rails-vault-jwt 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 410f4ef7c6b7f8ce74ffed0d7d99c5ebe753151b9db6b5db1d218b7ecbbd8c18
4
+ data.tar.gz: cfc364e819fe4af7c31b905c4bb0b69b197ffe623655e4c6bf7778bdc0811cfe
5
+ SHA512:
6
+ metadata.gz: b55438c67edc9375487e8546254ab3b48da37a183d84a1374123976944b21f94a72904032e88957257bd43f8a8b7ef36996d588acc469010719d3caea1b921cc
7
+ data.tar.gz: 256f556c85fd42c8640d157063d338c25d886b34a61f7c69e4fb365f51ce9b846e78cd68ff117b948e6c3fcc69398614983eb1eb8d0fc87f0f75b747ef266be5
@@ -0,0 +1,30 @@
1
+ # This workflow uses actions that are not certified by GitHub.
2
+ # They are provided by a third-party and are governed by
3
+ # separate terms of service, privacy policy, and support
4
+ # documentation.
5
+ # This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
6
+ # For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
7
+
8
+ name: Build and test
9
+
10
+ on:
11
+ push:
12
+ branches: [ main ]
13
+ pull_request:
14
+ branches: [ main ]
15
+
16
+ jobs:
17
+ test:
18
+ name: Build + Test
19
+ runs-on: ubuntu-latest
20
+
21
+ steps:
22
+ - uses: actions/checkout@v2
23
+ - name: Set up Ruby
24
+ uses: ruby/setup-ruby@v1
25
+ with:
26
+ ruby-version: 2.6.6
27
+ - name: Install dependencies
28
+ run: bundle install
29
+ - name: Run tests
30
+ run: bundle exec rake
@@ -0,0 +1,41 @@
1
+ name: Push gem
2
+
3
+ on:
4
+ push:
5
+ tags:
6
+ - v*
7
+
8
+ jobs:
9
+ build:
10
+ name: Build + Publish
11
+ runs-on: ubuntu-latest
12
+
13
+ steps:
14
+ - uses: actions/checkout@v2
15
+ - name: Set up Ruby 2.6
16
+ uses: actions/setup-ruby@v1
17
+ with:
18
+ ruby-version: 2.6.6
19
+
20
+ # - name: Publish to GPR
21
+ # run: |
22
+ # mkdir -p $HOME/.gem
23
+ # touch $HOME/.gem/credentials
24
+ # chmod 0600 $HOME/.gem/credentials
25
+ # printf -- "---\n:github: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
26
+ # gem build *.gemspec
27
+ # gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem
28
+ # env:
29
+ # GEM_HOST_API_KEY: "Bearer ${{secrets.GITHUB_TOKEN}}"
30
+ # OWNER: ${{ github.repository_owner }}
31
+
32
+ - name: Publish to RubyGems
33
+ run: |
34
+ mkdir -p $HOME/.gem
35
+ touch $HOME/.gem/credentials
36
+ chmod 0600 $HOME/.gem/credentials
37
+ printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
38
+ gem build *.gemspec
39
+ gem push *.gem
40
+ env:
41
+ GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_AUTH_TOKEN}}"
@@ -0,0 +1,11 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /_yardoc/
4
+ /coverage/
5
+ /doc/
6
+ /pkg/
7
+ /spec/reports/
8
+ /tmp/
9
+
10
+ # rspec failure tracking
11
+ .rspec_status
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --format documentation
2
+ --color
3
+ --require spec_helper
@@ -0,0 +1,40 @@
1
+ inherit_from: .rubocop_todo.yml
2
+
3
+ AllCops:
4
+ NewCops: enable
5
+
6
+ Layout/FirstHashElementIndentation:
7
+ EnforcedStyle: consistent
8
+
9
+ Layout/SpaceInsideHashLiteralBraces:
10
+ EnforcedStyle: space
11
+
12
+ Lint/EmptyBlock:
13
+ Exclude:
14
+ - 'spec/**/*_spec.rb'
15
+
16
+ Metrics/BlockLength:
17
+ Max: 30
18
+ Exclude:
19
+ - 'spec/**/*'
20
+
21
+ Metrics/CyclomaticComplexity:
22
+ Max: 10
23
+
24
+ Metrics/MethodLength:
25
+ Max: 15
26
+ Exclude:
27
+ - 'spec/**/*_spec.rb'
28
+
29
+ Style/Documentation:
30
+ Exclude:
31
+ - 'spec/**/*'
32
+
33
+ Style/SpecialGlobalVars:
34
+ EnforcedStyle: use_perl_names
35
+
36
+ Style/SymbolArray:
37
+ EnforcedStyle: brackets
38
+
39
+ Style/WordArray:
40
+ EnforcedStyle: brackets
@@ -0,0 +1,7 @@
1
+ # This configuration was generated by
2
+ # `rubocop --auto-gen-config`
3
+ # on 2021-01-04 00:19:10 UTC using RuboCop version 1.7.0.
4
+ # The point is for the user to remove these configuration records
5
+ # one by one as the offenses are removed from the code base.
6
+ # Note that changes in the inspected code, or installation of new
7
+ # versions of RuboCop, may require this file to be generated again.
@@ -0,0 +1 @@
1
+ rails-vault-jwt
@@ -0,0 +1 @@
1
+ ruby-2.6.6
@@ -0,0 +1,7 @@
1
+ ---
2
+ sudo: false
3
+ language: ruby
4
+ cache: bundler
5
+ rvm:
6
+ - 2.6.6
7
+ before_install: gem install bundler -v 1.17.3
@@ -0,0 +1,11 @@
1
+ # Changelog
2
+ All notable changes to this project will be documented in this file.
3
+
4
+ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
5
+ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
6
+
7
+ ## [Unreleased]
8
+
9
+ ## [0.1.0] - 2021-01-17
10
+ ### Added
11
+ - Initial commit
@@ -0,0 +1,74 @@
1
+ # Contributor Covenant Code of Conduct
2
+
3
+ ## Our Pledge
4
+
5
+ In the interest of fostering an open and welcoming environment, we as
6
+ contributors and maintainers pledge to making participation in our project and
7
+ our community a harassment-free experience for everyone, regardless of age, body
8
+ size, disability, ethnicity, gender identity and expression, level of experience,
9
+ nationality, personal appearance, race, religion, or sexual identity and
10
+ orientation.
11
+
12
+ ## Our Standards
13
+
14
+ Examples of behavior that contributes to creating a positive environment
15
+ include:
16
+
17
+ * Using welcoming and inclusive language
18
+ * Being respectful of differing viewpoints and experiences
19
+ * Gracefully accepting constructive criticism
20
+ * Focusing on what is best for the community
21
+ * Showing empathy towards other community members
22
+
23
+ Examples of unacceptable behavior by participants include:
24
+
25
+ * The use of sexualized language or imagery and unwelcome sexual attention or
26
+ advances
27
+ * Trolling, insulting/derogatory comments, and personal or political attacks
28
+ * Public or private harassment
29
+ * Publishing others' private information, such as a physical or electronic
30
+ address, without explicit permission
31
+ * Other conduct which could reasonably be considered inappropriate in a
32
+ professional setting
33
+
34
+ ## Our Responsibilities
35
+
36
+ Project maintainers are responsible for clarifying the standards of acceptable
37
+ behavior and are expected to take appropriate and fair corrective action in
38
+ response to any instances of unacceptable behavior.
39
+
40
+ Project maintainers have the right and responsibility to remove, edit, or
41
+ reject comments, commits, code, wiki edits, issues, and other contributions
42
+ that are not aligned to this Code of Conduct, or to ban temporarily or
43
+ permanently any contributor for other behaviors that they deem inappropriate,
44
+ threatening, offensive, or harmful.
45
+
46
+ ## Scope
47
+
48
+ This Code of Conduct applies both within project spaces and in public spaces
49
+ when an individual is representing the project or its community. Examples of
50
+ representing a project or community include using an official project e-mail
51
+ address, posting via an official social media account, or acting as an appointed
52
+ representative at an online or offline event. Representation of a project may be
53
+ further defined and clarified by project maintainers.
54
+
55
+ ## Enforcement
56
+
57
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be
58
+ reported by contacting the project team at Datanuggets. All
59
+ complaints will be reviewed and investigated and will result in a response that
60
+ is deemed necessary and appropriate to the circumstances. The project team is
61
+ obligated to maintain confidentiality with regard to the reporter of an incident.
62
+ Further details of specific enforcement policies may be posted separately.
63
+
64
+ Project maintainers who do not follow or enforce the Code of Conduct in good
65
+ faith may face temporary or permanent repercussions as determined by other
66
+ members of the project's leadership.
67
+
68
+ ## Attribution
69
+
70
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71
+ available at [https://contributor-covenant.org/version/1/4][version]
72
+
73
+ [homepage]: https://contributor-covenant.org
74
+ [version]: https://contributor-covenant.org/version/1/4/
data/Gemfile ADDED
@@ -0,0 +1,18 @@
1
+ # frozen_string_literal: true
2
+
3
+ source 'https://rubygems.org'
4
+
5
+ git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
6
+
7
+ # Specify your gem's dependencies in rails-vault-jwt.gemspec
8
+ gemspec
9
+
10
+ group :development, :test do
11
+ gem 'rubocop', '~> 1.7'
12
+ gem 'rubocop-rake', '~> 0.5'
13
+ gem 'rubocop-rspec', '~> 2.1'
14
+ end
15
+
16
+ group :test do
17
+ gem 'simplecov', '~> 0.19', require: false
18
+ end
@@ -0,0 +1,126 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ rails-vault-jwt (0.1.0)
5
+ activesupport (~> 6.1)
6
+ jwt (~> 2.2)
7
+ vault (~> 0.15)
8
+
9
+ GEM
10
+ remote: https://rubygems.org/
11
+ specs:
12
+ actionpack (6.1.0)
13
+ actionview (= 6.1.0)
14
+ activesupport (= 6.1.0)
15
+ rack (~> 2.0, >= 2.0.9)
16
+ rack-test (>= 0.6.3)
17
+ rails-dom-testing (~> 2.0)
18
+ rails-html-sanitizer (~> 1.0, >= 1.2.0)
19
+ actionview (6.1.0)
20
+ activesupport (= 6.1.0)
21
+ builder (~> 3.1)
22
+ erubi (~> 1.4)
23
+ rails-dom-testing (~> 2.0)
24
+ rails-html-sanitizer (~> 1.1, >= 1.2.0)
25
+ activesupport (6.1.0)
26
+ concurrent-ruby (~> 1.0, >= 1.0.2)
27
+ i18n (>= 1.6, < 2)
28
+ minitest (>= 5.1)
29
+ tzinfo (~> 2.0)
30
+ zeitwerk (~> 2.3)
31
+ ast (2.4.1)
32
+ aws-eventstream (1.1.0)
33
+ aws-sigv4 (1.2.2)
34
+ aws-eventstream (~> 1, >= 1.0.2)
35
+ builder (3.2.4)
36
+ concurrent-ruby (1.1.7)
37
+ crass (1.0.6)
38
+ diff-lcs (1.4.4)
39
+ docile (1.3.4)
40
+ erubi (1.10.0)
41
+ i18n (1.8.7)
42
+ concurrent-ruby (~> 1.0)
43
+ jwt (2.2.2)
44
+ loofah (2.9.0)
45
+ crass (~> 1.0.2)
46
+ nokogiri (>= 1.5.9)
47
+ mini_portile2 (2.5.0)
48
+ minitest (5.14.3)
49
+ nokogiri (1.11.1)
50
+ mini_portile2 (~> 2.5.0)
51
+ racc (~> 1.4)
52
+ parallel (1.20.1)
53
+ parser (3.0.0.0)
54
+ ast (~> 2.4.1)
55
+ racc (1.5.2)
56
+ rack (2.2.3)
57
+ rack-test (1.1.0)
58
+ rack (>= 1.0, < 3)
59
+ rails-dom-testing (2.0.3)
60
+ activesupport (>= 4.2.0)
61
+ nokogiri (>= 1.6)
62
+ rails-html-sanitizer (1.3.0)
63
+ loofah (~> 2.3)
64
+ rainbow (3.0.0)
65
+ rake (12.3.3)
66
+ regexp_parser (2.0.3)
67
+ rexml (3.2.4)
68
+ rspec (3.10.0)
69
+ rspec-core (~> 3.10.0)
70
+ rspec-expectations (~> 3.10.0)
71
+ rspec-mocks (~> 3.10.0)
72
+ rspec-core (3.10.1)
73
+ rspec-support (~> 3.10.0)
74
+ rspec-expectations (3.10.1)
75
+ diff-lcs (>= 1.2.0, < 2.0)
76
+ rspec-support (~> 3.10.0)
77
+ rspec-mocks (3.10.1)
78
+ diff-lcs (>= 1.2.0, < 2.0)
79
+ rspec-support (~> 3.10.0)
80
+ rspec-support (3.10.1)
81
+ rubocop (1.7.0)
82
+ parallel (~> 1.10)
83
+ parser (>= 2.7.1.5)
84
+ rainbow (>= 2.2.2, < 4.0)
85
+ regexp_parser (>= 1.8, < 3.0)
86
+ rexml
87
+ rubocop-ast (>= 1.2.0, < 2.0)
88
+ ruby-progressbar (~> 1.7)
89
+ unicode-display_width (>= 1.4.0, < 2.0)
90
+ rubocop-ast (1.4.0)
91
+ parser (>= 2.7.1.5)
92
+ rubocop-rake (0.5.1)
93
+ rubocop
94
+ rubocop-rspec (2.1.0)
95
+ rubocop (~> 1.0)
96
+ rubocop-ast (>= 1.1.0)
97
+ ruby-progressbar (1.11.0)
98
+ simplecov (0.21.0)
99
+ docile (~> 1.1)
100
+ simplecov-html (~> 0.11)
101
+ simplecov_json_formatter (~> 0.1)
102
+ simplecov-html (0.12.3)
103
+ simplecov_json_formatter (0.1.2)
104
+ tzinfo (2.0.4)
105
+ concurrent-ruby (~> 1.0)
106
+ unicode-display_width (1.7.0)
107
+ vault (0.15.0)
108
+ aws-sigv4
109
+ zeitwerk (2.4.2)
110
+
111
+ PLATFORMS
112
+ ruby
113
+
114
+ DEPENDENCIES
115
+ actionpack (~> 6.1)
116
+ bundler (~> 1.17)
117
+ rails-vault-jwt!
118
+ rake (~> 12.3)
119
+ rspec (~> 3.0)
120
+ rubocop (~> 1.7)
121
+ rubocop-rake (~> 0.5)
122
+ rubocop-rspec (~> 2.1)
123
+ simplecov (~> 0.19)
124
+
125
+ BUNDLED WITH
126
+ 1.17.3
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2021 Datanuggets
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
@@ -0,0 +1,43 @@
1
+ # Rails::Vault::Jwt
2
+
3
+ Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/rails/vault/jwt`. To experiment with that code, run `bin/console` for an interactive prompt.
4
+
5
+ TODO: Delete this and the text above, and describe your gem
6
+
7
+ ## Installation
8
+
9
+ Add this line to your application's Gemfile:
10
+
11
+ ```ruby
12
+ gem 'rails-vault-jwt'
13
+ ```
14
+
15
+ And then execute:
16
+
17
+ $ bundle
18
+
19
+ Or install it yourself as:
20
+
21
+ $ gem install rails-vault-jwt
22
+
23
+ ## Usage
24
+
25
+ TODO: Write usage instructions here
26
+
27
+ ## Development
28
+
29
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
30
+
31
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
32
+
33
+ ## Contributing
34
+
35
+ Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/rails-vault-jwt. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
36
+
37
+ ## License
38
+
39
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
40
+
41
+ ## Code of Conduct
42
+
43
+ Everyone interacting in the Rails::Vault::Jwt project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/rails-vault-jwt/blob/master/CODE_OF_CONDUCT.md).
@@ -0,0 +1,8 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'bundler/gem_tasks'
4
+ require 'rspec/core/rake_task'
5
+
6
+ RSpec::Core::RakeTask.new(:spec)
7
+
8
+ task default: :spec
@@ -0,0 +1,15 @@
1
+ #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
3
+
4
+ require 'bundler/setup'
5
+ require 'rails/vault/jwt'
6
+
7
+ # You can add fixtures and/or initialization code here to make experimenting
8
+ # with your gem easier. You can also use a different console, if you like.
9
+
10
+ # (If you use this, don't forget to add pry to your Gemfile!)
11
+ # require "pry"
12
+ # Pry.start
13
+
14
+ require 'irb'
15
+ IRB.start(__FILE__)
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,29 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'rails/vault/jwt/concerns/auth_required'
4
+ require 'rails/vault/jwt/config'
5
+ require 'rails/vault/jwt/decoder'
6
+ require 'rails/vault/jwt/key_provider'
7
+ require 'rails/vault/jwt/token_provider/base_provider'
8
+ require 'rails/vault/jwt/token_provider/role_id'
9
+ require 'rails/vault/jwt/version'
10
+
11
+ module Rails
12
+ module Vault
13
+ module JWT
14
+ class Error < StandardError; end
15
+
16
+ class << self
17
+ def configure
18
+ @config = Config.new
19
+ yield(@config) if block_given?
20
+ @config
21
+ end
22
+
23
+ def config
24
+ @config || configure
25
+ end
26
+ end
27
+ end
28
+ end
29
+ end
@@ -0,0 +1,49 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'active_support'
4
+
5
+ module Rails
6
+ module Vault
7
+ module JWT
8
+ module Concerns
9
+ module AuthRequired
10
+ extend ActiveSupport::Concern
11
+
12
+ included do
13
+ before_action :authenticate_request!
14
+ end
15
+
16
+ protected
17
+
18
+ def authenticate_request!
19
+ unless token_valid?
20
+ render json: { errors: ['Not Authenticated'] }, status: :unauthorized
21
+ nil
22
+ end
23
+ rescue ::JWT::VerificationError, ::JWT::DecodeError
24
+ render json: { errors: ['Not Authenticated'] }, status: :unauthorized
25
+ end
26
+
27
+ private
28
+
29
+ def http_token
30
+ @http_token ||= (request.headers['Authorization'].split.last if request.headers['Authorization'].present?)
31
+ end
32
+
33
+ def auth_token
34
+ @auth_token ||= JWT::Decoder.decode(http_token)
35
+ end
36
+
37
+ def token_valid?
38
+ http_token && auth_token && !token_expired?
39
+ end
40
+
41
+ def token_expired?
42
+ exp = auth_token[:exp].to_i
43
+ DateTime.now.to_time.to_i > exp
44
+ end
45
+ end
46
+ end
47
+ end
48
+ end
49
+ end
@@ -0,0 +1,25 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'forwardable'
4
+
5
+ module Rails
6
+ module Vault
7
+ module JWT
8
+ class Config
9
+ extend Forwardable
10
+ attr_accessor :cache
11
+ attr_reader :token_provider
12
+
13
+ def token_provider=(value)
14
+ @token_provider = if value.is_a? Class
15
+ value.new
16
+ else
17
+ value
18
+ end
19
+ end
20
+
21
+ def_delegators :@token_provider, :token
22
+ end
23
+ end
24
+ end
25
+ end
@@ -0,0 +1,39 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'active_support/core_ext/hash/indifferent_access'
4
+ require 'base64'
5
+ require 'jwt'
6
+
7
+ module Rails
8
+ module Vault
9
+ module JWT
10
+ module Decoder
11
+ class << self
12
+ def decode(token)
13
+ HashWithIndifferentAccess.new(::JWT.decode(
14
+ token,
15
+ nil,
16
+ true,
17
+ {
18
+ algorithms: ['RS256', 'RS512'],
19
+ jwks: key_provider.keys(issuer(token))
20
+ }
21
+ )[0])
22
+ rescue StandardError
23
+ nil
24
+ end
25
+
26
+ def issuer(token)
27
+ parts = token.split('.')
28
+ body = HashWithIndifferentAccess.new(JSON.parse(Base64.decode64(parts[1])))
29
+ body[:iss]
30
+ end
31
+
32
+ def key_provider
33
+ @key_provider ||= KeyProvider.new
34
+ end
35
+ end
36
+ end
37
+ end
38
+ end
39
+ end
@@ -0,0 +1,31 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'json'
4
+ require 'net/http'
5
+
6
+ module Rails
7
+ module Vault
8
+ module JWT
9
+ class KeyProvider
10
+ def initialize(cache = nil)
11
+ @cache = cache || Rails::Vault::JWT.config.cache
12
+ end
13
+
14
+ def keys(issuer)
15
+ if @cache.respond_to?(:fetch)
16
+ @cache.fetch("keys/#{issuer}", expires_in: 5.minutes) do
17
+ fetch_keys issuer
18
+ end
19
+ else
20
+ fetch_keys issuer
21
+ end
22
+ end
23
+
24
+ def fetch_keys(issuer)
25
+ raw = Net::HTTP.get URI.parse(issuer)
26
+ JSON.parse raw, symbolize_names: true
27
+ end
28
+ end
29
+ end
30
+ end
31
+ end
@@ -0,0 +1,48 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'vault'
4
+
5
+ module Rails
6
+ module Vault
7
+ module JWT
8
+ module TokenProvider
9
+ class BaseProvider
10
+ attr_reader :expire_time
11
+
12
+ def initialize(*_args)
13
+ @expire_time = DateTime.now
14
+ end
15
+
16
+ def auth; end
17
+
18
+ def token
19
+ unless token_valid?
20
+ auth_data = auth
21
+ @token = auth_data.client_token
22
+ @expire_time = DateTime.now + (auth_data.lease_duration / 86_400.0)
23
+ client.token = @token
24
+ end
25
+
26
+ @token
27
+ end
28
+
29
+ def token_expired?
30
+ DateTime.now > @expire_time
31
+ end
32
+
33
+ def token_life_remaining
34
+ (@expire_time - DateTime.now) * 86_400.0
35
+ end
36
+
37
+ def token_valid?
38
+ !@token.nil? && !token_expired?
39
+ end
40
+
41
+ def client
42
+ @client ||= ::Vault::Client.new
43
+ end
44
+ end
45
+ end
46
+ end
47
+ end
48
+ end
@@ -0,0 +1,24 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Rails
4
+ module Vault
5
+ module JWT
6
+ module TokenProvider
7
+ class RoleID < BaseProvider
8
+ def initialize(*args, mount_name: 'approle', role_id: nil, secret_id: nil, token_ttl: '5m')
9
+ super
10
+ @mount_name = mount_name
11
+ @role_id = role_id || ENV.fetch('ROLE_ID')
12
+ @secret_id = secret_id || ENV.fetch('SECRET_ID')
13
+ @token_ttl = token_ttl
14
+ end
15
+
16
+ def auth
17
+ client.logical.write("auth/#{@mount_name}/login", role_id: @role_id, secret_id: @secret_id,
18
+ ttl: @token_ttl)&.auth
19
+ end
20
+ end
21
+ end
22
+ end
23
+ end
24
+ end
@@ -0,0 +1,9 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Rails
4
+ module Vault
5
+ module JWT
6
+ VERSION = '0.1.0'
7
+ end
8
+ end
9
+ end
@@ -0,0 +1,48 @@
1
+ # frozen_string_literal: true
2
+
3
+ lib = File.expand_path('lib', __dir__)
4
+ $:.unshift(lib) unless $:.include?(lib)
5
+ require 'rails/vault/jwt/version'
6
+
7
+ Gem::Specification.new do |spec|
8
+ spec.name = 'rails-vault-jwt'
9
+ spec.version = Rails::Vault::JWT::VERSION
10
+ spec.authors = ['Nick King']
11
+ spec.email = ['penguin@frozendesert.net']
12
+
13
+ spec.summary = 'Provides rails concerns for validating vault-issued JWT tokens'
14
+ # spec.description = %q{TODO: Write a longer description or delete this line.}
15
+ spec.homepage = 'https://github.com/datanuggets/rails-vault-jwt'
16
+ spec.license = 'MIT'
17
+ spec.required_ruby_version = '>= 2.6.0'
18
+
19
+ # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
20
+ # to allow pushing to a single host or delete this section to allow pushing to any host.
21
+ if spec.respond_to?(:metadata)
22
+ spec.metadata['allowed_push_host'] = 'https://rubygems.org'
23
+
24
+ spec.metadata['homepage_uri'] = spec.homepage
25
+ spec.metadata['source_code_uri'] = 'https://github.com/datanuggets/rails-vault-jwt'
26
+ spec.metadata['changelog_uri'] = 'https://github.com/datanuggets/rails-vault-jwt/blob/main/CHANGELOG.md'
27
+ else
28
+ raise 'RubyGems 2.0 or newer is required to protect against ' \
29
+ 'public gem pushes.'
30
+ end
31
+
32
+ # Specify which files should be added to the gem when it is released.
33
+ # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
34
+ spec.files = Dir.chdir(File.expand_path(__dir__)) do
35
+ `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
36
+ end
37
+ spec.bindir = 'exe'
38
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
39
+ spec.require_paths = ['lib']
40
+
41
+ spec.add_dependency 'activesupport', '~> 6.1'
42
+ spec.add_dependency 'jwt', '~> 2.2'
43
+ spec.add_dependency 'vault', '~> 0.15'
44
+ spec.add_development_dependency 'actionpack', '~> 6.1'
45
+ spec.add_development_dependency 'bundler', '~> 1.17'
46
+ spec.add_development_dependency 'rake', '~> 12.3'
47
+ spec.add_development_dependency 'rspec', '~> 3.0'
48
+ end
metadata ADDED
@@ -0,0 +1,172 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: rails-vault-jwt
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Nick King
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2021-01-18 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: activesupport
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '6.1'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '6.1'
27
+ - !ruby/object:Gem::Dependency
28
+ name: jwt
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '2.2'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '2.2'
41
+ - !ruby/object:Gem::Dependency
42
+ name: vault
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '0.15'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '0.15'
55
+ - !ruby/object:Gem::Dependency
56
+ name: actionpack
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '6.1'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '6.1'
69
+ - !ruby/object:Gem::Dependency
70
+ name: bundler
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '1.17'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '1.17'
83
+ - !ruby/object:Gem::Dependency
84
+ name: rake
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '12.3'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '12.3'
97
+ - !ruby/object:Gem::Dependency
98
+ name: rspec
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: '3.0'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '3.0'
111
+ description:
112
+ email:
113
+ - penguin@frozendesert.net
114
+ executables: []
115
+ extensions: []
116
+ extra_rdoc_files: []
117
+ files:
118
+ - ".github/workflows/build_and_test.yml"
119
+ - ".github/workflows/push_gem.yml"
120
+ - ".gitignore"
121
+ - ".rspec"
122
+ - ".rubocop.yml"
123
+ - ".rubocop_todo.yml"
124
+ - ".ruby-gemset"
125
+ - ".ruby-version"
126
+ - ".travis.yml"
127
+ - CHANGELOG.md
128
+ - CODE_OF_CONDUCT.md
129
+ - Gemfile
130
+ - Gemfile.lock
131
+ - LICENSE.txt
132
+ - README.md
133
+ - Rakefile
134
+ - bin/console
135
+ - bin/setup
136
+ - lib/rails/vault/jwt.rb
137
+ - lib/rails/vault/jwt/concerns/auth_required.rb
138
+ - lib/rails/vault/jwt/config.rb
139
+ - lib/rails/vault/jwt/decoder.rb
140
+ - lib/rails/vault/jwt/key_provider.rb
141
+ - lib/rails/vault/jwt/token_provider/base_provider.rb
142
+ - lib/rails/vault/jwt/token_provider/role_id.rb
143
+ - lib/rails/vault/jwt/version.rb
144
+ - rails-vault-jwt.gemspec
145
+ homepage: https://github.com/datanuggets/rails-vault-jwt
146
+ licenses:
147
+ - MIT
148
+ metadata:
149
+ allowed_push_host: https://rubygems.org
150
+ homepage_uri: https://github.com/datanuggets/rails-vault-jwt
151
+ source_code_uri: https://github.com/datanuggets/rails-vault-jwt
152
+ changelog_uri: https://github.com/datanuggets/rails-vault-jwt/blob/main/CHANGELOG.md
153
+ post_install_message:
154
+ rdoc_options: []
155
+ require_paths:
156
+ - lib
157
+ required_ruby_version: !ruby/object:Gem::Requirement
158
+ requirements:
159
+ - - ">="
160
+ - !ruby/object:Gem::Version
161
+ version: 2.6.0
162
+ required_rubygems_version: !ruby/object:Gem::Requirement
163
+ requirements:
164
+ - - ">="
165
+ - !ruby/object:Gem::Version
166
+ version: '0'
167
+ requirements: []
168
+ rubygems_version: 3.0.3
169
+ signing_key:
170
+ specification_version: 4
171
+ summary: Provides rails concerns for validating vault-issued JWT tokens
172
+ test_files: []