minato-rails-auth 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: f230a5cc5a2ed2896b958555a3d1df46afdb1ff882d7a781b98415e91c47bf31
+  data.tar.gz: c0cda43ffd8b1385efb1fcfba78fd04dece987e19c9882b3b82b9e75b9096fa3
+SHA512:
+  metadata.gz: 889f2d69ba35ebdea6e1ff24f2d278977ba907b294678955afc2af748092716c361311914ef2f8e4617e0846d09f405a1675832da9c222ff6989dc3bf78f2da8
+  data.tar.gz: aaeb0db38de916e67427c617325ff610020155ec4a659ccb6de393f79a2fc4d11d81151efb53bc418f27922a7b15fa8391878982f639910162b8a78b30f3f9ff

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,40 @@
+require:
+  - rubocop-rails
+  - rubocop-rspec
+  - rubocop-rake
+
+AllCops:
+  DisplayCopNames: true
+  DisplayStyleGuide: true
+  ExtraDetails: false
+  NewCops: enable
+  TargetRubyVersion: 2.7.3
+
+Metrics/BlockLength:
+  AllowedMethods: ['describe', 'it', 'context']
+  Max: 50
+
+RSpec/EmptyExampleGroup:
+  Enabled: false
+
+RSpec/ExampleLength:
+  Max: 50
+
+RSpec/ImplicitExpect:
+  Enabled: false
+
+RSpec/MultipleExpectations:
+  Enabled: false
+
+RSpec/VerifiedDoubleReference:
+  EnforcedStyle: string
+
+Style/Documentation:
+  Enabled: false
+
+Layout/HashAlignment:
+  EnforcedColonStyle: table
+  EnforcedHashRocketStyle: table
+
+RSpec/MultipleMemoizedHelpers:
+  Max: 7

data/README.md

@@ -0,0 +1,139 @@
+# Minato::Rails::Auth
+
+Minato Rails Auth is a library designed to be an authentication layer in Rails applications. It has a JWT module, that can be included in Rails Controllers to authenticate requests. And has a RSpec shared contexts, to simplify authentication in automated tests.
+
+## Installation
+
+The recommended installation way is by [Gem](https://guides.rubygems.org/rubygems-basics/#installing-gems) or [Bundler](https://bundler.io/):
+
+### By Gem
+
+    $ gem install minato-rails-auth
+
+### By Bundler
+
+    $ bundle add minato-rails-auth
+
+Or just add the following line on your `Gemfile` file:
+
+    gem 'minato-rails-auth'
+
+And you can specify the version:
+
+    gem 'minato-rails-auth', '~> 0.1.0'
+
+## Configuration
+
+To configure the Minato Rails Auth lib on your Rails application, is necessary to follow the steps:
+
+1. Create a configuration file:
+
+        [rails-app]/config/initializers/minato_rails_auth.rb
+
+2. Add the following content in the file:
+
+    ```ruby
+    require 'minato/rails/auth'
+
+    Minato::Rails::Auth.configure do |conf|
+        conf.jwt.issuer = Settings.api.secure.issuer
+        conf.jwt.jwks_uri = Settings.api.secure.jwks_uri
+    end
+    ```
+
+    - Each option specs:
+
+        - `conf.jwt`  
+            - stores all jwt configuration
+        - `conf.jwt.issuer` 
+            - example: 'http://localhost'  
+            - is the jwt issuer, when the system uses Ory, it's the gateway host
+        - `conf.jwt.jwks_uri` 
+            - example: 'http://localhost:4456/.well-known/jwks.json' 
+            - is the jwks obtetion uri, when the system uses Ory, it's the direct gateway host
+        - `conf.jwt.jwks` 
+            - default: nil   
+            - this is the jwks data, if this is specified it will not be necessary the conf.jwt.jwks_uri attribute
+        - `conf.jwt.algorithms` 
+            - default:  'RS256'
+            - alghorithm used to decode the jwt
+        - `conf.jwt.verify_iss` 
+            - default:  true   
+            - this specify if the issuer should be checked
+        - `conf.jwt.verify_token_signature` 
+            - default: true   
+            - this specify if the token signature should be checked
+        - `conf.jwt.hmac_secret` 
+            - default: nil
+            - hmac secret, is necessary only in HMAC algorithms
+        - `conf.jwt.additional_params` 
+            - default: {}
+            - is JWT.decode additional options
+            - docs: https://github.com/jwt/ruby-jwt/blob/main/README.md
+
+And now, the library was configured in your Rails application.
+
+## Usage
+
+### Auth system
+
+To add the JWT authentication system in your Rails application, just follow the steps:
+
+1. Include the JWT module in your `ApplicationController`:
+
+    ```ruby
+    class ApplicationController < ActionController::API
+        include Minato::Rails::Auth::JWT
+    end
+    ```
+
+2. Now it is available the method `authenticate_request!` in your controllers, and you can call it when you want to auth a controller:
+
+    ```ruby
+    class FooController < ApplicationController
+        before_action :authenticate_request!
+    end
+    ```
+
+3. Now the variable `current_user` is availabe in your controller, containing the following methods:
+
+- `.machine?`
+    - This will return a boolean value that will tell you if the client is a machine or not
+
+- `.human?`
+    - This works like the `.machine?` method, but tells you if the client is human.
+
+- `.session`
+    - This returns a hash with the JWT payload, if the client is human.
+
+- `.machine`
+    - This returns a string with the machine name, when the client is a machine.
+
+### Testing tools
+
+The Minato Rails Auth makes available the RSpec shared contexts, to make it available you can include the module in your `[rails-app]/spec/spec_helper.rb`:
+
+```ruby
+require 'minato/rails/auth/spec'
+```
+
+And now it will be available the following shared contexts, that you can use following [the docs](https://rspec.info/features/3-12/rspec-core/example-groups/shared-context/):
+
+- `with jwt authentication`:
+    - Just create a jwt with empty payload. To set the payload you should create a `jwt_payload` variable using `let`.
+- `with human jwt authentication`:
+    - Creates a jwt with human payload. You set the user attributes with variables `jwt_email`, `jwt_account_id`, `jwt_session_id`, `jwt_identity_id` and `jwt_payload`.
+- `with machine jwt authentication`:
+    - Creates a jwt with machine payload. You can set the machine name with the variable `jwt_machine`.
+- `with missing jwt authentication`:
+    - Raise a `::JWT::VerificationError`, simulating when the user is not authenticated.
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitLab at https://gitlab.com/ferreri/minato/minato-rails-auth.

data/Rakefile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new
+
+task default: %i[spec rubocop]

data/compose.yml

@@ -0,0 +1,12 @@
+services:
+  minato-rails-auth:
+    environment:
+      GITLAB_AUTH_TOKEN: ${GITLAB_AUTH_TOKEN}
+    image: ruby:2.7.3
+    working_dir: /usr/src/api
+    volumes:
+      - .:/usr/src/api:z
+      - bundle:/usr/local/bundle
+
+volumes:
+  bundle:

data/lib/minato/rails/auth/configuration.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require_relative 'jwt/configuration'
+require 'active_support'
+
+module Minato
+  module Rails
+    module Auth
+      class Configuration
+        attr_accessor :jwt
+
+        def initialize(jwt = Auth::JWT::Configuration.new)
+          @jwt = jwt
+        end
+
+        def configure
+          yield(self) if block_given?
+        end
+      end
+    end
+  end
+end

data/lib/minato/rails/auth/jwt/configuration.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require_relative 'user'
+require 'active_support'
+
+module Minato
+  module Rails
+    module Auth
+      module JWT
+        class Configuration
+          attr_accessor :issuer, :jwks_uri, :verify_token_signature, :algorithms, :verify_iss, :hmac_secret,
+                        :additional_params
+
+          def initialize
+            @verify_token_signature = true
+            @algorithms = 'RS256'
+            @verify_iss = true
+            @hmac_secret = nil
+            @decode_params = nil
+            @additional_params = {}
+            @jwks = nil
+          end
+
+          attr_writer :decode_params, :jwks
+
+          def decode_params
+            return @decode_params.merge(additional_params || {}) if @decode_params.present?
+
+            {
+              algorithms: algorithms,
+              iss:        issuer,
+              verify_iss: verify_iss,
+              jwks:       jwks
+            }.merge(additional_params || {})
+          end
+
+          def configure
+            yield(self) if block_given?
+          end
+
+          def jwks
+            return @jwks if @jwks.present?
+
+            jwks_raw = Net::HTTP.get URI(jwks_uri)
+            JSON.parse(jwks_raw, symbolize_names: true)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/minato/rails/auth/jwt/decode.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Minato
+  module Rails
+    module Auth
+      module JWT
+        class Decode
+          def self.call(jwt)
+            ::JWT.decode(jwt,
+                         Auth::CONFIG.jwt.hmac_secret,
+                         Auth::CONFIG.jwt.verify_token_signature,
+                         Auth::CONFIG.jwt.decode_params).first
+          end
+        end
+      end
+    end
+  end
+end

data/lib/minato/rails/auth/jwt/spec/contexts.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module Minato
+  module Rails
+    module Auth
+      module JWT
+        module Contexts
+          RSpec.shared_context 'with jwt authentication', shared_context: :metadata do
+            let(:jwt_payload) do
+              {}
+            end
+            let(:Authorization) { 'Bearer token' }
+            before do
+              allow(Decode).to receive(:call).and_return(jwt_payload)
+            end
+          end
+
+          RSpec.shared_context 'with human jwt authentication', shared_context: :metadata do
+            let(:jwt_email) { 'test@email.com' }
+            let(:jwt_account_id) { '555' }
+            let(:jwt_session_id) { '67cf621f-4f49-4ca5-9365-62520849170b' }
+            let(:jwt_identity_id) { 'adb1e688-17c0-4241-bc24-912fa6b5f6c3' }
+            let(:jwt_payload) do
+              {
+                'session' => {
+                  'id'         => jwt_session_id,
+                  'expires_at' => '2021-09-29T20:15:44.731576Z',
+                  'identity'   => {
+                    'id'              => jwt_identity_id,
+                    'traits'          => {
+                      'email' => jwt_email
+                    },
+                    'metadata_public' => {
+                      'account_id' => jwt_account_id
+                    }
+                  }
+                }
+              }
+            end
+            let(:Authorization) { 'Bearer token' }
+            before do
+              allow(Decode).to receive(:call).and_return(jwt_payload)
+            end
+          end
+
+          RSpec.shared_context 'with machine jwt authentication', shared_context: :metadata do
+            let(:jwt_machine) { 'foo-svc' }
+            let(:jwt_payload) do
+              {
+                'sub' => jwt_machine
+              }
+            end
+            let(:Authorization) { 'Bearer token' }
+            before do
+              allow(Decode).to receive(:call).and_return(jwt_payload)
+            end
+          end
+
+          RSpec.shared_context 'with missing jwt authentication', shared_context: :metadata do
+            let(:Authorization) { nil }
+            before do
+              allow(Decode).to receive(:call).and_raise(::JWT::VerificationError)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/minato/rails/auth/jwt/user.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'object_hash'
+
+module Minato
+  module Rails
+    module Auth
+      module JWT
+        class User
+          attr_reader :token_payload
+
+          def initialize(token_payload)
+            @token_payload = ObjectHash.new(token_payload)
+          end
+
+          def human?
+            @human ||= @token_payload.respond_to?(:session)
+          end
+
+          def machine?
+            @machine ||= !human?
+          end
+
+          def session
+            @token_payload.session
+          end
+
+          def subject
+            @token_payload.sub
+          end
+        end
+      end
+    end
+  end
+end

data/lib/minato/rails/auth/jwt.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require_relative 'jwt/user'
+require_relative 'configuration'
+require_relative 'jwt/decode'
+require 'active_support'
+require 'net/http'
+require 'uri'
+require 'jwt'
+
+module Minato
+  module Rails
+    module Auth
+      module JWT
+        extend ActiveSupport::Concern
+
+        private
+
+        def authenticate_request!
+          @current_user = User.new(auth_token)
+        end
+
+        def http_token
+          return nil if request.headers['Authorization'].blank?
+
+          request.headers['Authorization'].split.last
+        end
+
+        def auth_token
+          @auth_token ||= Decode.call(http_token)
+        end
+      end
+    end
+  end
+end

data/lib/minato/rails/auth/spec.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require_relative 'jwt/spec/contexts'

data/lib/minato/rails/auth/version.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Minato
+  module Rails
+    module Auth
+      VERSION = '0.1.0'
+    end
+  end
+end

data/lib/minato/rails/auth.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require_relative 'auth/version'
+require_relative 'auth/jwt'
+
+module Minato
+  module Rails
+    module Auth
+      CONFIG = Configuration.new
+      class << self
+        def configure
+          yield(CONFIG) if block_given?
+          CONFIG
+        end
+      end
+    end
+  end
+end

data/lib/object_hash.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+class ObjectHash
+  def initialize(hash)
+    @hash = hash
+  end
+
+  def method_missing(name)
+    find_hash_value(name)
+  end
+
+  def respond_to_missing?(name, include_private = false)
+    return true if @hash.keys.include?(name.to_s)
+    return true if @hash.keys.include?(name.to_sym)
+
+    super
+  end
+
+  private
+
+  def find_hash_value(name)
+    value = @hash[name.to_s] || @hash[name.to_sym]
+    return ObjectHash.new(value) if value.instance_of?(Hash)
+
+    if value.instance_of?(Array)
+      return value.map do |item|
+        next ObjectHash.new(item) if item.instance_of?(Hash)
+
+        item
+      end
+    end
+
+    value
+  end
+end

data/minato-rails-auth.gemspec

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require_relative 'lib/minato/rails/auth/version'
+
+Gem::Specification.new do |spec|
+  spec.name = 'minato-rails-auth'
+  spec.version = Minato::Rails::Auth::VERSION
+  spec.authors = ['Ferreri']
+  spec.email = ['contato@ferreri.co']
+
+  spec.summary = 'Minato Rails Auth'
+  spec.description = 'Library to create an authentication layer in Rails applications'
+  spec.homepage = 'https://gitlab.com/ferreri/minato/minato-rails-auth'
+  spec.required_ruby_version = '>= 2.7'
+
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = spec.homepage
+  spec.metadata['changelog_uri'] = 'https://gitlab.com/ferreri/minato/minato-rails-auth/-/commits/main?ref_type=heads'
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(__dir__) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      (File.expand_path(f) == __FILE__) ||
+        f.start_with?(*%w[bin/ test/ spec/ features/ .git appveyor Gemfile])
+    end
+  end
+  spec.bindir = 'exe'
+  spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'activesupport', '~> 7.0.4'
+  spec.add_dependency 'jwt', '~> 2.9'
+
+  # Uncomment to register a new dependency of your gem
+  # spec.add_dependency "example-gem", "~> 1.0"
+
+  # For more information and examples about making a new gem, check out our
+  # guide at: https://bundler.io/guides/creating_gem.html
+  spec.metadata['rubygems_mfa_required'] = 'true'
+end

metadata

@@ -0,0 +1,90 @@
+--- !ruby/object:Gem::Specification
+name: minato-rails-auth
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Ferreri
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2024-10-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 7.0.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 7.0.4
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.9'
+description: Library to create an authentication layer in Rails applications
+email:
+- contato@ferreri.co
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rspec"
+- ".rubocop.yml"
+- README.md
+- Rakefile
+- compose.yml
+- lib/minato/rails/auth.rb
+- lib/minato/rails/auth/configuration.rb
+- lib/minato/rails/auth/jwt.rb
+- lib/minato/rails/auth/jwt/configuration.rb
+- lib/minato/rails/auth/jwt/decode.rb
+- lib/minato/rails/auth/jwt/spec/contexts.rb
+- lib/minato/rails/auth/jwt/user.rb
+- lib/minato/rails/auth/spec.rb
+- lib/minato/rails/auth/version.rb
+- lib/object_hash.rb
+- minato-rails-auth.gemspec
+homepage: https://gitlab.com/ferreri/minato/minato-rails-auth
+licenses: []
+metadata:
+  homepage_uri: https://gitlab.com/ferreri/minato/minato-rails-auth
+  source_code_uri: https://gitlab.com/ferreri/minato/minato-rails-auth
+  changelog_uri: https://gitlab.com/ferreri/minato/minato-rails-auth/-/commits/main?ref_type=heads
+  rubygems_mfa_required: 'true'
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.7'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.6
+signing_key: 
+specification_version: 4
+summary: Minato Rails Auth
+test_files: []