RubyGems - leash-sdk - Versions diffs - 0.2.1 → 0.3.0 - Mend

leash-sdk 0.2.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 326ce87e27b0aec22d2cf9175c3ed7b170b493a7e7eb86b55fc115806b5c84a1
-  data.tar.gz: a4cced54f08f447c0dc703524c6ce84fcd07173f685f6a8ee0e76dc3dda1065a
+  metadata.gz: 43e34f3d6e756f73f7612d2386e8e8db0b8db9ebcd02497e840617d5136ee83c
+  data.tar.gz: b8065f2e37c1218b01c0dd88ef363694762359338167d9e2defa232976efe2d9
 SHA512:
-  metadata.gz: fba497998357aaaa579aec3d3c3539f73c1a2871b8dfc9922dc9ce7e7d238f3587bd12c4a6ccf50e0cf9a149e1926915218aa270f775091d39cb6c2d9025d059
-  data.tar.gz: db78fcf8d0e38fc9f575dc03d0612d2e3ce228dbc0869e23d609e18604f1b634929e3215ac66c480f0730c50e2c8c666203b67eb31dd960d461eadb7ccc66a03
+  metadata.gz: cfedee526258e982cf6220618965ac55d7adfcb054ea325510ef74d174765eb956cb8e2eeefcb031ce02af5d8645cf239b9de61f23995cad5ae60139d97b74b3
+  data.tar.gz: a6693f07510e34bd6f39fe4c0d3815a0266088b8cc7c8609d6075f4624be27f0d989384274efb2bf658ac60b3f42b33d2b5962f0550f6599f1787c40169e1e47

data/leash-sdk.gemspec CHANGED Viewed

@@ -21,5 +21,5 @@ Gem::Specification.new do |spec|
   spec.files = Dir["lib/**/*.rb"] + ["leash-sdk.gemspec", "Gemfile", "README.md", "LICENSE"]
   spec.require_paths = ["lib"]
-  # No runtime dependencies -- stdlib only (net/http, json, uri).
+  spec.add_dependency "jwt", ">= 2.7"
 end

data/lib/leash/auth.rb ADDED Viewed

@@ -0,0 +1,141 @@
+# frozen_string_literal: true
+require "jwt"
+require_relative "errors"
+module Leash
+  # Raised when authentication fails (missing cookie, invalid/expired token, etc.)
+  class AuthError < Error
+    def initialize(message = "Authentication failed")
+      super(message, code: "auth_error")
+    end
+  end
+  # Simple value object representing an authenticated Leash user.
+  class User
+    attr_reader :id, :email, :name, :picture
+    # @param id [String]
+    # @param email [String]
+    # @param name [String, nil]
+    # @param picture [String, nil]
+    def initialize(id:, email:, name: nil, picture: nil)
+      @id = id
+      @email = email
+      @name = name
+      @picture = picture
+    end
+    def ==(other)
+      other.is_a?(User) &&
+        id == other.id &&
+        email == other.email &&
+        name == other.name &&
+        picture == other.picture
+    end
+  end
+  # Framework-agnostic server auth helper.
+  #
+  # Works with any request object that exposes either:
+  #   - request.cookies (Hash) — Rack / Rails / Sinatra
+  #   - request.env['HTTP_COOKIE'] or request.get_header('HTTP_COOKIE') — raw Rack env
+  #
+  # Does NOT require rails, sinatra, or rack.
+  module Auth
+    COOKIE_NAME = "leash-auth"
+    module_function
+    # Read the leash-auth JWT from the request, decode it, and return a {Leash::User}.
+    #
+    # @param request [#cookies, #env, #get_header] any Rack-like request object
+    # @return [Leash::User]
+    # @raise [Leash::AuthError] when the cookie is missing or the token is invalid/expired
+    def get_user(request)
+      token = extract_token(request)
+      raise AuthError, "Missing leash-auth cookie" if token.nil? || token.empty?
+      payload = decode_token(token)
+      build_user(payload)
+    end
+    # Check whether the request carries a valid leash-auth cookie.
+    #
+    # @param request [#cookies, #env, #get_header]
+    # @return [Boolean]
+    def authenticated?(request)
+      get_user(request)
+      true
+    rescue AuthError
+      false
+    end
+    # @api private
+    def extract_token(request)
+      # Strategy 1: request.cookies hash (Rack / Rails / Sinatra)
+      if request.respond_to?(:cookies)
+        cookies = request.cookies
+        if cookies.is_a?(Hash)
+          value = cookies[COOKIE_NAME] || cookies[COOKIE_NAME.to_sym]
+          return value if value
+        end
+      end
+      # Strategy 2: raw Cookie header from env or get_header
+      raw = nil
+      if request.respond_to?(:env) && request.env.is_a?(Hash)
+        raw = request.env["HTTP_COOKIE"]
+      end
+      if raw.nil? && request.respond_to?(:get_header)
+        begin
+          raw = request.get_header("HTTP_COOKIE")
+        rescue StandardError
+          nil
+        end
+      end
+      parse_cookie_header(raw) if raw
+    end
+    # @api private
+    def parse_cookie_header(header)
+      return nil if header.nil?
+      header.split(";").each do |pair|
+        key, value = pair.strip.split("=", 2)
+        return value if key == COOKIE_NAME
+      end
+      nil
+    end
+    # @api private
+    def decode_token(token)
+      secret = ENV["LEASH_JWT_SECRET"]
+      if secret && !secret.empty?
+        decoded = JWT.decode(token, secret, true, algorithms: ["HS256"])
+      else
+        decoded = JWT.decode(token, nil, false)
+      end
+      decoded.first
+    rescue JWT::ExpiredSignature
+      raise AuthError, "Token has expired"
+    rescue JWT::DecodeError => e
+      raise AuthError, "Invalid token: #{e.message}"
+    end
+    # @api private
+    def build_user(payload)
+      id = payload["id"] || payload["sub"]
+      email = payload["email"]
+      raise AuthError, "Token payload missing required fields (id/sub, email)" unless id && email
+      User.new(
+        id: id,
+        email: email,
+        name: payload["name"],
+        picture: payload["picture"]
+      )
+    end
+  end
+end

data/lib/leash.rb CHANGED Viewed

@@ -1,7 +1,8 @@
 # frozen_string_literal: true
 require_relative "leash/integrations"
+require_relative "leash/auth"
 module Leash
-  VERSION = "0.2.1"
+  VERSION = "0.3.0"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: leash-sdk
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Leash
@@ -9,7 +9,21 @@ autorequire:
 bindir: bin
 cert_chain: []
 date: 2026-04-19 00:00:00.000000000 Z
-dependencies: []
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.7'
 description: Access Gmail, Google Calendar, Google Drive, and more through the Leash
   platform proxy. No API keys needed -- uses your Leash auth token.
 email:
@@ -23,6 +37,7 @@ files:
 - README.md
 - leash-sdk.gemspec
 - lib/leash.rb
+- lib/leash/auth.rb
 - lib/leash/calendar.rb
 - lib/leash/custom_integration.rb
 - lib/leash/drive.rb