ruby_jwk 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 23921b96849d38f01a575f59134abbe026c6848c1cbc4c460c27d92bcf77a809
+  data.tar.gz: b787be04a11e0ffbf0fe9f3c1418747589f60563a7067e8910a741b6b56a6335
+SHA512:
+  metadata.gz: 1dab2c10dcb374bd786b21e244105bd1ef391416838f5736d6fc168a8dcf57a5ac19e3aaabeb37968f230a6bf8fd26b6e49cbb0e9027b79342443bdeaa06d400
+  data.tar.gz: d06b10422d2f8b94def06b55fe6653c818535bed789c83f5cafaf06ed74ca3807bded3fa14d2161f4294aea985cde3c653abb856e9764a3e40dfb18a0fc955b2

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2022 karthikeyan
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,28 @@
+# RubyJwk
+Authenticate JWKs via public JWT enspoint
+
+## Usage
+How to use my plugin.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'ruby_jwk'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install ruby_jwk
+```
+
+## Contributing
+Contribution directions go here.
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+require "bundler/setup"
+
+APP_RAKEFILE = File.expand_path("spec/dummy/Rakefile", __dir__)
+load "rails/tasks/engine.rake"
+
+load "rails/tasks/statistics.rake"
+
+require "bundler/gem_tasks"

data/app/assets/config/ruby_jwk_manifest.js

@@ -0,0 +1 @@
+//= link_directory ../stylesheets/ruby_jwk .css

data/app/assets/stylesheets/ruby_jwk/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/concerns/ruby_jwk/authenticate.rb

@@ -0,0 +1,58 @@
+module RubyJwk
+  module Authenticate
+    def authenticate_tenant!
+      return if RubyJwk.skip_issuers.to_a.include?(payload[:iss])
+
+      JWT.decode(token, nil, true, { algorithm: 'RS256', jwks: jwk_loader})
+    rescue JWT::DecodeError => e
+      render status: 401, json: error_response_template("Authentication failed! - #{e.message}")
+    end
+
+    def jwt_payload
+      @jwt_payload ||= JWT.decode(token, nil, false).first
+    rescue JWT::DecodeError => e
+      render status: 401, json: error_response_template("Authentication failed! - #{e.message}")
+    end
+
+    private
+
+    # invalidate becomes true when kid not found
+    def jwk_loader
+      ->(options) do
+        fetch_jwks(options[:invalidate])
+      end
+    end
+
+    def fetch_jwks(force = false)
+      Rails.cache.fetch("#{tenant_name}_JWKS", force: force) do
+        res = HTTParty.get(RubyJwk.jwk_url.gsub(':tenant_name', tenant_name))
+        res.code == 200 ? res.parsed_response : {}
+      end
+    end
+
+    def tenant_name
+      @payload.fetch('tenant')
+    end
+
+    def error_response_template(msg)
+      {
+        error: {
+          status: 401,
+          message: msg,
+          errors: nil,
+          code: nil
+        }
+      }
+    end
+
+    def auth_header
+      request.headers['Authorization'].to_s
+    end
+
+    def token
+      return unless auth_header.starts_with?('Bearer ')
+
+      auth_header.to_s.gsub('Bearer ', '')
+    end
+  end
+end

data/app/controllers/ruby_jwk/application_controller.rb

@@ -0,0 +1,7 @@
+module RubyJwk
+  class ApplicationController < ::ApplicationController
+    def authenticate_tenant!
+      byebug
+    end
+  end
+end

data/app/helpers/ruby_jwk/application_helper.rb

@@ -0,0 +1,4 @@
+module RubyJwk
+  module ApplicationHelper
+  end
+end

data/app/jobs/ruby_jwk/application_job.rb

@@ -0,0 +1,4 @@
+module RubyJwk
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/ruby_jwk/application_mailer.rb

@@ -0,0 +1,6 @@
+module RubyJwk
+  class ApplicationMailer < ActionMailer::Base
+    default from: 'from@example.com'
+    layout 'mailer'
+  end
+end

data/app/models/ruby_jwk/application_record.rb

@@ -0,0 +1,5 @@
+module RubyJwk
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/views/layouts/ruby_jwk/application.html.erb

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Ruby jwk</title>
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+
+  <%= stylesheet_link_tag    "ruby_jwk/application", media: "all" %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/routes.rb

@@ -0,0 +1,2 @@
+RubyJwk::Engine.routes.draw do
+end

data/lib/ruby_jwk/engine.rb

@@ -0,0 +1,5 @@
+module RubyJwk
+  class Engine < ::Rails::Engine
+    isolate_namespace RubyJwk
+  end
+end

data/lib/ruby_jwk/version.rb

@@ -0,0 +1,3 @@
+module RubyJwk
+  VERSION = '0.1.0'
+end

data/lib/ruby_jwk.rb

@@ -0,0 +1,8 @@
+require "ruby_jwk/version"
+require "ruby_jwk/engine"
+require "jwt"
+
+module RubyJwk
+  mattr_accessor :jwk_url
+  mattr_accessor :skip_issuers
+end

data/lib/tasks/ruby_jwk_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :ruby_jwk do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,97 @@
+--- !ruby/object:Gem::Specification
+name: ruby_jwk
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- santhanakarthikeyan
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2022-02-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.1.4
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.1.4.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.1.4
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.1.4.4
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+description: Authenticate JWKs via public JWT enspoint
+email:
+- santhanakarthikeyan@hotmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/assets/config/ruby_jwk_manifest.js
+- app/assets/stylesheets/ruby_jwk/application.css
+- app/controllers/concerns/ruby_jwk/authenticate.rb
+- app/controllers/ruby_jwk/application_controller.rb
+- app/helpers/ruby_jwk/application_helper.rb
+- app/jobs/ruby_jwk/application_job.rb
+- app/mailers/ruby_jwk/application_mailer.rb
+- app/models/ruby_jwk/application_record.rb
+- app/views/layouts/ruby_jwk/application.html.erb
+- config/routes.rb
+- lib/ruby_jwk.rb
+- lib/ruby_jwk/engine.rb
+- lib/ruby_jwk/version.rb
+- lib/tasks/ruby_jwk_tasks.rake
+homepage: https://github.com/santhanakarthikeyan/ruby_jwk
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/santhanakarthikeyan/ruby_jwk
+  source_code_uri: https://github.com/santhanakarthikeyan/ruby_jwk
+  changelog_uri: https://github.com/santhanakarthikeyan/ruby_jwk
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.3
+signing_key:
+specification_version: 4
+summary: Authenticate JWKs
+test_files: []