next-auth-session-token-decoder 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.rspec +3 -0
- data/Gemfile +4 -0
- data/Gemfile.lock +42 -0
- data/LICENSE.txt +21 -0
- data/README.md +53 -0
- data/lib/next_auth_decoder/token.rb +46 -0
- data/lib/next_auth_decoder/version.rb +3 -0
- data/lib/next_auth_decoder.rb +3 -0
- data/next_auth_decoder.gemspec +40 -0
- data/sig/foogem.rbs +4 -0
- metadata +112 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: ab938117f205be3d4b0c16dbec47c46631eff0e54a44a04e341b0b746382d743
|
4
|
+
data.tar.gz: c5d0269bcbdbef793528dd091a45289a888a56fffdf590f31f1ec3280d85d0a1
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: cdaa406032a808f88503be864ec17116d1820b2a53ab9017de7cf73d9db77134abff18c6df7dccd220e5ebb1b76847ed69bdbd0db2fb9cd7ee9e43d9dc971780
|
7
|
+
data.tar.gz: 80e424317d227be5db5d7cdb489c22045a63399be5fd342369f20653aac021f05e543bd5c9b9786607df31e2550ff2f89235f0f168a0021839bc3aa9f218234d
|
data/.rspec
ADDED
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
@@ -0,0 +1,42 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
next-auth-session-token-decoder (0.1.0)
|
5
|
+
hkdf (~> 1.0.0)
|
6
|
+
jose (~> 1.1.3)
|
7
|
+
|
8
|
+
GEM
|
9
|
+
remote: https://rubygems.org/
|
10
|
+
specs:
|
11
|
+
concurrent-ruby (1.2.2)
|
12
|
+
diff-lcs (1.5.0)
|
13
|
+
hamster (3.0.0)
|
14
|
+
concurrent-ruby (~> 1.0)
|
15
|
+
hkdf (1.0.0)
|
16
|
+
jose (1.1.3)
|
17
|
+
hamster
|
18
|
+
rake (13.0.6)
|
19
|
+
rspec (3.12.0)
|
20
|
+
rspec-core (~> 3.12.0)
|
21
|
+
rspec-expectations (~> 3.12.0)
|
22
|
+
rspec-mocks (~> 3.12.0)
|
23
|
+
rspec-core (3.12.1)
|
24
|
+
rspec-support (~> 3.12.0)
|
25
|
+
rspec-expectations (3.12.2)
|
26
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
27
|
+
rspec-support (~> 3.12.0)
|
28
|
+
rspec-mocks (3.12.4)
|
29
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
30
|
+
rspec-support (~> 3.12.0)
|
31
|
+
rspec-support (3.12.0)
|
32
|
+
|
33
|
+
PLATFORMS
|
34
|
+
x86_64-darwin-20
|
35
|
+
|
36
|
+
DEPENDENCIES
|
37
|
+
next-auth-session-token-decoder!
|
38
|
+
rake (~> 13.0)
|
39
|
+
rspec (~> 3.12)
|
40
|
+
|
41
|
+
BUNDLED WITH
|
42
|
+
2.4.8
|
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2023 Andrey B.
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,53 @@
|
|
1
|
+
# NextAuth.js Session Token Decoder
|
2
|
+
|
3
|
+
If you ever find yourself in a situation where you need to decrypt the [NextAuth.js](https://next-auth.js.org/) session token on your Ruby backend, look no further than this gem. It’s specifically designed to make the decryption process easy and seamless. The source code for this library has been extracted from [Cooper Pet Care](https://cooperpetcare.com/)’s code base.
|
4
|
+
|
5
|
+
## Installation
|
6
|
+
|
7
|
+
```bash
|
8
|
+
gem install next-auth-session-token-decoder
|
9
|
+
```
|
10
|
+
|
11
|
+
## Usage
|
12
|
+
|
13
|
+
```ruby
|
14
|
+
token = 'eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0..VxVkx9tG5eLKexs-.GQ792tADkdL10q_EntQO6bu-QYgr2gIqx7RwfRzA7HkMMrQ8Bu5Bfgh5UjYnI6J9bnagd6C_eOoQTMypMkXynPX_ogEEwlxLZLTXgn2yFTIDZHFEyXlmV53_FRJ82BNoYLv76lVZuNJwYdID8R-2thjML2VE3AblcNn2KJNCreXMztPrN9-AwOlAHofK3Q.14-TZcu0Br4kS7IPWhlC8g'
|
15
|
+
|
16
|
+
options = {
|
17
|
+
info: 'NextAuth.js Generated Encryption Key',
|
18
|
+
secret: 'super-secret-key',
|
19
|
+
}
|
20
|
+
|
21
|
+
NextAuthDecoder::Token.new(token, options).decode
|
22
|
+
=>
|
23
|
+
{
|
24
|
+
"email"=>"test@email.com",
|
25
|
+
"username"=>"Test username",
|
26
|
+
"iat"=>1678818018,
|
27
|
+
"exp"=>1681410018,
|
28
|
+
"sub"=>"2",
|
29
|
+
"jti"=>"ef109254-6cc0-4939-8cd3-faf172cd790f"
|
30
|
+
}
|
31
|
+
```
|
32
|
+
|
33
|
+
## RSpec
|
34
|
+
|
35
|
+
First install dependencies:
|
36
|
+
|
37
|
+
```bash
|
38
|
+
bundle install
|
39
|
+
```
|
40
|
+
|
41
|
+
Now you're ready to test it:
|
42
|
+
|
43
|
+
```bash
|
44
|
+
bundle exec rspec spec
|
45
|
+
```
|
46
|
+
|
47
|
+
## Contributing
|
48
|
+
|
49
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/cooperpetcare/next-auth-session-token-decoder.
|
50
|
+
|
51
|
+
## License
|
52
|
+
|
53
|
+
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
@@ -0,0 +1,46 @@
|
|
1
|
+
require 'openssl'
|
2
|
+
require 'jose'
|
3
|
+
require 'hkdf'
|
4
|
+
|
5
|
+
module NextAuthDecoder
|
6
|
+
class InvalidDecryptionParams < StandardError; end
|
7
|
+
class Token
|
8
|
+
def initialize(token, info: '', secret: ENV['NEXT_AUTH_SECRET'], length: 32)
|
9
|
+
@token = token
|
10
|
+
@info = info
|
11
|
+
@length = length
|
12
|
+
@secret = secret
|
13
|
+
end
|
14
|
+
|
15
|
+
def decode
|
16
|
+
raise error if invalid?
|
17
|
+
JOSE::JWT
|
18
|
+
.decrypt(jwk_secret, @token)
|
19
|
+
.first
|
20
|
+
.fields
|
21
|
+
.to_h
|
22
|
+
rescue OpenSSL::Cipher::CipherError
|
23
|
+
puts 'Error: Decryption error.'
|
24
|
+
nil
|
25
|
+
end
|
26
|
+
|
27
|
+
private
|
28
|
+
|
29
|
+
def jwk_secret
|
30
|
+
@jwk_secret ||= JOSE::JWK.from_oct(encrypted_secret)
|
31
|
+
end
|
32
|
+
|
33
|
+
def encrypted_secret
|
34
|
+
@encrypted_secret ||=
|
35
|
+
HKDF.new(@secret, info: @info).read(@length)
|
36
|
+
end
|
37
|
+
|
38
|
+
def invalid?
|
39
|
+
@token.empty? || @info.nil? || @secret.nil?
|
40
|
+
end
|
41
|
+
|
42
|
+
def error
|
43
|
+
InvalidDecryptionParams.new('Error: Invalid decryption params')
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -0,0 +1,40 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
|
3
|
+
$:.push File.expand_path('../lib', __FILE__)
|
4
|
+
require 'next_auth_decoder/version'
|
5
|
+
require 'next_auth_decoder/token'
|
6
|
+
|
7
|
+
Gem::Specification.new do |spec|
|
8
|
+
spec.name = 'next-auth-session-token-decoder'
|
9
|
+
spec.version = NextAuthDecoder::VERSION
|
10
|
+
spec.platform = Gem::Platform::RUBY
|
11
|
+
spec.authors = ['Andrey Bayburin']
|
12
|
+
spec.email = ['hello@cooperpetcare.com']
|
13
|
+
|
14
|
+
spec.summary = 'NextAuth session token decoder'
|
15
|
+
spec.description = 'NextAuth session token decoder'
|
16
|
+
spec.homepage = 'https://cooperpetcare.com/engineering/next-auth-session-token-decoder/'
|
17
|
+
spec.license = 'MIT'
|
18
|
+
|
19
|
+
spec.metadata['allowed_push_host'] = 'https://rubygems.org/'
|
20
|
+
spec.metadata['homepage_uri'] = spec.homepage
|
21
|
+
spec.metadata['source_code_uri'] = 'https://github.com/cooperpetcare/next-auth-session-token-decoder'
|
22
|
+
# spec.metadata['changelog_uri'] = "TODO: Put your gem's CHANGELOG.md URL here."
|
23
|
+
|
24
|
+
# Specify which files should be added to the gem when it is released.
|
25
|
+
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
26
|
+
spec.files = Dir.chdir(__dir__) do
|
27
|
+
`git ls-files -z`.split("\x0").reject do |f|
|
28
|
+
(File.expand_path(f) == __FILE__) || f.start_with?(*%w[bin/ test/ spec/ features/ .git .github])
|
29
|
+
end
|
30
|
+
end
|
31
|
+
spec.bindir = 'bin'
|
32
|
+
spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
|
33
|
+
spec.require_paths = ['lib']
|
34
|
+
spec.required_ruby_version = '>= 2.7.5'
|
35
|
+
|
36
|
+
spec.add_dependency('jose', '~> 1.1.3')
|
37
|
+
spec.add_dependency('hkdf', '~> 1.0.0')
|
38
|
+
spec.add_development_dependency('rake', '~> 13.0')
|
39
|
+
spec.add_development_dependency('rspec', '~> 3.12')
|
40
|
+
end
|
data/sig/foogem.rbs
ADDED
metadata
ADDED
@@ -0,0 +1,112 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: next-auth-session-token-decoder
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Andrey Bayburin
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2023-03-14 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: jose
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 1.1.3
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 1.1.3
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: hkdf
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 1.0.0
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 1.0.0
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rake
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '13.0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '13.0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rspec
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '3.12'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '3.12'
|
69
|
+
description: NextAuth session token decoder
|
70
|
+
email:
|
71
|
+
- hello@cooperpetcare.com
|
72
|
+
executables: []
|
73
|
+
extensions: []
|
74
|
+
extra_rdoc_files: []
|
75
|
+
files:
|
76
|
+
- ".rspec"
|
77
|
+
- Gemfile
|
78
|
+
- Gemfile.lock
|
79
|
+
- LICENSE.txt
|
80
|
+
- README.md
|
81
|
+
- lib/next_auth_decoder.rb
|
82
|
+
- lib/next_auth_decoder/token.rb
|
83
|
+
- lib/next_auth_decoder/version.rb
|
84
|
+
- next_auth_decoder.gemspec
|
85
|
+
- sig/foogem.rbs
|
86
|
+
homepage: https://cooperpetcare.com/engineering/next-auth-session-token-decoder/
|
87
|
+
licenses:
|
88
|
+
- MIT
|
89
|
+
metadata:
|
90
|
+
allowed_push_host: https://rubygems.org/
|
91
|
+
homepage_uri: https://cooperpetcare.com/engineering/next-auth-session-token-decoder/
|
92
|
+
source_code_uri: https://github.com/cooperpetcare/next-auth-session-token-decoder
|
93
|
+
post_install_message:
|
94
|
+
rdoc_options: []
|
95
|
+
require_paths:
|
96
|
+
- lib
|
97
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
98
|
+
requirements:
|
99
|
+
- - ">="
|
100
|
+
- !ruby/object:Gem::Version
|
101
|
+
version: 2.7.5
|
102
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
103
|
+
requirements:
|
104
|
+
- - ">="
|
105
|
+
- !ruby/object:Gem::Version
|
106
|
+
version: '0'
|
107
|
+
requirements: []
|
108
|
+
rubygems_version: 3.4.8
|
109
|
+
signing_key:
|
110
|
+
specification_version: 4
|
111
|
+
summary: NextAuth session token decoder
|
112
|
+
test_files: []
|