jwtauth 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 5fc65225671b2d557630b80c4f2d576d446247ee
+  data.tar.gz: 76a714b5f6158b60a34c09b14b0bee6b3c5f6fa7
+SHA512:
+  metadata.gz: f68598055d510df2381f0673cf256119a236e719d5f200ed3bd9ad85825753a63ae2c0e70c46b13fe04559cf115e0c7b615d8a56aca0b015a42dd2975b14f5d5
+  data.tar.gz: 1d3ab2b18156e18aae99b96669f383faf66f097b16ae7ae6d0dcacffd3ce94d6b903457c2147541cdee68f61dfd4803b437f994db3e3ce7eb3740f11b3b89634

data/bin/jwtauth

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+
+require 'jwtauth'
+puts Jwtauth::Introduction.about(ARGV[0])

data/lib/jwtauth/introduction.rb

@@ -0,0 +1,18 @@
+module Jwtauth
+  class Introduction
+    class << self
+      # Say hi to you & talk about gem!
+      #
+      # Example:
+      #   >> Introduction.about("spanish")
+      #   => hello spanish
+      #
+      # Arguments:
+      #   yourname: (String)
+
+      def about yourname
+        "hello #{yourname}. This is a library for jwt auth"
+      end
+    end
+  end
+end

data/lib/jwtauth/user.rb

@@ -0,0 +1,11 @@
+module Jwtauth
+  class User
+    attr_reader :id, :uid, :role
+
+    def initialize attrs
+      @id = attrs['id']
+      @uid = attrs['uid']
+      @role = attrs['role']
+    end
+  end
+end

data/lib/jwtauth.rb

@@ -0,0 +1,160 @@
+require 'jwt'
+
+module Jwtauth
+  autoload :Introduction, 'jwtauth/introduction'
+  autoload :User, 'jwtauth/user'
+
+  # Entity represent for current session
+  # mattr_accessor :session_entity
+  @@session_entity = Jwtauth::User
+
+  # Read file contain public key used when decoding jwt.
+  # mattr_accessor :jwt_rsa_pub
+  @@jwt_rsa_pub = nil
+
+  # Define authservice path for get session (jwt)
+  # mattr_accessor :session_path
+  @@session_path = nil
+
+  # Algorithm, JWT use to encode
+  # mattr_accessor :algorithm
+  @@algorithm = 'RS256'
+
+  # Default way to set up Jwtauth.
+  # a fresh initializer with all configuration values.
+  def self.setup
+    yield self
+  end
+
+  def self.session_entity
+    @@session_entity
+  end
+
+  def self.session_entity=(session_entity)
+    @@session_entity = session_entity
+  end
+
+  def self.jwt_rsa_pub
+    @@jwt_rsa_pub
+  end
+
+  def self.jwt_rsa_pub=(jwt_rsa_pub)
+    @@jwt_rsa_pub = jwt_rsa_pub
+  end
+
+  def self.session_path
+    @@session_path
+  end
+
+  def self.session_path=(session_path)
+    @@session_path = session_path
+  end
+
+  def self.algorithm
+    @@algorithm
+  end
+
+  def self.algorithm=(algorithm)
+    @@algorithm = algorithm
+  end
+
+  # Define abstract class error of when call authservice
+  class AuthorizedError < StandardError; end
+  class SocketError < AuthorizedError; end
+  class UnauthorizedError < AuthorizedError; end
+  class ExpiredError < AuthorizedError; end
+
+  class Session
+    class << self
+      def jwt_decode token
+        JWT.decode token, Jwtauth.jwt_rsa_pub, true, { algorithm: Jwtauth.algorithm }
+      end
+
+      # begin
+      #   decoded_token = JWT.decode token, hmac_secret, true, { :algorithm => 'HS256' }
+      # rescue JWT::ExpiredSignature
+      #   # Handle expired token, e.g. logout user or deny access
+      # end
+      def expjwt_decode token
+        JWT.decode token, Jwtauth.jwt_rsa_pub, true, { algorithm: Jwtauth.algorithm }
+      end
+
+      def getjwt origin_request
+        uri = URI(Jwtauth.session_path)
+
+        uri.query = CGI.unescape({
+          'uid' => origin_request.headers['uid'],
+          'client' => origin_request.headers['client'],
+          'access-token' => origin_request.headers['access-token'],}.to_query)
+
+        Net::HTTP.start(uri.host, uri.port,
+          :use_ssl => uri.scheme == 'https') do |http|
+          request = Net::HTTP::Get.new uri
+
+          response = http.request request
+        end
+      end
+    end
+  end
+
+  module Controller
+    # Authorize user
+    def authorize_user!
+      begin
+        res = Jwtauth::Session.getjwt(request)
+      rescue Exception => e
+        raise Jwtauth::SocketError, "authservice not available"
+      end
+
+      case res
+      when Net::HTTPSuccess
+        begin
+          payload = Jwtauth::Session.expjwt_decode(JSON.parse(res.body)['jwt'])
+
+          if logger && payload[1] && payload[1]["alg"] != Jwtauth.algorithm
+            logger.warn "Algorithm #{Jwtauth.algorithm} is required (payload has #{payload[1]["alg"]})"
+          end
+
+          raise Jwtauth::ExpiredError, "session expired" if Time.now.to_i > payload[0]['exp']
+
+          # Assign current session of user request
+          @current_user = Jwtauth.session_entity.new(payload[0]['data'])
+        rescue Exception => e
+          raise Jwtauth::AuthorizedError, "payload authorized errors"
+        end
+      when Net::HTTPUnauthorized
+        raise Jwtauth::UnauthorizedError, "You need to sign in or sign up before continuing."
+      else
+        raise Jwtauth::AuthorizedError, "authorized errors"
+      end
+    end
+
+    # Handle for user not authorized
+    def user_not_authorized(exception)
+      status = :forbidden
+
+      case exception
+      when Jwtauth::UnauthorizedError
+        status = :unauthorized
+      when Jwtauth::ExpiredError
+        status = :request_timeout
+      when Jwtauth::SocketError
+        status = :internal_server_error
+      end
+
+      render json: {errors: [exception.message]}, status: status
+    end
+
+    def self.included(base)
+      base.extend ClassMethods
+
+      base.class_eval do
+        attr_reader :current_user
+        rescue_from Jwtauth::AuthorizedError, with: :user_not_authorized
+      end
+    end
+
+    module ClassMethods
+    end
+  end
+end

metadata

@@ -0,0 +1,62 @@
+--- !ruby/object:Gem::Specification
+name: jwtauth
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+platform: ruby
+authors:
+- Dieu Pham
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-08-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.6
+description: A simple concern in controller for jwt authorization
+email: dieupv@topica.edu.vn
+executables:
+- jwtauth
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/jwtauth
+- lib/jwtauth.rb
+- lib/jwtauth/introduction.rb
+- lib/jwtauth/user.rb
+homepage: http://rubygems.org/gems/jwtauth
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.8
+signing_key: 
+specification_version: 4
+summary: Jwt Authorization Service
+test_files: []