rack-cloudflare-jwt 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 240d66a2a123b06cf3625765ce2d7b4772c2a46f059fd62decc90acd4d9e68bc
-  data.tar.gz: 9bf13c926defed079e9266752c64ab3b38d004e3665252b3dd7a663db77ae66c
+  metadata.gz: 9cfffcc56a02828c0ab0aea34ce64dd64e7fa09b9c564cc2146f7a54f01ff189
+  data.tar.gz: 55b46d11820643dead91670a3c23aaa25d0d80526844ecdcadb38c2ec5110465
 SHA512:
-  metadata.gz: 735971f62a1c16c83d6591baa3d60c052107ef61076850a0598c2456c386aec32c62b79927e15560f2d9f47ef17f991ff084ee6bb27284ab17195e6fcd805148
-  data.tar.gz: c3f15c032fa1715e728e6e0337ddfae61165a8bda598cc69f077b5f87f71e93d2e24b249ae79ac197361a533ac730cf8b1c0823f2f1b00e794b15b3d1180c41d
+  metadata.gz: 637d37665fa3e39c8d65649ad3fde2bee0cd84a3bf1d3e8974e2abb49c2e3d051785f63dee1bc5ac914e601076e0cf14b6a0c04a359b675f7b3e8cd1cae7c294
+  data.tar.gz: 8879652a99cf5639b2ad6543524ea4ff28f7ce92be470a4d6594f9554751b10f6e3079262532d2b9a7948cb277a7f33d6e06171f4e147d8898f24eeec0a079e8

data/README.md

@@ -38,11 +38,14 @@ $ gem install rack-cloudflare-jwt
 
 * `Hash` value : `String` : A Application Audience (AUD) Tag.
 
+Also, you should provide a Team Domain.
 
 ### Rails
 
 ```ruby
-Rails.application.config.middleware.use Rack::CloudflareJwt::Auth, '/my-path' => 'xxx.yyy.zzz'
+Rails.application.config.middleware.use Rack::CloudflareJwt::Auth, 'my-team-domain.cloudflareaccess.com',
+                                                                   '/my-path-1' => 'aaa.bbb.ccc'
+                                                                   '/my-path-2' => 'xxx.yyy.zzz',
 ```
 
 ## Contributing

data/lib/rack/cloudflare_jwt/auth.rb

@@ -19,8 +19,6 @@ module Rack::CloudflareJwt
     DEFAULT_ALGORITHM = 'RS256'
     # CloudFlare JWT header.
     HEADER_NAME = 'HTTP_CF_ACCESS_JWT_ASSERTION'
-    # HTTP_HOST header.
-    HEADER_HTTP_HOST = 'HTTP_HOST'
     # Key for get current path.
     PATH_INFO = 'PATH_INFO'
 
@@ -35,21 +33,24 @@ module Rack::CloudflareJwt
       )$
     /x.freeze
 
-    attr_reader :policies
+    attr_reader :policies, :team_domain
 
     # Initializes middleware
     #
     # @example Initialize middleware in Rails
     #   config.middleware.use(
     #     Rack::CloudflareJwt::Auth,
+    #     ENV['RACK_CLOUDFLARE_JWT_TEAM_DOMAIN'],
     #     '/admin'   => <cloudflare-aud-1>,
     #     '/manager' => <cloudflare-aud-2>,
     #   )
     #
+    # @param team_domain [String] the Team Domain (e.g. 'test.cloudflareaccess.com').
     # @param policies [Hash<String, String>] the policies with paths and AUDs.
-    def initialize(app, policies = {})
-      @app      = app
-      @policies = policies
+    def initialize(app, team_domain, policies = {})
+      @app         = app
+      @team_domain = team_domain
+      @policies    = policies
 
       check_policy_auds!
       check_paths_type!
@@ -95,7 +96,7 @@ module Rack::CloudflareJwt
       # extract the token from header.
       token         = env[HEADER_NAME]
       policy_aud    = policies.find { |path, _aud| env[PATH_INFO].start_with?(path) }&.last
-      decoded_token = public_keys(env).find do |key|
+      decoded_token = public_keys.find do |key|
         break decode_token(token, key.public_key, policy_aud)
       rescue DecodeTokenError => e
         logger.info e.message
@@ -186,20 +187,17 @@ module Rack::CloudflareJwt
     # Private: Get public keys.
     #
     # @return [Array<OpenSSL::PKey::RSA>] the public keys.
-    def public_keys(env)
-      host = env[HEADER_HTTP_HOST]
-      fetch_public_keys_cached(host).map do |jwk_data|
+    def public_keys
+      fetch_public_keys_cached.map do |jwk_data|
         ::JWT::JWK.import(jwk_data).keypair
       end
     end
 
     # Private: Fetch public keys.
     #
-    # @param host [String] The host.
-    #
     # @return [Array<Hash>] the public keys.
-    def fetch_public_keys(host)
-      json = Net::HTTP.get(host, CERTS_PATH)
+    def fetch_public_keys
+      json = Net::HTTP.get(team_domain, CERTS_PATH)
       json.empty? ? [] : MultiJson.load(json, symbolize_keys: true).fetch(:keys)
     rescue StandardError
       []
@@ -209,19 +207,17 @@ module Rack::CloudflareJwt
     #
     # Store a keys in the cache only 10 minutes.
     #
-    # @param host [String] The host.
-    #
     # @return [Array<Hash>] the public keys.
-    def fetch_public_keys_cached(host)
-      key = [self.class.name, '#secrets', host].join('_')
+    def fetch_public_keys_cached
+      key = [self.class.name, '#secrets'].join('_')
 
       if defined? Rails
-        Rails.cache.fetch(key, expires_in: 600) { fetch_public_keys(host) }
+        Rails.cache.fetch(key, expires_in: 600) { fetch_public_keys }
       elsif defined? Padrino
         keys = Padrino.cache[key]
-        keys || Padrino.cache.store(key, fetch_public_keys(host), expires: 600)
+        keys || Padrino.cache.store(key, fetch_public_keys, expires: 600)
       else
-        fetch_public_keys(host)
+        fetch_public_keys
       end
     end
 

data/lib/rack/cloudflare_jwt/version.rb

@@ -2,6 +2,6 @@
 
 module Rack # rubocop:disable Style/ClassAndModuleChildren
   module CloudflareJwt
-    VERSION = '0.1.0'
+    VERSION = '0.2.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-cloudflare-jwt
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Aleksei Vokhmin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-10 00:00:00.000000000 Z
+date: 2021-04-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -211,7 +211,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.0.1
 signing_key: 
 specification_version: 4
 summary: Rack middleware that provides authentication based on CloudFlare JSON Web