rack_jwt_aegis 0.0.0 ā 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +9 -0
- data/.yard/yard_gfm_config.rb +21 -0
- data/.yardopts +16 -0
- data/CHANGELOG.md +204 -0
- data/README.md +339 -45
- data/Rakefile +52 -0
- data/bin/console +11 -0
- data/bin/docs +20 -0
- data/bin/setup +8 -0
- data/exe/rack_jwt_aegis +235 -0
- data/lib/rack_jwt_aegis/configuration.rb +205 -44
- data/lib/rack_jwt_aegis/jwt_validator.rb +56 -14
- data/lib/rack_jwt_aegis/middleware.rb +72 -2
- data/lib/rack_jwt_aegis/multi_tenant_validator.rb +43 -18
- data/lib/rack_jwt_aegis/rbac_manager.rb +323 -76
- data/lib/rack_jwt_aegis/request_context.rb +64 -23
- data/lib/rack_jwt_aegis/version.rb +1 -1
- data/lib/rack_jwt_aegis.rb +36 -1
- metadata +24 -13
- data/examples/basic_usage.rb +0 -85
- /data/sig/{rack_jwt_bastion.rbs ā rack_jwt_aegis.rbs} +0 -0
metadata
CHANGED
|
@@ -1,29 +1,34 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack_jwt_aegis
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ken C. Demanawa
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: exe
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date:
|
|
10
|
+
date: 1980-01-02 00:00:00.000000000 Z
|
|
12
11
|
dependencies:
|
|
13
12
|
- !ruby/object:Gem::Dependency
|
|
14
13
|
name: jwt
|
|
15
14
|
requirement: !ruby/object:Gem::Requirement
|
|
16
15
|
requirements:
|
|
17
|
-
- - "
|
|
16
|
+
- - ">="
|
|
18
17
|
- !ruby/object:Gem::Version
|
|
19
18
|
version: '2.10'
|
|
19
|
+
- - "<"
|
|
20
|
+
- !ruby/object:Gem::Version
|
|
21
|
+
version: '4.0'
|
|
20
22
|
type: :runtime
|
|
21
23
|
prerelease: false
|
|
22
24
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
25
|
requirements:
|
|
24
|
-
- - "
|
|
26
|
+
- - ">="
|
|
25
27
|
- !ruby/object:Gem::Version
|
|
26
28
|
version: '2.10'
|
|
29
|
+
- - "<"
|
|
30
|
+
- !ruby/object:Gem::Version
|
|
31
|
+
version: '4.0'
|
|
27
32
|
- !ruby/object:Gem::Dependency
|
|
28
33
|
name: rack
|
|
29
34
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -38,20 +43,28 @@ dependencies:
|
|
|
38
43
|
- - ">="
|
|
39
44
|
- !ruby/object:Gem::Version
|
|
40
45
|
version: '3.2'
|
|
41
|
-
description:
|
|
42
|
-
|
|
46
|
+
description: |-
|
|
47
|
+
JWT authentication midleware with multi-tenant suport,\
|
|
48
|
+
company validation, and subdomain isolation.
|
|
43
49
|
email:
|
|
44
50
|
- kenneth.c.demanawa@gmail.com
|
|
45
|
-
executables:
|
|
51
|
+
executables:
|
|
52
|
+
- rack_jwt_aegis
|
|
46
53
|
extensions: []
|
|
47
54
|
extra_rdoc_files: []
|
|
48
55
|
files:
|
|
49
56
|
- ".rubocop.yml"
|
|
57
|
+
- ".yard/yard_gfm_config.rb"
|
|
58
|
+
- ".yardopts"
|
|
59
|
+
- CHANGELOG.md
|
|
50
60
|
- CODE_OF_CONDUCT.md
|
|
51
61
|
- LICENSE.txt
|
|
52
62
|
- README.md
|
|
53
63
|
- Rakefile
|
|
54
|
-
-
|
|
64
|
+
- bin/console
|
|
65
|
+
- bin/docs
|
|
66
|
+
- bin/setup
|
|
67
|
+
- exe/rack_jwt_aegis
|
|
55
68
|
- lib/rack_jwt_aegis.rb
|
|
56
69
|
- lib/rack_jwt_aegis/cache_adapter.rb
|
|
57
70
|
- lib/rack_jwt_aegis/configuration.rb
|
|
@@ -62,7 +75,7 @@ files:
|
|
|
62
75
|
- lib/rack_jwt_aegis/request_context.rb
|
|
63
76
|
- lib/rack_jwt_aegis/response_builder.rb
|
|
64
77
|
- lib/rack_jwt_aegis/version.rb
|
|
65
|
-
- sig/
|
|
78
|
+
- sig/rack_jwt_aegis.rbs
|
|
66
79
|
homepage: https://github.com/kanutocd/rack_jwt_aegis
|
|
67
80
|
licenses:
|
|
68
81
|
- MIT
|
|
@@ -71,7 +84,6 @@ metadata:
|
|
|
71
84
|
homepage_uri: https://github.com/kanutocd/rack_jwt_aegis
|
|
72
85
|
source_code_uri: https://github.com/kanutocd/rack_jwt_aegis
|
|
73
86
|
rubygems_mfa_required: 'true'
|
|
74
|
-
post_install_message:
|
|
75
87
|
rdoc_options: []
|
|
76
88
|
require_paths:
|
|
77
89
|
- lib
|
|
@@ -86,8 +98,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
86
98
|
- !ruby/object:Gem::Version
|
|
87
99
|
version: '0'
|
|
88
100
|
requirements: []
|
|
89
|
-
rubygems_version: 3.
|
|
90
|
-
signing_key:
|
|
101
|
+
rubygems_version: 3.6.9
|
|
91
102
|
specification_version: 4
|
|
92
103
|
summary: JWT authentication middleware for multi-tenant Rack applications
|
|
93
104
|
test_files: []
|
data/examples/basic_usage.rb
DELETED
|
@@ -1,85 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env ruby
|
|
2
|
-
# frozen_string_literal: true
|
|
3
|
-
|
|
4
|
-
require_relative '../lib/rack_jwt_aegis'
|
|
5
|
-
require 'jwt'
|
|
6
|
-
require 'json'
|
|
7
|
-
require 'rack'
|
|
8
|
-
|
|
9
|
-
# Example: Basic JWT authentication middleware usage
|
|
10
|
-
|
|
11
|
-
# 1. Create a simple Rack app
|
|
12
|
-
class SimpleApp
|
|
13
|
-
def call(env)
|
|
14
|
-
# Access authenticated user data
|
|
15
|
-
if RackJwtAegis::RequestContext.authenticated?(env)
|
|
16
|
-
user_id = RackJwtAegis::RequestContext.user_id(env)
|
|
17
|
-
company_slugs = RackJwtAegis::RequestContext.company_slugs(env)
|
|
18
|
-
|
|
19
|
-
response = {
|
|
20
|
-
message: 'Hello authenticated user!',
|
|
21
|
-
user_id: user_id,
|
|
22
|
-
company_access: company_slugs,
|
|
23
|
-
}
|
|
24
|
-
|
|
25
|
-
[200, { 'Content-Type' => 'application/json' }, [JSON.generate(response)]]
|
|
26
|
-
else
|
|
27
|
-
[401, {}, ['Unauthorized']]
|
|
28
|
-
end
|
|
29
|
-
end
|
|
30
|
-
end
|
|
31
|
-
|
|
32
|
-
# 2. Configure the middleware
|
|
33
|
-
Rack::Builder.new do
|
|
34
|
-
use RackJwtAegis::Middleware, {
|
|
35
|
-
jwt_secret: 'demo-secret-key',
|
|
36
|
-
|
|
37
|
-
# Multi-tenant features
|
|
38
|
-
validate_subdomain: true,
|
|
39
|
-
validate_company_slug: true,
|
|
40
|
-
|
|
41
|
-
# Skip authentication for health check
|
|
42
|
-
skip_paths: ['/health'],
|
|
43
|
-
|
|
44
|
-
# Debug mode for demonstration
|
|
45
|
-
debug_mode: true,
|
|
46
|
-
}
|
|
47
|
-
|
|
48
|
-
run SimpleApp.new
|
|
49
|
-
end
|
|
50
|
-
|
|
51
|
-
# 3. Generate a demo JWT token
|
|
52
|
-
payload = {
|
|
53
|
-
'user_id' => 123,
|
|
54
|
-
'company_group_id' => 456,
|
|
55
|
-
'company_group_domain' => 'acme-corp.example.com',
|
|
56
|
-
'company_slugs' => ['widgets-division', 'services-division'],
|
|
57
|
-
'exp' => Time.now.to_i + 3600, # 1 hour from now
|
|
58
|
-
}
|
|
59
|
-
|
|
60
|
-
token = JWT.encode(payload, 'demo-secret-key', 'HS256')
|
|
61
|
-
|
|
62
|
-
puts "\nš”ļø Rack JWT Aegis Demo"
|
|
63
|
-
puts '=' * 50
|
|
64
|
-
puts "\nš Configuration:"
|
|
65
|
-
puts '- JWT Secret: demo-secret-key'
|
|
66
|
-
puts '- Multi-tenant: Subdomain + Company Slug validation'
|
|
67
|
-
puts '- Skip paths: /health'
|
|
68
|
-
puts '- Debug mode: enabled'
|
|
69
|
-
|
|
70
|
-
puts "\nš« Generated JWT Token:"
|
|
71
|
-
puts "#{token[0..50]}..." if token.length > 50
|
|
72
|
-
|
|
73
|
-
puts "\nš JWT Payload:"
|
|
74
|
-
puts JSON.pretty_generate(payload)
|
|
75
|
-
|
|
76
|
-
puts "\nā
Middleware initialized successfully!"
|
|
77
|
-
puts "\nš” To test this middleware:"
|
|
78
|
-
puts '1. Start a Rack server with this configuration'
|
|
79
|
-
puts '2. Send requests with Authorization: Bearer <token>'
|
|
80
|
-
puts '3. Try different subdomains and company slugs'
|
|
81
|
-
puts '4. Check /health endpoint (should work without auth)'
|
|
82
|
-
|
|
83
|
-
puts "\nš Example curl commands:"
|
|
84
|
-
puts "curl -H 'Authorization: Bearer #{token}' -H 'Host: acme-corp.example.com' http://localhost:3000/api/v1/widgets-division/data"
|
|
85
|
-
puts 'curl http://localhost:3000/health'
|
|
File without changes
|