shakha 0.1.0

data/lib/shakha.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+require "shakha/version"
+require "shakha/config"
+require "shakha/engine"
+
+module Shakha
+  class << self
+    def setup
+      yield(config)
+    end
+
+    def config
+      @config ||= Config.new
+    end
+
+    def verify_token(id_token, audience: nil)
+      JwtHandler.verify(id_token, audience: audience || default_audience)
+    end
+
+    def sign_token(payload, exp: 24.hours.from_now)
+      JwtHandler.encode(payload, exp: exp)
+    end
+
+    def derive_pairwise_sub(google_sub, client_id = nil)
+      Pairwise.derive(google_sub, client_id || default_client_id)
+    end
+
+    private
+
+    def default_audience
+      "origin:#{config.app_origin&.then { |url| URI.parse(url).origin }}"
+    end
+
+    def default_client_id
+      "origin:#{URI.parse(config.app_origin).origin}"
+    end
+  end
+
+  class ConfigurationError < StandardError; end
+  class JWTError < StandardError; end
+  class PKCEError < StandardError; end
+  class GoogleOAuthError < StandardError; end
+end

metadata

@@ -0,0 +1,99 @@
+--- !ruby/object:Gem::Specification
+name: shakha
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Asrat
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.1'
+description: |
+  Shakha handles Google OAuth + PKCE and gives your app a domain-scoped identity (pairwise_sub)
+  and a signed id_token. No client signup. No unnecessary scopes. Just identity.
+email:
+- asrat@example.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE.txt
+- README.md
+- app/assets/stylesheets/shakha.css
+- app/controllers/shakha/application_controller.rb
+- app/controllers/shakha/auth_controller.rb
+- app/controllers/shakha/jwks_controller.rb
+- app/controllers/shakha/openid_controller.rb
+- app/controllers/shakha/session_controller.rb
+- app/models/shakha/client.rb
+- app/models/shakha/session.rb
+- app/models/shakha/user.rb
+- app/views/shakha/auth/callback.html.erb
+- app/views/shakha/auth/new.html.erb
+- app/views/shakha/errors/show.html.erb
+- app/views/shakha/layouts/shakha.html.erb
+- generators/shakha/install_generator.rb
+- generators/shakha/templates/initializer.rb.erb
+- generators/shakha/templates/migration.rb.erb
+- lib/shakha.rb
+- lib/shakha/config.rb
+- lib/shakha/controller_helpers.rb
+- lib/shakha/engine.rb
+- lib/shakha/error_handler.rb
+- lib/shakha/jwt_handler.rb
+- lib/shakha/middleware.rb
+- lib/shakha/pairwise.rb
+- lib/shakha/pkce.rb
+- lib/shakha/version.rb
+homepage: https://shakha.dev
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://shakha.dev
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.1'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: Minimal auth broker for Google OAuth with PKCE and pairwise subjects
+test_files: []