rack_jwt_aegis 1.0.2 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 85f1445f011d0e42c075e3777164d61b215aa04b6f78e535db987c3f0e239c6f
-  data.tar.gz: 94fa6e5dd9041709d394e1c42dc5cc938aeb4fb9325218a94cab6352a4a7cf47
+  metadata.gz: 0e776985ff922d83b9ac75821698125a565dce342be61bd4bf6012fc97dfd82c
+  data.tar.gz: 7bbb4006689d39ea9ec47ad869b01468bbfbddfb0ecbaa430d28ac96f1fd33b7
 SHA512:
-  metadata.gz: 0e3e83285e30c8b86efb2977aba6cfeccf728539b689fb80fb658e29ac91e61c455ab48c5793b689293154d3fe985ad6fee71d3b2381261f34b481370c89e8a1
-  data.tar.gz: f42e6cdb32d72f06ef14d7c016cbb7970ad5b04f9626b16cc1bf7a4062cdb6b68a899548e80259bac934622b2adc3080121c2b7e82daa84ab93f2df30ad34e63
+  metadata.gz: 64eb785ccd161bf7f7a7e0ce2b9840007885778b47d35a5528fe586ebcc160aa2f3d356e92868f8931c0789603a78fbc1feef56d6141dbeb322611330404b77a
+  data.tar.gz: 84f45c9c58aed4eadbcfd8a1d78d1a3e0cdd47c9f602ae9047e847738c671c0513dacfc9298207456fa969a44045ec6b8b8ff29fea3e0c29f76357aa4933ddaf

data/CHANGELOG.md

@@ -5,6 +5,126 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.1.0] - 2025-08-14
+
+### 🚀 Added
+
+#### Enhanced RBAC Cache Format
+
+- **Improved Performance**: Changed RBAC cache format from array-based to flat object structure for O(1) role lookup
+  - **Before**: `"permissions": [{ "role-id": ["resource:method"] }]` (O(n) array iteration)
+  - **After**: `"permissions": { "role-id": ["resource:method"] }` (O(1) direct access)
+- **Developer Experience**: Enhanced error detection with descriptive ConfigurationError exceptions
+  - Catches common migration mistakes when upgrading from array to object format
+  - Provides clear error messages with expected format examples
+  - Helps developers quickly identify and fix RBAC configuration issues
+
+#### Documentation Improvements
+
+- **Clean Documentation**: Fixed YARD documentation rendering issues with improved Markdown processing
+  - Added Redcarpet gem for better Markdown parsing in YARD
+  - Removed complex Jekyll integration that was causing rendering issues
+  - Maintained YARD for comprehensive API documentation with cleaner output
+- **API Documentation**: Enhanced code comments for better YARD rendering
+  - Updated key method documentation with clearer parameter descriptions
+  - Improved examples and usage patterns in documentation
+  - Better integration with YARD's HTML generation
+
+### 🔧 Fixed
+
+#### RBAC System Improvements
+
+- **Cache Format Validation**: Added explicit validation for RBAC permissions format
+  - Raises `ConfigurationError` when permissions is not a Hash
+  - Provides helpful error messages for developers
+  - Maintains backward compatibility for other validation scenarios
+- **Role Lookup Logic**: Optimized role permission checking with direct hash access
+  - Eliminated unnecessary array iteration in permission validation
+  - Improved performance for applications with many roles
+  - Maintains support for both string and integer role keys
+
+#### Bug Fixes
+
+- **Test Coverage**: Fixed `test_check_rbac_format?` test that was using old array format
+- **Key Resolution**: Fixed JWT payload key resolution bug in `rbac_last_update_timestamp` method
+- **Validation Logic**: Updated all validation tests to use new flat object format
+
+### 🏗️ Technical Details
+
+#### Architecture Changes
+
+- **RBAC Manager**: Updated `validate_rbac_cache_format` and `check_rbac_format?` methods
+  - Direct hash lookup: `permissions_data[role_id]` instead of array iteration
+  - Improved error handling with specific ConfigurationError exceptions
+  - Enhanced validation with clear developer feedback
+- **Exception Handling**: Re-raises ConfigurationError while preserving other error handling
+  - Developer errors bubble up for immediate attention
+  - Runtime errors (cache issues) are still handled gracefully
+  - Maintains existing debug logging for troubleshooting
+
+#### Performance Improvements
+
+- **O(1) Role Lookup**: Direct hash access for role permissions
+- **Reduced Memory**: Eliminated nested array structures
+- **Faster Validation**: Simplified permission checking logic
+
+#### Developer Experience
+
+- **Better Error Messages**: Clear configuration error descriptions
+```ruby
+# Example error message:
+"RBAC permissions must be a Hash with role-id keys, not Array. 
+Expected format: {\"role-id\": [\"resource:method\", ...]}, but got: Array"
+```
+- **Migration Support**: Catches common mistakes when upgrading cache format
+- **Improved Documentation**: Cleaner YARD output with better Markdown rendering
+
+### 📚 Documentation Updates
+
+- **README.md**: Updated RBAC cache format examples and specifications
+- **YARD Integration**: Fixed documentation rendering with Redcarpet Markdown processor
+- **Code Examples**: Updated all examples to use new flat object format
+
+### 🧪 Testing
+
+- **Test Coverage Maintained**: All tests updated to use new cache format
+- **Enhanced Validation**: Added tests for new configuration error scenarios
+- **Comprehensive Coverage**: Validated migration scenarios and edge cases
+
+### ⚠️ Migration Guide
+
+#### Updating RBAC Cache Format
+
+**Before (v1.0.x):**
+```ruby
+Rails.cache.write("permissions", {
+  'last_update' => Time.now.to_i,
+  'permissions' => [
+    { '123' => ['sales/invoices:get', 'sales/invoices:post'] },
+    { '456' => ['admin/*:*'] }
+  ]
+})
+```
+
+**After (v1.1.0+):**
+```ruby
+Rails.cache.write("permissions", {
+  'last_update' => Time.now.to_i,
+  'permissions' => {
+    '123' => ['sales/invoices:get', 'sales/invoices:post'],
+    '456' => ['admin/*:*']
+  }
+})
+```
+
+#### Benefits of Migration
+
+- **🚀 Better Performance**: O(1) role lookup instead of O(n) iteration
+- **🛠️ Easier Management**: Direct role access for permission updates
+- **📝 Cleaner Code**: Simpler data structure that's easier to understand and maintain
+
+---
+
 ## [1.0.2] - 2025-08-13
 
 ### 🔧 Fixed
@@ -249,5 +369,7 @@ This 1.0.0 release represents a production-ready JWT authentication middleware w
 
 **Deprecations**: None (initial release).
 
+[1.1.0]: https://github.com/kanutocd/rack_jwt_aegis/releases/tag/v1.1.0
+[1.0.2]: https://github.com/kanutocd/rack_jwt_aegis/releases/tag/v1.0.2
 [1.0.1]: https://github.com/kanutocd/rack_jwt_aegis/releases/tag/v1.0.1
 [1.0.0]: https://github.com/kanutocd/rack_jwt_aegis/releases/tag/v1.0.0

data/README.md

@@ -273,7 +273,7 @@ accessible_companies = RackJwtAegis::RequestContext.pathname_slugs(request.env)
 # => ["company-a", "company-b"]
 
 # Check if user has access to specific company
-has_access = RackJwtAegis::RequestContext.has_company_access?(request.env, "company-a")
+has_access = RackJwtAegis::RequestContext.has_pathname_slug_access?(request.env, "company-a")
 # => true
 
 # Helper methods for request objects
@@ -291,7 +291,7 @@ tenant_id = RackJwtAegis::RequestContext.current_tenant_id(request)
 - `pathname_slugs(env)` - Get array of accessible company slugs
 - `current_user_id(request)` - Helper for request objects
 - `current_tenant_id(request)` - Helper for request objects
-- `has_company_access?(env, slug)` - Check company access
+- `has_pathname_slug_access?(env, slug)` - Check company access
 
 ## JWT Payload Structure
 
@@ -439,31 +439,28 @@ When RBAC is enabled, the middleware expects permissions to be stored in the cac
 ```json
 {
   "last_update": 1640995200,
-  "permissions": [
-    {
-      "123": [
-        "sales/invoices:get",
-        "sales/invoices:post",
-        "%r{sales/invoices/\\d+}:get",
-        "%r{sales/invoices/\\d+}:put",
-        "users/*:get"
-      ]
-    },
-    {
-      "456": ["admin/*:*", "reports:get"]
-    }
-  ]
+  "permissions": {
+    "123": [
+      "sales/invoices:get",
+      "sales/invoices:post",
+      "%r{sales/invoices/\\d+}:get",
+      "%r{sales/invoices/\\d+}:put",
+      "users/*:get"
+    ],
+    "456": ["admin/*:*", "reports:get"]
+  }
 }
 ```
 
 ### Format Specification
 
 - **last_update**: Timestamp for cache invalidation
-- **permissions**: Array of role permission objects
-- **Role ID**: String or numeric identifier for user roles
-- **Permission Format**: `"resource-endpoint:http-method"`
-  - **resource-endpoint**: API path (literal string or regex pattern)
-  - **http-method**: `get`, `post`, `put`, `delete`, or `*` (wildcard)
+- **permissions**: Object containing direct role-to-permissions mapping:
+  - **Role ID** (key): String or numeric identifier
+  - **Permissions** (value): Array of permission strings
+  - **Permission Format**: `"resource-endpoint:http-method"`
+    - **resource-endpoint**: API path (literal string or regex pattern)
+    - **http-method**: `get`, `post`, `put`, `delete`, or `*` (wildcard)
 
 ### Permission Examples
 

data/lib/rack_jwt_aegis/debug_logger.rb

@@ -20,7 +20,7 @@ module RackJwtAegis
       timestamp = Time.now.strftime('%Y-%m-%d %H:%M:%S.%L')
 
       # Determine component name for log prefix
-      component_name = component || infer_component_name
+      component_name = component || self.class.name.split('::').last || 'RackJwtAegis'
 
       formatted_message = "[#{timestamp}] #{component_name}: #{message}"
 
@@ -31,21 +31,5 @@ module RackJwtAegis
         puts formatted_message
       end
     end
-
-    private
-
-    # Infer component name from class name
-    #
-    # @return [String] the inferred component name
-    def infer_component_name
-      case self.class.name
-      when /Middleware/
-        'RackJwtAegis'
-      when /RbacManager/
-        'RbacManager'
-      else
-        self.class.name.split('::').last || 'RackJwtAegis'
-      end
-    end
   end
 end

data/lib/rack_jwt_aegis/jwt_validator.rb

@@ -19,6 +19,7 @@ module RackJwtAegis
   # @example With multi-tenant validation
   #   config = Configuration.new(
   #     jwt_secret: 'your-secret',
+  #     validate_tenant_id: true,
   #     validate_subdomain: true,
   #     validate_pathname_slug: true
   #   )
@@ -95,21 +96,14 @@ module RackJwtAegis
     # @param payload [Hash] the JWT payload to validate
     # @raise [AuthenticationError] if required claims are missing
     def validate_required_claims(payload)
-      required_claims = []
-
       # Always require user identification
-      required_claims << @config.payload_key(:user_id)
-
-      # Multi-tenant validation requirements
-      if @config.validate_subdomain?
-        required_claims << @config.payload_key(:tenant_id)
-        required_claims << @config.payload_key(:subdomain)
-      end
-
+      required_claims = [@config.payload_key(:user_id)]
+      required_claims << @config.payload_key(:subdomain) if @config.validate_subdomain?
+      required_claims << @config.payload_key(:tenant_id) if @config.validate_tenant_id?
       required_claims << @config.payload_key(:pathname_slugs) if @config.validate_pathname_slug?
+      required_claims << @config.payload_key(:role_ids) if @config.rbac_enabled?
 
-      missing_claims = required_claims.select { |claim| payload[claim.to_s].nil? }
-
+      missing_claims = required_claims.select { |claim| payload[claim.to_s].to_s.empty? }
       return if missing_claims.empty?
 
       raise AuthenticationError, "JWT payload missing required claims: #{missing_claims.join(', ')}"
@@ -120,25 +114,24 @@ module RackJwtAegis
     # @param payload [Hash] the JWT payload to validate
     # @raise [AuthenticationError] if claim types are invalid
     def validate_claim_types(payload)
-      user_id_key = @config.payload_key(:user_id).to_s
-
+      user_id = payload[@config.payload_key(:user_id).to_s]
       # User ID should be numeric or string
-      if payload[user_id_key] && !payload[user_id_key].is_a?(Numeric) && !payload[user_id_key].is_a?(String)
+      if user_id.to_s.empty? || (!user_id.is_a?(Numeric) && !user_id.is_a?(String))
         raise AuthenticationError, 'Invalid user_id format in JWT payload'
       end
 
-      # Company group ID should be numeric or string (if present)
-      if @config.validate_subdomain?
-        tenant_id_key = @config.payload_key(:tenant_id).to_s
-        if payload[tenant_id_key] && !payload[tenant_id_key].is_a?(Numeric) && !payload[tenant_id_key].is_a?(String)
+      # Tenant ID should be numeric or string (if present)
+      if @config.validate_tenant_id?
+        tenant_id = payload[@config.payload_key(:tenant_id).to_s]
+        if tenant_id.to_s.empty? || (!tenant_id.is_a?(Numeric) && !tenant_id.is_a?(String))
           raise AuthenticationError, 'Invalid tenant_id format in JWT payload'
         end
       end
 
       # Company group domain should be string (if present)
       if @config.validate_subdomain?
-        company_domain_key = @config.payload_key(:subdomain).to_s
-        if payload[company_domain_key] && !payload[company_domain_key].is_a?(String)
+        subdomain = payload[@config.payload_key(:subdomain).to_s]
+        if subdomain.to_s.empty? || !subdomain.is_a?(String)
           raise AuthenticationError, 'Invalid subdomain format in JWT payload'
         end
       end
@@ -146,8 +139,8 @@ module RackJwtAegis
       # Company slugs should be array (if present)
       return unless @config.validate_pathname_slug?
 
-      pathname_slugs_key = @config.payload_key(:pathname_slugs).to_s
-      return unless payload[pathname_slugs_key] && !payload[pathname_slugs_key].is_a?(Array)
+      pathname_slugs = payload[@config.payload_key(:pathname_slugs).to_s]
+      return unless pathname_slugs && !pathname_slugs.is_a?(Array)
 
       raise AuthenticationError, 'Invalid pathname_slugs format in JWT payload - must be array'
     end

data/lib/rack_jwt_aegis/middleware.rb

@@ -19,6 +19,8 @@ module RackJwtAegis
   # @example Advanced usage
   #   use RackJwtAegis::Middleware, {
   #     jwt_secret: ENV['JWT_SECRET'],
+  #     validate_tenant_id: true,
+  #     validate_pathname_slug: true,
   #     validate_subdomain: true,
   #     rbac_enabled: true,
   #     cache_store: :redis,
@@ -142,7 +144,7 @@ module RackJwtAegis
     #
     # @return [Boolean] true if subdomain or pathname slug validation is enabled
     def multi_tenant_enabled?
-      @config.validate_subdomain? || @config.validate_pathname_slug?
+      @config.validate_tenant_id? || @config.validate_subdomain? || @config.validate_pathname_slug?
     end
 
     # Generate a string describing enabled features for logging
@@ -150,8 +152,9 @@ module RackJwtAegis
     # @return [String] comma-separated list of enabled features
     def enabled_features
       features = ['JWT']
+      features << 'TenantId' if @config.validate_tenant_id?
       features << 'Subdomain' if @config.validate_subdomain?
-      features << 'CompanySlug' if @config.validate_pathname_slug?
+      features << 'PathnameSlug' if @config.validate_pathname_slug?
       features << 'RBAC' if @config.rbac_enabled?
       features.join(', ')
     end

data/lib/rack_jwt_aegis/rbac_manager.rb

@@ -51,7 +51,7 @@ module RackJwtAegis
       has_permission = check_rbac_permission(user_id, request)
 
       # Cache the result if middleware has write access
-      cache_permission_result(permission_key, has_permission) if @permission_cache && @config.cache_write_enabled?
+      cache_permission_result(permission_key, has_permission)
 
       return if has_permission
 
@@ -83,23 +83,21 @@ module RackJwtAegis
     end
 
     def build_permission_key(user_id, request)
-      full_url = "#{request.host}#{request.path}"
-      "#{user_id}:#{full_url}:#{request.request_method.downcase}"
+      "#{user_id}:#{request.host}#{request.path}:#{request.request_method.downcase}"
     end
 
     def check_cached_permission(permission_key)
       return nil unless @permission_cache
 
       begin
-        # Get the user permissions cache using new format
+        # Get the cached user permissions
         user_permissions = @permission_cache.read('user_permissions')
         return nil if user_permissions.nil? || !user_permissions.is_a?(Hash)
 
         # First check: If RBAC permissions were updated recently, nuke ALL cached permissions
         rbac_last_update = rbac_last_update_timestamp
         if rbac_last_update
-          current_time = Time.now.to_i
-          rbac_update_age = current_time - rbac_last_update
+          rbac_update_age = Time.now.to_i - rbac_last_update
 
           # If RBAC was updated within the TTL period, all cached permissions are invalid
           if rbac_update_age <= @config.user_permissions_ttl
@@ -108,12 +106,11 @@ module RackJwtAegis
           end
         end
 
-        # Check if permission exists in new format: {"user_id:full_url:method" => timestamp}
+        # Check if permission exists in this format: {"user_id:full_url:method" => timestamp}
         cached_timestamp = user_permissions[permission_key]
         return nil unless cached_timestamp.is_a?(Integer)
 
-        current_time = Time.now.to_i
-        permission_age = current_time - cached_timestamp
+        permission_age = Time.now.to_i - cached_timestamp
 
         # Second check: TTL expiration
         if permission_age > @config.user_permissions_ttl
@@ -181,22 +178,23 @@ module RackJwtAegis
         return false
       end
 
-      # Check permissions for each user role
-      rbac_data['permissions'].each do |role_permissions|
-        user_roles.each do |role_id|
-          next unless role_permissions.key?(role_id.to_s) || role_permissions.key?(role_id.to_i)
+      # Get permissions object for direct lookup
+      permissions_data = rbac_data['permissions'] || rbac_data[:permissions]
 
-          permissions = role_permissions[role_id.to_s] || role_permissions[role_id.to_i]
-          matched_permission = find_matching_permission(permissions, request)
+      # Check permissions for each user role using direct lookup
+      user_roles.each do |role_id|
+        # Try both string and integer keys for role lookup
+        role_permissions = permissions_data[role_id.to_s] || permissions_data[role_id.to_i]
+        next unless role_permissions
 
-          next unless matched_permission
+        matched_permission = find_matching_permission(role_permissions, request)
+        next unless matched_permission
 
-          # Cache this specific permission match for faster future lookups
-          if @permission_cache && @config.cache_write_enabled?
-            cache_permission_match(user_id, request, role_id, matched_permission)
-          end
-          return true
+        # Cache this specific permission match for faster future lookups
+        if @permission_cache && @config.cache_write_enabled?
+          cache_permission_match(user_id, request, role_id, matched_permission)
         end
+        return true
       end
 
       false
@@ -208,7 +206,7 @@ module RackJwtAegis
 
       begin
         rbac_data = @rbac_cache.read('permissions')
-        if rbac_data.is_a?(Hash) && (rbac_data['last_update'] || rbac_data[:last_update])
+        if rbac_data.is_a?(Hash) && (rbac_data.key?('last_update') || rbac_data.key?(:last_update))
           return rbac_data['last_update'] || rbac_data[:last_update]
         end
 
@@ -393,9 +391,9 @@ module RackJwtAegis
     # Expected format:
     # {
     #   last_update: timestamp,
-    #   permissions: [
-    #     {role-id: ["{resource-endpoint}:{http-method}"]}
-    #   ]
+    #   permissions: {
+    #     "role-id": ["{resource-endpoint}:{http-method}"]
+    #   }
     # }
     def validate_rbac_cache_format(rbac_data)
       return false unless rbac_data.is_a?(Hash)
@@ -404,31 +402,35 @@ module RackJwtAegis
       return false unless rbac_data.key?('last_update') || rbac_data.key?(:last_update)
       return false unless rbac_data.key?('permissions') || rbac_data.key?(:permissions)
 
-      # Get permissions array
+      # Get permissions object (now expecting a Hash, not Array)
       permissions = rbac_data['permissions'] || rbac_data[:permissions]
-      return false unless permissions.is_a?(Array)
 
-      # Validate each permission entry
-      permissions.each do |permission_entry|
-        return false unless permission_entry.is_a?(Hash)
+      # If permissions is present but not a Hash, raise an exception to help developers
+      if !permissions.nil? && !permissions.is_a?(Hash)
+        raise ConfigurationError, "RBAC permissions must be a Hash with role-id keys, not #{permissions.class}. " \
+                                  "Expected format: {\"role-id\": [\"resource:method\", ...]}, " \
+                                  "but got: #{permissions.class}"
+      end
 
-        # Each entry should have at least one role-id key
-        return false if permission_entry.empty?
+      # Return false if permissions is nil (should not happen given the key check above, but defensive)
+      return false if permissions.nil?
 
-        # Validate permission values are arrays of strings
-        permission_entry.each_value do |role_permissions|
-          return false unless role_permissions.is_a?(Array)
+      # Validate each role's permissions
+      permissions.each_value do |role_permissions|
+        return false unless role_permissions.is_a?(Array)
 
-          # Each permission should be a string in format "endpoint:method"
-          role_permissions.each do |permission|
-            return false unless permission.is_a?(String)
-            # Permission must include ':' (resource:method format)
-            return false unless permission.include?(':')
-          end
+        # Each permission should be a string in format "endpoint:method"
+        role_permissions.each do |permission|
+          return false unless permission.is_a?(String)
+          # Permission must include ':' (resource:method format) or '*' (wildcard)
+          return false unless permission.include?(':') || permission.include?('*')
         end
       end
 
       true
+    rescue ConfigurationError
+      # Re-raise configuration errors so developers see them
+      raise
     rescue StandardError => e
       debug_log("RbacManager: Cache format validation error: #{e.message}", :warn)
       false

data/lib/rack_jwt_aegis/request_context.rb

@@ -100,42 +100,23 @@ module RackJwtAegis
       tenant_id(request.env)
     end
 
-    def self.has_company_access?(env, company_slug)
-      pathname_slugs(env).include?(company_slug)
+    def self.has_pathname_slug_access?(env, pathname_slug)
+      pathname_slugs(env).include?(pathname_slug)
     end
 
     private
 
     def set_user_context(env, payload)
-      user_id_key = @config.payload_key(:user_id).to_s
-      user_id = payload[user_id_key]
-
-      env[USER_ID_KEY] = user_id
+      env[USER_ID_KEY] = payload[@config.payload_key(:user_id).to_s]
     end
 
     def set_tenant_context(env, payload)
-      # Set company group information
-      if @config.validate_subdomain? || @config.payload_mapping.key?(:tenant_id)
-        tenant_id_key = @config.payload_key(:tenant_id).to_s
-        tenant_id = payload[tenant_id_key]
-        env[TENANT_ID_KEY] = tenant_id
-      end
-
-      if @config.validate_subdomain?
-        company_domain_key = @config.payload_key(:subdomain).to_s
-        company_domain = payload[company_domain_key]
-        env[SUBDOMAIN_KEY] = company_domain
-      end
-
-      # Set company slugs for sub-level tenant access
+      # Set multi-tenant information
+      env[TENANT_ID_KEY] = payload[@config.payload_key(:tenant_id).to_s] if @config.validate_tenant_id?
+      env[SUBDOMAIN_KEY] = payload[@config.payload_key(:subdomain).to_s] if @config.validate_subdomain?
       return unless @config.validate_pathname_slug? || @config.payload_mapping.key?(:pathname_slugs)
 
-      pathname_slugs_key = @config.payload_key(:pathname_slugs).to_s
-      pathname_slugs = payload[pathname_slugs_key]
-
-      # Ensure it's an array
-      pathname_slugs = Array(pathname_slugs) if pathname_slugs
-      env[PATHNAME_SLUGS_KEY] = pathname_slugs || []
+      env[PATHNAME_SLUGS_KEY] = Array(payload[@config.payload_key(:pathname_slugs).to_s]).flatten
     end
   end
 end

data/lib/rack_jwt_aegis/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RackJwtAegis
-  VERSION = '1.0.2'
+  VERSION = '1.1.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack_jwt_aegis
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 1.1.0
 platform: ruby
 authors:
 - Ken C. Demanawa