touth 1.2.0 → 1.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 688b4aa6d17d873748b0e566d30fe1a5346bf1dc
4
- data.tar.gz: 98a98a22385c71a83f5e2f1f41a34aa639156ea3
3
+ metadata.gz: f2256629f9eb56b07de8ad4878f8cfde6cbac035
4
+ data.tar.gz: 8775188762615102ef3715fda39414eded8a8d61
5
5
  SHA512:
6
- metadata.gz: ade3801f8ed0bb3b8bc29edc1d56c8f58724b96e1a561edc5233491eecf517845d46c6c7f63c6eee9f06a1bb3a09e72223b693b3ba8014fa57d01b73f5b0cdfb
7
- data.tar.gz: e83ff2c7a4249a9709b99c5f4563cf93ed6c47a43d945859cef0d6ebc5852ff8a6da55f41c1e2bb64ce1dc5c6434741d444249229e9300161c67db507275d3af
6
+ metadata.gz: 5935c104873a5badf65c4d31563a649e71d4cb79b22b2820fb7dabd77f615ebe69acd49fb03715587cd806d5922d089f0e906fa0408137fab0b67e50ac0f2e97
7
+ data.tar.gz: 5977124a908247b182446677eb879cd897b95ac66bf06c51fe6c3903d5d1058cf776aeebfeeed2793f040a779b2315228b3fc598fee72b6add4b21f2b3bb2829
@@ -1,17 +1,18 @@
1
1
  require 'active_support'
2
2
 
3
+ require_relative 'touth/version'
4
+ require_relative 'touth/store'
5
+ require_relative 'touth/authenticator'
6
+ require_relative 'touth/active_record_support'
7
+ require_relative 'touth/action_controller_support'
8
+ require_relative 'touth/middleware'
9
+ require_relative 'touth/railtie' if defined? Rails
10
+
3
11
 
4
12
  # Touth
5
13
  #-----------------------------------------------
6
14
  module Touth
7
15
 
8
- extend ActiveSupport::Autoload
9
-
10
- autoload :Authenticator
11
- autoload :ActiveRecordSupport
12
- autoload :ActionControllerSupport
13
- autoload :VERSION
14
-
15
16
  class Configuration
16
17
 
17
18
  attr_accessor :access_token_lifetime,
@@ -31,7 +32,6 @@ module Touth
31
32
  end
32
33
 
33
34
  class InvalidAccessTokenError < StandardError; end
34
- class ResourceConflictError < StandardError; end
35
35
 
36
36
  class << self
37
37
 
@@ -77,6 +77,7 @@ ActiveSupport.on_load(:action_controller) do
77
77
  extend Touth::ActionControllerSupport::ClassMethods
78
78
  include Touth::ActionControllerSupport::InstanceMethods
79
79
  end
80
+
80
81
  ActiveSupport.on_load(:active_record) do
81
82
  extend Touth::ActiveRecordSupport::ClassMethods
82
83
  end
@@ -2,11 +2,7 @@ module Touth
2
2
  module ActionControllerSupport
3
3
  module ClassMethods
4
4
 
5
- mattr_accessor :token_authorized_resources
6
-
7
5
  def token_authentication_for(resource_name)
8
- self.token_authorized_resources ||= {}
9
-
10
6
  unless @_init_token_authenticator_hook
11
7
  prepend_before_action :set_token_authorized_resource!
12
8
  @_init_token_authenticator_hook = true
@@ -17,11 +13,11 @@ module Touth
17
13
 
18
14
  unless method_defined? callback_name
19
15
  define_method "#{resource_name}_signed_in?" do
20
- !!self.class.token_authorized_resources[resource_name]
16
+ !!Touth::Authenticator.current(resource_name)
21
17
  end
22
18
 
23
19
  define_method "current_#{resource_name}" do
24
- self.class.token_authorized_resources[resource_name]
20
+ Touth::Authenticator.current resource_name
25
21
  end
26
22
 
27
23
  define_method callback_name do
@@ -42,16 +38,11 @@ module Touth
42
38
  def set_token_authorized_resource!
43
39
  token = request.headers[Touth.header_name]
44
40
 
45
- return unless token && Authenticator.valid_access_token?(token)
46
-
47
- resource = Authenticator.get_resource token
48
- resource_name = Touth.get_resource_name resource.class.name
49
-
50
- self.class.token_authorized_resources[resource_name] = resource
41
+ Authenticator.set_current Authenticator.get_resource(token)
51
42
  end
52
43
 
53
44
  def authenticate_token_for!(resource_name)
54
- unless self.class.token_authorized_resources[resource_name]
45
+ unless Touth::Authenticator.current resource_name
55
46
  if Touth.allow_raise
56
47
  raise InvalidAccessTokenError, 'access token is not valid'
57
48
  else
@@ -1,59 +1,75 @@
1
+ require 'base64'
2
+
3
+
1
4
  module Touth
2
5
  module Authenticator
6
+ class << self
3
7
 
4
- module_function
8
+ def issue_access_token(resource, lifetime = Touth.access_token_lifetime)
9
+ expires_at = Time.now.to_i + lifetime
5
10
 
6
- def issue_access_token(resource, lifetime = Touth.access_token_lifetime)
7
- expires_at = Time.now.to_i + lifetime
11
+ data = Marshal.dump({
12
+ class: resource.class,
13
+ id: resource.id,
14
+ secret: token_secret(resource),
15
+ expires_at: expires_at,
16
+ })
8
17
 
9
- data = Marshal.dump([
10
- resource.class,
11
- resource.id,
12
- expires_at,
13
- ])
18
+ data_sign = Touth.digest data
14
19
 
15
- data_sign = Touth.digest data
16
- data_key = gen_data_key resource, data_sign
20
+ Base64.urlsafe_encode64 [
21
+ data,
22
+ data_sign,
23
+ ].join
24
+ end
17
25
 
18
- [
19
- data_sign,
20
- data_key,
21
- data,
22
- ].join.unpack('H*')[0]
23
- end
26
+ def valid_access_token?(token)
27
+ !!get_resource(token)
28
+ end
24
29
 
25
- def valid_access_token?(token)
26
- !!get_resource(token)
27
- end
30
+ def get_resource(token)
31
+ return unless token
28
32
 
29
- def get_resource(token)
30
- @access_token_data_cache ||= {}
31
- resource = @access_token_data_cache[token]
33
+ resource = Store.access_tokens[token]
32
34
 
33
- return resource if resource
35
+ return resource if resource
34
36
 
35
- @access_token_data_cache[token] = nil
37
+ Store.access_tokens[token] = nil
36
38
 
37
- begin
38
- data_sign, data_key, data = [token].pack('H*').unpack 'A32A32A*'
39
+ begin
40
+ data = Base64.urlsafe_decode64(token)
41
+ data_sign = data.slice! -32..-1
39
42
 
40
- if data_sign == Touth.digest(data)
41
- resource_class, id, expires_at = Marshal.load data
43
+ if data_sign == Touth.digest(data)
44
+ data = Marshal.load data
42
45
 
43
- resource = resource_class.find id
46
+ resource = data[:class].find data[:id]
44
47
 
45
- if gen_data_key(resource, data_sign) == data_key && Time.now.to_i < expires_at
46
- @access_token_data_cache[token] = resource
48
+ if token_secret(resource) == data[:secret] && Time.now.to_i < data[:expires_at]
49
+ Store.access_tokens[token] = resource
50
+ end
47
51
  end
52
+ rescue
53
+ nil
48
54
  end
49
- rescue
50
- nil
51
55
  end
52
- end
53
56
 
54
- def gen_data_key(resource, data_sign)
55
- Touth.digest [data_sign, resource.send(Touth.password_field)].join
56
- end
57
+ def token_secret(resource)
58
+ password = resource.send Touth.password_field
59
+ Touth.digest(password)[0..16]
60
+ end
61
+
62
+ def set_current(resource)
63
+ return unless resource
64
+
65
+ resource_name = Touth.get_resource_name resource.class.name
66
+ Store.currents[resource_name] = resource
67
+ end
57
68
 
69
+ def current(resource_name)
70
+ Store.currents[resource_name]
71
+ end
72
+
73
+ end
58
74
  end
59
75
  end
@@ -0,0 +1,15 @@
1
+ module Touth
2
+ class Middleware
3
+
4
+ def initialize(app)
5
+ @app = app
6
+ end
7
+
8
+ def call(env)
9
+ @app.call env
10
+ ensure
11
+ Store.clear!
12
+ end
13
+
14
+ end
15
+ end
@@ -0,0 +1,11 @@
1
+ module Touth
2
+ class Railtie < ::Rails::Railtie
3
+ initializer 'request_store.insert_middleware' do |app|
4
+ if ActionDispatch.const_defined? :RequestId
5
+ app.config.middleware.insert_after ActionDispatch::RequestId, Touth::Middleware
6
+ else
7
+ app.config.middleware.insert_after Rack::MethodOverride, Touth::Middleware
8
+ end
9
+ end
10
+ end
11
+ end
@@ -0,0 +1,24 @@
1
+ module Touth
2
+ module Store
3
+
4
+ ACCESS_TOKENS_STORE_KEY = :touth_access_tokens_store
5
+ CURRENTS_STORE_KEY = :touth_currents_store
6
+
7
+ class << self
8
+
9
+ def access_tokens
10
+ Thread.current[ACCESS_TOKENS_STORE_KEY] ||= {}
11
+ end
12
+
13
+ def currents
14
+ Thread.current[CURRENTS_STORE_KEY] ||= {}
15
+ end
16
+
17
+ def clear!
18
+ Thread.current[ACCESS_TOKENS_STORE_KEY] = {}
19
+ Thread.current[CURRENTS_STORE_KEY] = {}
20
+ end
21
+
22
+ end
23
+ end
24
+ end
@@ -1,3 +1,9 @@
1
1
  module Touth
2
- VERSION = '1.2.0'
2
+
3
+ MAJOR = 1
4
+ MINOR = 3
5
+ REVISION = 0
6
+
7
+ VERSION = [MAJOR, MINOR, REVISION].compact.join '.'
8
+
3
9
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: touth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Yuki Iwanaga
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-11-24 00:00:00.000000000 Z
11
+ date: 2014-12-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -75,6 +75,9 @@ files:
75
75
  - lib/touth/action_controller_support.rb
76
76
  - lib/touth/active_record_support.rb
77
77
  - lib/touth/authenticator.rb
78
+ - lib/touth/middleware.rb
79
+ - lib/touth/railtie.rb
80
+ - lib/touth/store.rb
78
81
  - lib/touth/version.rb
79
82
  - touth.gemspec
80
83
  homepage: https://github.com/creasty/touth