spd_jwt_authorizor 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/errors/blank_secret_key.rb +3 -0
- data/lib/spd_jwt_authorizor.rb +69 -0
- metadata +57 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: b78365aef0c3f642e17e5085ed9629989484bace2855a123760dbd3c092e40db
|
|
4
|
+
data.tar.gz: ba44e6ce12898c2b62ff212b0e73ea9e3bb5439c488bb9ced2cb6845a60eab68
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: a66c6d3b59b3d7d9f9a2247c0842c084d00ea6ea18041dde16d17e622e8076ea6b265a330e8f5a7682f71ceff3d33f11f93fa70e21d0c5112929b0840bd49053
|
|
7
|
+
data.tar.gz: 1c497416f0118570e132e19e41374ffd04cde6c776d502cb71f257d8f7a1369f81c2f03bb49eeb888885c3f613359a18de9cd88d803dbbea534447235ca96595
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
require 'jwt'
|
|
2
|
+
require 'errors/blank_secret_key'
|
|
3
|
+
|
|
4
|
+
# :nodoc:
|
|
5
|
+
module SpdJwtAuthorizor
|
|
6
|
+
class Engine
|
|
7
|
+
def initialize(jwt:)
|
|
8
|
+
@jwt = jwt
|
|
9
|
+
check_if_env_set!
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def authorized?(required_permissions:, match: :all)
|
|
13
|
+
return false unless ok?
|
|
14
|
+
|
|
15
|
+
if match == :all
|
|
16
|
+
# JWT should contain all mentioned permissions
|
|
17
|
+
(required_permissions & payload['aud']).count ==
|
|
18
|
+
required_permissions.count
|
|
19
|
+
elsif match == :any
|
|
20
|
+
# JWT should contain AT LEAST ONE of the mentioned permissions
|
|
21
|
+
(required_permissions & payload['aud']).count.positive?
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def ok?
|
|
26
|
+
decodable? && verified? && !expired?
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def expired?
|
|
30
|
+
JWT.decode(@jwt, ENV['JWT_SECRET_KEY'], true)
|
|
31
|
+
false
|
|
32
|
+
rescue JWT::ExpiredSignature
|
|
33
|
+
puts 'SapaadJwtAuthorizor: JWT is Expired!'
|
|
34
|
+
true
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def verified?
|
|
38
|
+
JWT.decode(@jwt, ENV['JWT_SECRET_KEY'], true)
|
|
39
|
+
true
|
|
40
|
+
rescue JWT::ExpiredSignature
|
|
41
|
+
true
|
|
42
|
+
rescue JWT::VerificationError
|
|
43
|
+
puts 'SapaadJwtAuthorizor: JWT is not Verified!'
|
|
44
|
+
false
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def decodable?
|
|
48
|
+
JWT.decode(@jwt, ENV['JWT_SECRET_KEY'], false)
|
|
49
|
+
true
|
|
50
|
+
rescue JWT::DecodeError
|
|
51
|
+
puts 'SapaadJwtAuthorizor: JWT is not decodable!'
|
|
52
|
+
false
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def payload
|
|
56
|
+
JWT.decode(@jwt, ENV['JWT_SECRET_KEY'], false).first
|
|
57
|
+
rescue JWT::DecodeError
|
|
58
|
+
puts 'SapaadJwtAuthorizor: JWT is not decodable!'
|
|
59
|
+
nil
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
private
|
|
63
|
+
|
|
64
|
+
def check_if_env_set!
|
|
65
|
+
raise BlankSecretKey, 'Cannot find the env JWT_SECRET_KEY' if
|
|
66
|
+
ENV['JWT_SECRET_KEY'].to_s.empty?
|
|
67
|
+
end
|
|
68
|
+
end
|
|
69
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: spd_jwt_authorizor
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 1.0.0
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Alan
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2020-04-22 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: jwt
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - "~>"
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '2.2'
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - "~>"
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: '2.2'
|
|
27
|
+
description: Checks for JWT validity, expiry, and User roles
|
|
28
|
+
email:
|
|
29
|
+
executables: []
|
|
30
|
+
extensions: []
|
|
31
|
+
extra_rdoc_files: []
|
|
32
|
+
files:
|
|
33
|
+
- lib/errors/blank_secret_key.rb
|
|
34
|
+
- lib/spd_jwt_authorizor.rb
|
|
35
|
+
homepage:
|
|
36
|
+
licenses: []
|
|
37
|
+
metadata: {}
|
|
38
|
+
post_install_message:
|
|
39
|
+
rdoc_options: []
|
|
40
|
+
require_paths:
|
|
41
|
+
- lib
|
|
42
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
43
|
+
requirements:
|
|
44
|
+
- - ">="
|
|
45
|
+
- !ruby/object:Gem::Version
|
|
46
|
+
version: 2.3.0
|
|
47
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
48
|
+
requirements:
|
|
49
|
+
- - ">="
|
|
50
|
+
- !ruby/object:Gem::Version
|
|
51
|
+
version: '0'
|
|
52
|
+
requirements: []
|
|
53
|
+
rubygems_version: 3.0.0
|
|
54
|
+
signing_key:
|
|
55
|
+
specification_version: 4
|
|
56
|
+
summary: Authorizes requests based on the user roles and provided roles
|
|
57
|
+
test_files: []
|