matic-jwt 0.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8b624c9c52acaca45eb266a0330caad507b5c3c9703fcb2f72b5eafac1f93e0d
+  data.tar.gz: 02d5edd0582f0f74675b00e3bf90d0395d154d96eb970a9963af81d03cc64847
+SHA512:
+  metadata.gz: 85712bd024305d49c75278c0a88ccb555d0549a5c8463a676a1b8a0f1b8ca9c4010f0f5a88a6e61aa8d7e0c05ff1fdfcdeec0ad14cfcc6b978cf450489e63868
+  data.tar.gz: e387268e6733f484bb8d5385605161258af8ec678de1955b2f4d155d2921b18fd01df1c34f2a87f2694043c51529fd84b3bf696e072864ee8373a3576ffa92eb

data/.github/workflows/check.yml

@@ -0,0 +1,126 @@
+name: Check
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby: [ '3.1', '3.4' ]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: Run specs
+        env:
+          COVERAGE: true
+        run: bundle exec rspec
+
+#   release:
+#     runs-on: ubuntu-latest
+#     steps:
+#       - name: Checkout
+#         uses: actions/checkout@v4
+#       - name: Set up Ruby
+#         uses: ruby/setup-ruby@v1
+#         with:
+#           ruby-version: 3.1
+#           bundler-cache: true
+#       # - name: Set up credentials
+#       #   run: |
+#       #     mkdir -p $HOME/.gem
+#       #     touch $HOME/.gem/credentials
+#       #     chmod 0600 $HOME/.gem/credentials
+#       #     printf -- "---\n:rubygems_api_key: ${{secrets.RUBYGEMS_AUTH_TOKEN}}\n" > $HOME/.gem/credentials
+
+#       - name: Get version
+#         run: echo "${GITHUB_REF/refs\/tags\//}" > release.tag
+#       - name: Set version
+#         run: sed -i "s/0.0.0/$(<release.tag)/g" $(find . -name "version.rb")
+
+#       - name: Build gem
+#         run: gem build *.gemspec
+#   #     - name: Push gem
+#   #       run: gem push *.gem
+
+
+# # version: 2.1
+
+# # orbs:
+# #   ci: matic/orb-common@0.3
+# #   ruby: circleci/ruby@2.5.3
+
+
+# #   release:
+# #     parameters:
+# #       tag:
+# #         type: string
+# #         default: "default-tag"
+# #     docker:
+# #       - image: cimg/ruby:3.1.4
+# #     environment:
+# #       RELEASE_TAG: << parameters.tag >>
+# #     steps:
+# #       - run:
+# #           name: Checkout code via HTTPS
+# #           command: |
+# #             git clone https://${GITHUB_TOKEN}@github.com/matic-insurance/matic-jwt-wrapper.git .
+# #             git checkout ${RELEASE_TAG}
+# #       - ruby/install-deps
+# #       - run:
+# #           name: Set up credentials
+# #           command: |
+# #               mkdir -p $HOME/.gem
+# #               echo ":rubygems_api_key: ${RUBYGEMS_API_KEY}" >> ~/.gem/credentials
+# #               chmod 0600 $HOME/.gem/credentials
+# #       - run:
+# #           name: Debug credentials
+# #           command: |
+# #               echo "API key length: ${#RUBYGEMS_API_KEY}"
+# #               echo "Credentials file exists: $(ls -la $HOME/.gem/credentials || echo 'NOT FOUND')"
+# #               echo "Testing API key with current gem..."
+# #               curl -f -H "Authorization: $RUBYGEMS_API_KEY" https://rubygems.org/api/v1/gems/matic-jwt-wrapper.json && echo "API key can access gem" || echo "API key cannot access gem"
+# #       - run:
+# #           name: Set version
+# #           command: sed -i "s/[[:digit:]].[[:digit:]].[[:digit:]]/${RELEASE_TAG}/g" $(find . -name "version.rb")
+# #       - run:
+# #           name: Build gem
+# #           command: gem build *.gemspec
+# #       - run:
+# #           name: Push gem
+# #           command: gem push *.gem
+
+# # workflows:
+
+# #   matic-jwt-wrapper.build-pull-request:
+# #     when:
+# #       not:
+# #         equal: [ master, << pipeline.git.branch >> ]
+# #     jobs:
+
+# #       - release:
+# #           tag: "1.3.0"
+# #           context: gem-publishing
+
+
+# #   matic-jwt-wrapper.release:
+# #     jobs:
+
+# #       - release:
+# #           tag: << pipeline.git.tag >>
+# #           context: gem-publishing
+# #           filters:
+# #             branches:
+# #               ignore: /.*/
+# #             tags:
+# #               only: /\d\.\d\.\d/ # It should be [digin dot digit dot digit] format

data/.github/workflows/release.yml

@@ -0,0 +1,48 @@
+name: Release
+on:
+
+  # push:
+  #   tags:
+  #     - '*.*.*'
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.1
+          bundler-cache: true
+      - name: Set version
+        run: |
+          if [[ $GITHUB_REF == refs/tags/* ]]; then
+            VERSION=${GITHUB_REF#refs/tags/}
+            echo "Setting version to: $VERSION"
+            find . -name "version.rb" -exec sed -i "s|VERSION = ['\"]0\.0\.0['\"]|VERSION = \"$VERSION\"|g" {} \;
+          else
+            echo "❌ ERROR: This workflow should only run on tag pushes, though GITHUB_REF is $GITHUB_REF"
+            VERSION="1.3.0"
+            # exit 1
+          fi
+      - name: Configure RubyGems Credentials
+        uses: rubygems/configure-rubygems-credentials@main
+      # - name: Set up credentials
+      #   run: |
+      #     mkdir -p $HOME/.gem
+      #     touch $HOME/.gem/credentials
+      #     chmod 0600 $HOME/.gem/credentials
+      #     printf -- "---\n:rubygems_api_key: ${{secrets.RUBYGEMS_AUTH_TOKEN}}\n" > $HOME/.gem/credentials
+      - name: Build gem
+        run: gem build *.gemspec
+      - name: Push gem
+        run: gem push *.gem

data/.gitignore

@@ -0,0 +1,3 @@
+/.bundle/
+/pkg/
+/tmp/

data/Gemfile

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in matic-jwt.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,65 @@
+PATH
+  remote: .
+  specs:
+    matic-jwt (0.0.0)
+      activesupport
+      jwt
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (7.1.5.1)
+      base64
+      benchmark (>= 0.3)
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
+      i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
+      minitest (>= 5.1)
+      mutex_m
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0)
+    base64 (0.3.0)
+    benchmark (0.4.1)
+    bigdecimal (3.2.0)
+    concurrent-ruby (1.3.5)
+    connection_pool (2.5.3)
+    diff-lcs (1.3)
+    drb (2.2.3)
+    i18n (1.14.7)
+      concurrent-ruby (~> 1.0)
+    jwt (2.2.1)
+    logger (1.7.0)
+    minitest (5.25.5)
+    mutex_m (0.3.0)
+    rake (13.0.1)
+    rspec (3.7.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+    rspec-core (3.7.0)
+      rspec-support (~> 3.7.0)
+    rspec-expectations (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-mocks (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-support (3.7.0)
+    securerandom (0.4.1)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.16)
+  matic-jwt!
+  rake (~> 13.0)
+  rspec (~> 3.0)
+
+BUNDLED WITH
+   2.5.4

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Matic Insurance Services
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,73 @@
+# Matic::Jwt
+
+Matic's implementation of JWT authentication.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'matic-jwt'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install matic-jwt
+
+## Usage
+
+### Plain Ruby
+
+Use `MaticJWT::Generator` to create JWT tokens or headers:
+```ruby
+generator = MaticJWT::Generator.new
+token = generator.token_for('my_client', 'my_super_secret', additional_payload: 'test')
+header = generator.authentication_header_for('my_client', 'my_super_secret', user_id: 'test@localhost.com')
+```
+
+### With Grape
+Register `jwt_auth` strategy
+```ruby
+  Grape::Middleware::Auth::Strategies.add(
+    :jwt_auth,
+    MaticJWT::Grape::Middleware::Auth,
+    ->(options) { [options] }
+  )
+```
+
+Use ```:jwt_auth``` strategy and define lambda to obtain secret for by client name.
+```ruby
+   auth :jwt_auth,
+        secret: -> (client_name) { ::ApiClient.find_by!(name: client_name).secret }
+```
+
+If you need to get any data from authentication payload use ::MaticJWT::Grape::Helper.
+```ruby
+    module ApiHelper
+       include ::MaticJWT::Grape::Helper
+
+        def current_client
+          @current_client ||= ::ApiClient.find_by!(name: client_name)
+        end
+
+        private
+
+        def client_name
+          auth_payload['client_name']
+        end
+    end
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/matic-jwt.

data/Rakefile

@@ -0,0 +1,2 @@
+require 'bundler/gem_tasks'
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "matic/jwt"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/matic-jwt/authenticator.rb

@@ -0,0 +1,32 @@
+module MaticJWT
+  class Authenticator
+    def initialize(header, scheme: SCHEME)
+      @scheme = scheme
+      @token = extract_token(header)
+    end
+
+    def client_name
+      payload.first['client_name']
+    end
+
+    def authenticate_with_secret!(secret)
+      JWT.decode(@token, secret, true, algorithm: ALGORITHM)
+    end
+
+    def payload
+      JWT.decode(@token, nil, false)
+    end
+
+    private
+
+    def extract_token(header)
+      token = header&.slice(@scheme.length + 1..-1)
+      validate_header_presence!(token)
+      token
+    end
+
+    def validate_header_presence!(token)
+      raise(JWT::DecodeError, 'Authorization token is incorrect') unless token&.present?
+    end
+  end
+end

data/lib/matic-jwt/generator.rb

@@ -0,0 +1,18 @@
+module MaticJWT
+  class Generator
+    def initialize(expiration: EXPIRATION, scheme: SCHEME)
+      @expiration = expiration
+      @scheme = scheme
+    end
+
+    def token_for(client_name, secret, payload = {})
+      jwt_payload = payload.merge(client_name: client_name, exp: @expiration.since.to_i)
+      JWT.encode(jwt_payload, secret, ALGORITHM)
+    end
+
+    def authentication_header_for(client_name, secret, payload = {})
+      token = token_for(client_name, secret, payload)
+      "#{@scheme} #{token}"
+    end
+  end
+end

data/lib/matic-jwt/grape/helper.rb

@@ -0,0 +1,9 @@
+module MaticJWT
+  module Grape
+    module Helper
+      def auth_payload
+        env['auth_payload']
+      end
+    end
+  end
+end

data/lib/matic-jwt/grape/middleware/auth.rb

@@ -0,0 +1,53 @@
+module MaticJWT
+  module Grape
+    module Middleware
+      class Auth
+        def initialize(app, options)
+          @app = app
+          @secret_reader = options[:secret]
+        end
+
+        def call(env)
+          @env = env
+
+          validate_request
+          decode_payload
+          authenticate!
+          continue!
+        end
+
+        private
+
+        def validate_request
+          raise JWT::VerificationError, 'Authorization token is invalid' unless request.valid?
+        end
+
+        def decode_payload
+          @env['auth_payload'] = jwt_authenticator.payload&.first
+        end
+
+        def authenticate!
+          jwt_authenticator.authenticate_with_secret!(secret)
+        end
+
+        def continue!
+          @app.call(@env)
+        end
+
+        def jwt_authenticator
+          ::MaticJWT::Authenticator.new(request.auth_token)
+        end
+
+        def secret
+          @secret_reader.call(jwt_authenticator.client_name)
+        end
+
+        def request
+          @request ||= ::MaticJWT::Grape::Middleware::Request.new(@env)
+        end
+      end
+    end
+  end
+end
+
+Grape::Middleware::Auth::Strategies.add(:jwt_auth, ::MaticJWT::Grape::Middleware::Auth, ->(options) { [options] })

data/lib/matic-jwt/grape/middleware/request.rb

@@ -0,0 +1,32 @@
+module MaticJWT
+  module Grape
+    module Middleware
+      class Request
+        AUTHORIZATION_KEYS = %w[
+          Authorization
+          HTTP_AUTHORIZATION
+          X-HTTP_AUTHORIZATION
+          X_HTTP_AUTHORIZATION
+        ].freeze
+
+        def initialize(env)
+          @env = env
+        end
+
+        def valid?
+          !@env[auth_key].nil?
+        end
+
+        def auth_token
+          @env[auth_key]
+        end
+
+        private
+
+        def auth_key
+          @authorization_key ||= AUTHORIZATION_KEYS.detect { |key| @env.key?(key) }
+        end
+      end
+    end
+  end
+end

data/lib/matic-jwt/version.rb

@@ -0,0 +1,3 @@
+module MaticJWT
+  VERSION = '0.0.0'.freeze
+end

data/lib/matic-jwt.rb

@@ -0,0 +1,19 @@
+require 'active_support'
+require 'active_support/core_ext'
+require 'jwt'
+
+require 'matic-jwt/authenticator'
+require 'matic-jwt/generator'
+require 'matic-jwt/version'
+
+if Gem.loaded_specs.has_key?('grape')
+  require 'matic-jwt/grape/helper'
+  require 'matic-jwt/grape/middleware/request'
+  require 'matic-jwt/grape/middleware/auth'
+end
+
+module MaticJWT
+  ALGORITHM = 'HS256'.freeze
+  EXPIRATION = 1.minute
+  SCHEME = 'Bearer'.freeze
+end

data/matic-jwt.gemspec

@@ -0,0 +1,37 @@
+
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'matic-jwt/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'matic-jwt'
+  spec.version       = MaticJWT::VERSION
+  spec.authors       = ['Yurii Danyliak']
+  spec.email         = ['ydanyliak@getmatic.com']
+
+  spec.summary       = "Matic's JWT implementation"
+  spec.description   = 'This gem contains specific implementation of JWT authentication to be used inside of Matic products.'
+  spec.homepage      = 'https://github.com/matic-insurance/matic-jwt-wrapper'
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  if spec.respond_to?(:metadata)
+    spec.metadata['allowed_push_host'] = 'https://rubygems.org'
+  else
+    raise 'RubyGems 2.0 or newer is required to protect against public gem pushes.'
+  end
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'jwt'
+  spec.add_dependency 'activesupport'
+
+  spec.add_development_dependency 'bundler', '~> 1.16'
+  spec.add_development_dependency 'rake', '~> 13.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+end

metadata

@@ -0,0 +1,132 @@
+--- !ruby/object:Gem::Specification
+name: matic-jwt
+version: !ruby/object:Gem::Version
+  version: 0.0.0
+platform: ruby
+authors:
+- Yurii Danyliak
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2025-07-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: This gem contains specific implementation of JWT authentication to be
+  used inside of Matic products.
+email:
+- ydanyliak@getmatic.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/workflows/check.yml"
+- ".github/workflows/release.yml"
+- ".gitignore"
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/matic-jwt.rb
+- lib/matic-jwt/authenticator.rb
+- lib/matic-jwt/generator.rb
+- lib/matic-jwt/grape/helper.rb
+- lib/matic-jwt/grape/middleware/auth.rb
+- lib/matic-jwt/grape/middleware/request.rb
+- lib/matic-jwt/version.rb
+- matic-jwt.gemspec
+homepage: https://github.com/matic-insurance/matic-jwt-wrapper
+licenses: []
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.27
+signing_key:
+specification_version: 4
+summary: Matic's JWT implementation
+test_files: []