roo_on_rails 1.16.0 → 1.16.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +3 -10
- data/lib/roo_on_rails/rack/populate_env_from_jwt.rb +14 -9
- data/lib/roo_on_rails/railties/roo_identity.rb +7 -5
- data/lib/roo_on_rails/version.rb +1 -1
- data/lib/roo_on_rails.rb +1 -0
- data/roo_on_rails.gemspec +1 -3
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0c45afb42c3393f675d0574d777b6608f944bcbf
|
4
|
+
data.tar.gz: f26f2199515da7ab4399301fb9339676a2d8f1c0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 16aee8e01002df7a799569af74287305cc64d49f266c2d0ec09f57284a0a445059204c441d870fea6b2df46324fa59d0ced5b0fdfc0eb8bea96722a9f6284850
|
7
|
+
data.tar.gz: bc5068cbd59ec7fa2b69eb2425945fdca17a60ebc07eee44f2b05417ae6dd6944e2b5913afdda072c99cc7382e5a1a051c24a1bf259d782c11022a2c51f55c64
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -227,16 +227,9 @@ details.
|
|
227
227
|
|
228
228
|
### Identity
|
229
229
|
|
230
|
-
If your service wants to accept JWTs for identity claims, then
|
231
|
-
|
232
|
-
|
233
|
-
|
234
|
-
```ruby
|
235
|
-
require 'roo_on_rails/railties/roo_identity'
|
236
|
-
```
|
237
|
-
|
238
|
-
In non-development environments you must also set the `VALID_IDENTITY_URL_PREFIXES` environment
|
239
|
-
variable to be a comma separasted list of the URL prefixes which valid JWTs come from, eg:
|
230
|
+
If your service wants to accept JWTs for identity claims, then setting the
|
231
|
+
`VALID_IDENTITY_URL_PREFIXES` environment variable (to be a comma separasted list of the URL prefixes
|
232
|
+
which valid JWTs come from) will set everything up, eg:
|
240
233
|
|
241
234
|
```
|
242
235
|
https://deliveroo.co.uk/identity-keys/,https://identity.deliveroo.com/jwks/
|
@@ -6,22 +6,22 @@ module RooOnRails
|
|
6
6
|
module Rack
|
7
7
|
class PopulateEnvFromJWT
|
8
8
|
UnacceptableKeyError = Class.new(RuntimeError)
|
9
|
+
VALID_PREFIXES_KEY = 'VALID_IDENTITY_URL_PREFIXES'.freeze
|
10
|
+
|
11
|
+
def self.configured?
|
12
|
+
ENV[VALID_PREFIXES_KEY].present?
|
13
|
+
end
|
9
14
|
|
10
15
|
def initialize(app, logger:, skip_sig_verify: true)
|
11
16
|
@app = app
|
12
17
|
@keys = {}
|
13
18
|
@logger = logger
|
14
19
|
|
15
|
-
if skip_sig_verify &&
|
20
|
+
if skip_sig_verify && non_prod?
|
16
21
|
@logger.warn "JWTs signature verifification has been switched off in development."
|
17
22
|
@verify_sigs = false
|
18
23
|
else
|
19
24
|
@verify_sigs = true
|
20
|
-
@key_prefixes = ENV['VALID_IDENTITY_URL_PREFIXES'].split(',')
|
21
|
-
|
22
|
-
if @key_prefixes.empty?
|
23
|
-
raise "No identity service URLs have been set: ENV['VALID_IDENTITY_URL_PREFIXES']"
|
24
|
-
end
|
25
25
|
end
|
26
26
|
end
|
27
27
|
|
@@ -40,12 +40,17 @@ module RooOnRails
|
|
40
40
|
|
41
41
|
private
|
42
42
|
|
43
|
-
def
|
43
|
+
def key_prefixes
|
44
|
+
return [] unless self.class.configured?
|
45
|
+
ENV[VALID_PREFIXES_KEY].split(',')
|
46
|
+
end
|
47
|
+
|
48
|
+
def non_prod?
|
44
49
|
if ENV['RACK_ENV'].nil?
|
45
50
|
@logger.warn "Your RACK_ENV isn't set. You probably want it set to 'development' in dev."
|
46
51
|
end
|
47
52
|
|
48
|
-
ENV['RACK_ENV']
|
53
|
+
%w(development test).include? ENV['RACK_ENV']
|
49
54
|
end
|
50
55
|
|
51
56
|
# @raise [UnacceptableKeyError,Faraday::Error,OpenSSL::OpenSSLError] From `#public_key`
|
@@ -63,7 +68,7 @@ module RooOnRails
|
|
63
68
|
|
64
69
|
def acceptable_key?(key_url)
|
65
70
|
return false if key_url.nil?
|
66
|
-
|
71
|
+
key_prefixes.any? { |acceptable| key_url.starts_with?(acceptable) }
|
67
72
|
end
|
68
73
|
|
69
74
|
# @raise [UnacceptableKeyError] When the key URL is not from a trusted location
|
@@ -1,20 +1,22 @@
|
|
1
|
-
require 'roo_on_rails/
|
1
|
+
require 'roo_on_rails/rack/populate_env_from_jwt'
|
2
2
|
|
3
3
|
module RooOnRails
|
4
4
|
module Railties
|
5
5
|
class RooIdentity < Rails::Railtie
|
6
6
|
initializer 'roo_on_rails.roo_identity.middleware' do |app|
|
7
7
|
Rails.logger.with initializer: 'roo_on_rails.roo_identity' do |log|
|
8
|
-
|
9
|
-
|
8
|
+
if RooOnRails::Rack::PopulateEnvFromJWT.configured?
|
9
|
+
log.debug 'loading'
|
10
|
+
_add_middleware(app, log)
|
11
|
+
else
|
12
|
+
log.warn 'not configured, roo.identity will be unavailable'
|
13
|
+
end
|
10
14
|
end
|
11
15
|
end
|
12
16
|
|
13
17
|
private
|
14
18
|
|
15
19
|
def _add_middleware(app, log)
|
16
|
-
require 'roo_on_rails/rack/populate_env_from_jwt'
|
17
|
-
|
18
20
|
app.config.middleware.use RooOnRails::Rack::PopulateEnvFromJWT, logger: log
|
19
21
|
rescue LoadError
|
20
22
|
log.error 'the json-jwt gem is not in the bundle so Roo Identity will not be available'
|
data/lib/roo_on_rails/version.rb
CHANGED
data/lib/roo_on_rails.rb
CHANGED
data/roo_on_rails.gemspec
CHANGED
@@ -36,9 +36,7 @@ Gem::Specification.new do |spec|
|
|
36
36
|
spec.add_runtime_dependency 'faraday'
|
37
37
|
spec.add_runtime_dependency 'faraday_middleware'
|
38
38
|
spec.add_runtime_dependency 'routemaster-client'
|
39
|
-
|
40
|
-
# Optional gems you may add to your project
|
41
|
-
spec.add_development_dependency 'json-jwt', '~> 1.8'
|
39
|
+
spec.add_runtime_dependency 'json-jwt', '~> 1.8'
|
42
40
|
|
43
41
|
spec.add_development_dependency 'bundler', '~> 1.13'
|
44
42
|
spec.add_development_dependency 'rake', '~> 10.0'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: roo_on_rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.16.
|
4
|
+
version: 1.16.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Julien Letessier
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-11-
|
11
|
+
date: 2017-11-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dotenv-rails
|
@@ -233,7 +233,7 @@ dependencies:
|
|
233
233
|
- - "~>"
|
234
234
|
- !ruby/object:Gem::Version
|
235
235
|
version: '1.8'
|
236
|
-
type: :
|
236
|
+
type: :runtime
|
237
237
|
prerelease: false
|
238
238
|
version_requirements: !ruby/object:Gem::Requirement
|
239
239
|
requirements:
|