorithm = algorithm
|
59
|
+
end
|
60
|
+
|
61
|
+
# Define abstract class error of when call authservice
|
62
|
+
class AuthorizedError < StandardError; end
|
63
|
+
class SocketError < AuthorizedError; end
|
64
|
+
class UnauthorizedError < AuthorizedError; end
|
65
|
+
class ExpiredError < AuthorizedError; end
|
66
|
+
|
67
|
+
class Session
|
68
|
+
class << self
|
69
|
+
def jwt_decode token
|
70
|
+
JWT.decode token, Jwtauth.jwt_rsa_pub, true, { algorithm: Jwtauth.algorithm }
|
71
|
+
end
|
72
|
+
|
73
|
+
# begin
|
74
|
+
# decoded_token = JWT.decode token, hmac_secret, true, { :algorithm => 'HS256' }
|
75
|
+
# rescue JWT::ExpiredSignature
|
76
|
+
# # Handle expired token, e.g. logout user or deny access
|
77
|
+
# end
|
78
|
+
def expjwt_decode token
|
79
|
+
JWT.decode token, Jwtauth.jwt_rsa_pub, true, { algorithm: Jwtauth.algorithm }
|
80
|
+
end
|
81
|
+
|
82
|
+
def getjwt origin_request
|
83
|
+
uri = URI(Jwtauth.session_path)
|
84
|
+
|
85
|
+
uri.query = CGI.unescape({
|
86
|
+
'uid' => origin_request.headers['uid'],
|
87
|
+
'client' => origin_request.headers['client'],
|
88
|
+
'access-token' => origin_request.headers['access-token'],}.to_query)
|
89
|
+
|
90
|
+
Net::HTTP.start(uri.host, uri.port,
|
91
|
+
:use_ssl => uri.scheme == 'https') do |http|
|
92
|
+
request = Net::HTTP::Get.new uri
|
93
|
+
|
94
|
+
response = http.request request
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
module Controller
|
101
|
+
# Authorize user
|
102
|
+
def authorize_user!
|
103
|
+
begin
|
104
|
+
res = Jwtauth::Session.getjwt(request)
|
105
|
+
rescue Exception => e
|
106
|
+
raise Jwtauth::SocketError, "authservice not available"
|
107
|
+
end
|
108
|
+
|
109
|
+
case res
|
110
|
+
when Net::HTTPSuccess
|
111
|
+
begin
|
112
|
+
payload = Jwtauth::Session.expjwt_decode(JSON.parse(res.body)['jwt'])
|
113
|
+
|
114
|
+
if logger && payload[1] && payload[1]["alg"] != Jwtauth.algorithm
|
115
|
+
logger.warn "Algorithm #{Jwtauth.algorithm} is required (payload has #{payload[1]["alg"]})"
|
116
|
+
end
|
117
|
+
|
118
|
+
raise Jwtauth::ExpiredError, "session expired" if Time.now.to_i > payload[0]['exp']
|
119
|
+
|
120
|
+
# Assign current session of user request
|
121
|
+
@current_user = Jwtauth.session_entity.new(payload[0]['data'])
|
122
|
+
rescue Exception => e
|
123
|
+
raise Jwtauth::AuthorizedError, "payload authorized errors"
|
124
|
+
end
|
125
|
+
when Net::HTTPUnauthorized
|
126
|
+
raise Jwtauth::UnauthorizedError, "You need to sign in or sign up before continuing."
|
127
|
+
else
|
128
|
+
raise Jwtauth::AuthorizedError, "authorized errors"
|
129
|
+
end
|
130
|
+
end
|
131
|
+
|
132
|
+
# Handle for user not authorized
|
133
|
+
def user_not_authorized(exception)
|
134
|
+
status = :forbidden
|
135
|
+
|
136
|
+
case exception
|
137
|
+
when Jwtauth::UnauthorizedError
|
138
|
+
status = :unauthorized
|
139
|
+
when Jwtauth::ExpiredError
|
140
|
+
status = :request_timeout
|
141
|
+
when Jwtauth::SocketError
|
142
|
+
status = :internal_server_error
|
143
|
+
end
|
144
|
+
|
145
|
+
render json: {errors: [exception.message]}, status: status
|
146
|
+
end
|
147
|
+
|
148
|
+
def self.included(base)
|
149
|
+
base.extend ClassMethods
|
150
|
+
|
151
|
+
base.class_eval do
|
152
|
+
attr_reader :current_user
|
153
|
+
rescue_from Jwtauth::AuthorizedError, with: :user_not_authorized
|
154
|
+
end
|
155
|
+
end
|
156
|
+
|
157
|
+
module ClassMethods
|
158
|
+
end
|
159
|
+
end
|
160
|
+
end
|
metadata
ADDED
@@ -0,0 +1,62 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: jwtauth
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.2.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Dieu Pham
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2017-08-21 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: jwt
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 1.5.6
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 1.5.6
|
27
|
+
description: A simple concern in controller for jwt authorization
|
28
|
+
email: dieupv@topica.edu.vn
|
29
|
+
executables:
|
30
|
+
- jwtauth
|
31
|
+
extensions: []
|
32
|
+
extra_rdoc_files: []
|
33
|
+
files:
|
34
|
+
- bin/jwtauth
|
35
|
+
- lib/jwtauth.rb
|
36
|
+
- lib/jwtauth/introduction.rb
|
37
|
+
- lib/jwtauth/user.rb
|
38
|
+
homepage: http://rubygems.org/gems/jwtauth
|
39
|
+
licenses:
|
40
|
+
- MIT
|
41
|
+
metadata: {}
|
42
|
+
post_install_message:
|
43
|
+
rdoc_options: []
|
44
|
+
require_paths:
|
45
|
+
- lib
|
46
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
47
|
+
requirements:
|
48
|
+
- - ">="
|
49
|
+
- !ruby/object:Gem::Version
|
50
|
+
version: '0'
|
51
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
52
|
+
requirements:
|
53
|
+
- - ">="
|
54
|
+
- !ruby/object:Gem::Version
|
55
|
+
version: '0'
|
56
|
+
requirements: []
|
57
|
+
rubyforge_project:
|
58
|
+
rubygems_version: 2.6.8
|
59
|
+
signing_key:
|
60
|
+
specification_version: 4
|
61
|
+
summary: Jwt Authorization Service
|
62
|
+
test_files: []
|