touth 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/lib/touth.rb +9 -8
  3. data/lib/touth/action_controller_support.rb +4 -13
  4. data/lib/touth/authenticator.rb +53 -37
  5. data/lib/touth/middleware.rb +15 -0
  6. data/lib/touth/railtie.rb +11 -0
  7. data/lib/touth/store.rb +24 -0
  8. data/lib/touth/version.rb +7 -1
  9. metadata +5 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 688b4aa6d17d873748b0e566d30fe1a5346bf1dc
4
- data.tar.gz: 98a98a22385c71a83f5e2f1f41a34aa639156ea3
3
+ metadata.gz: f2256629f9eb56b07de8ad4878f8cfde6cbac035
4
+ data.tar.gz: 8775188762615102ef3715fda39414eded8a8d61
5
5
  SHA512:
6
- metadata.gz: ade3801f8ed0bb3b8bc29edc1d56c8f58724b96e1a561edc5233491eecf517845d46c6c7f63c6eee9f06a1bb3a09e72223b693b3ba8014fa57d01b73f5b0cdfb
7
- data.tar.gz: e83ff2c7a4249a9709b99c5f4563cf93ed6c47a43d945859cef0d6ebc5852ff8a6da55f41c1e2bb64ce1dc5c6434741d444249229e9300161c67db507275d3af
6
+ metadata.gz: 5935c104873a5badf65c4d31563a649e71d4cb79b22b2820fb7dabd77f615ebe69acd49fb03715587cd806d5922d089f0e906fa0408137fab0b67e50ac0f2e97
7
+ data.tar.gz: 5977124a908247b182446677eb879cd897b95ac66bf06c51fe6c3903d5d1058cf776aeebfeeed2793f040a779b2315228b3fc598fee72b6add4b21f2b3bb2829
data/lib/touth.rb CHANGED
@@ -1,17 +1,18 @@
1
1
  require 'active_support'
2
2
 
3
+ require_relative 'touth/version'
4
+ require_relative 'touth/store'
5
+ require_relative 'touth/authenticator'
6
+ require_relative 'touth/active_record_support'
7
+ require_relative 'touth/action_controller_support'
8
+ require_relative 'touth/middleware'
9
+ require_relative 'touth/railtie' if defined? Rails
10
+
3
11
 
4
12
  # Touth
5
13
  #-----------------------------------------------
6
14
  module Touth
7
15
 
8
- extend ActiveSupport::Autoload
9
-
10
- autoload :Authenticator
11
- autoload :ActiveRecordSupport
12
- autoload :ActionControllerSupport
13
- autoload :VERSION
14
-
15
16
  class Configuration
16
17
 
17
18
  attr_accessor :access_token_lifetime,
@@ -31,7 +32,6 @@ module Touth
31
32
  end
32
33
 
33
34
  class InvalidAccessTokenError < StandardError; end
34
- class ResourceConflictError < StandardError; end
35
35
 
36
36
  class << self
37
37
 
@@ -77,6 +77,7 @@ ActiveSupport.on_load(:action_controller) do
77
77
  extend Touth::ActionControllerSupport::ClassMethods
78
78
  include Touth::ActionControllerSupport::InstanceMethods
79
79
  end
80
+
80
81
  ActiveSupport.on_load(:active_record) do
81
82
  extend Touth::ActiveRecordSupport::ClassMethods
82
83
  end
data/lib/touth/action_controller_support.rb CHANGED
@@ -2,11 +2,7 @@ module Touth
2
2
  module ActionControllerSupport
3
3
  module ClassMethods
4
4
 
5
- mattr_accessor :token_authorized_resources
6
-
7
5
  def token_authentication_for(resource_name)
8
- self.token_authorized_resources ||= {}
9
-
10
6
  unless @_init_token_authenticator_hook
11
7
  prepend_before_action :set_token_authorized_resource!
12
8
  @_init_token_authenticator_hook = true
@@ -17,11 +13,11 @@ module Touth
17
13
 
18
14
  unless method_defined? callback_name
19
15
  define_method "#{resource_name}_signed_in?" do
20
- !!self.class.token_authorized_resources[resource_name]
16
+ !!Touth::Authenticator.current(resource_name)
21
17
  end
22
18
 
23
19
  define_method "current_#{resource_name}" do
24
- self.class.token_authorized_resources[resource_name]
20
+ Touth::Authenticator.current resource_name
25
21
  end
26
22
 
27
23
  define_method callback_name do
@@ -42,16 +38,11 @@ module Touth
42
38
  def set_token_authorized_resource!
43
39
  token = request.headers[Touth.header_name]
44
40
 
45
- return unless token && Authenticator.valid_access_token?(token)
46
-
47
- resource = Authenticator.get_resource token
48
- resource_name = Touth.get_resource_name resource.class.name
49
-
50
- self.class.token_authorized_resources[resource_name] = resource
41
+ Authenticator.set_current Authenticator.get_resource(token)
51
42
  end
52
43
 
53
44
  def authenticate_token_for!(resource_name)
54
- unless self.class.token_authorized_resources[resource_name]
45
+ unless Touth::Authenticator.current resource_name
55
46
  if Touth.allow_raise
56
47
  raise InvalidAccessTokenError, 'access token is not valid'
57
48
  else
data/lib/touth/authenticator.rb CHANGED
@@ -1,59 +1,75 @@
1
+ require 'base64'
2
+
3
+
1
4
  module Touth
2
5
  module Authenticator
6
+ class << self
3
7
 
4
- module_function
8
+ def issue_access_token(resource, lifetime = Touth.access_token_lifetime)
9
+ expires_at = Time.now.to_i + lifetime
5
10
 
6
- def issue_access_token(resource, lifetime = Touth.access_token_lifetime)
7
- expires_at = Time.now.to_i + lifetime
11
+ data = Marshal.dump({
12
+ class: resource.class,
13
+ id: resource.id,
14
+ secret: token_secret(resource),
15
+ expires_at: expires_at,
16
+ })
8
17
 
9
- data = Marshal.dump([
10
- resource.class,
11
- resource.id,
12
- expires_at,
13
- ])
18
+ data_sign = Touth.digest data
14
19
 
15
- data_sign = Touth.digest data
16
- data_key = gen_data_key resource, data_sign
20
+ Base64.urlsafe_encode64 [
21
+ data,
22
+ data_sign,
23
+ ].join
24
+ end
17
25
 
18
- [
19
- data_sign,
20
- data_key,
21
- data,
22
- ].join.unpack('H*')[0]
23
- end
26
+ def valid_access_token?(token)
27
+ !!get_resource(token)
28
+ end
24
29
 
25
- def valid_access_token?(token)
26
- !!get_resource(token)
27
- end
30
+ def get_resource(token)
31
+ return unless token
28
32
 
29
- def get_resource(token)
30
- @access_token_data_cache ||= {}
31
- resource = @access_token_data_cache[token]
33
+ resource = Store.access_tokens[token]
32
34
 
33
- return resource if resource
35
+ return resource if resource
34
36
 
35
- @access_token_data_cache[token] = nil
37
+ Store.access_tokens[token] = nil
36
38
 
37
- begin
38
- data_sign, data_key, data = [token].pack('H*').unpack 'A32A32A*'
39
+ begin
40
+ data = Base64.urlsafe_decode64(token)
41
+ data_sign = data.slice! -32..-1
39
42
 
40
- if data_sign == Touth.digest(data)
41
- resource_class, id, expires_at = Marshal.load data
43
+ if data_sign == Touth.digest(data)
44
+ data = Marshal.load data
42
45
 
43
- resource = resource_class.find id
46
+ resource = data[:class].find data[:id]
44
47
 
45
- if gen_data_key(resource, data_sign) == data_key && Time.now.to_i < expires_at
46
- @access_token_data_cache[token] = resource
48
+ if token_secret(resource) == data[:secret] && Time.now.to_i < data[:expires_at]
49
+ Store.access_tokens[token] = resource
50
+ end
47
51
  end
52
+ rescue
53
+ nil
48
54
  end
49
- rescue
50
- nil
51
55
  end
52
- end
53
56
 
54
- def gen_data_key(resource, data_sign)
55
- Touth.digest [data_sign, resource.send(Touth.password_field)].join
56
- end
57
+ def token_secret(resource)
58
+ password = resource.send Touth.password_field
59
+ Touth.digest(password)[0..16]
60
+ end
61
+
62
+ def set_current(resource)
63
+ return unless resource
64
+
65
+ resource_name = Touth.get_resource_name resource.class.name
66
+ Store.currents[resource_name] = resource
67
+ end
57
68
 
69
+ def current(resource_name)
70
+ Store.currents[resource_name]
71
+ end
72
+
73
+ end
58
74
  end
59
75
  end
data/lib/touth/middleware.rb ADDED
@@ -0,0 +1,15 @@
1
+ module Touth
2
+ class Middleware
3
+
4
+ def initialize(app)
5
+ @app = app
6
+ end
7
+
8
+ def call(env)
9
+ @app.call env
10
+ ensure
11
+ Store.clear!
12
+ end
13
+
14
+ end
15
+ end
data/lib/touth/railtie.rb ADDED
@@ -0,0 +1,11 @@
1
+ module Touth
2
+ class Railtie < ::Rails::Railtie
3
+ initializer 'request_store.insert_middleware' do |app|
4
+ if ActionDispatch.const_defined? :RequestId
5
+ app.config.middleware.insert_after ActionDispatch::RequestId, Touth::Middleware
6
+ else
7
+ app.config.middleware.insert_after Rack::MethodOverride, Touth::Middleware
8
+ end
9
+ end
10
+ end
11
+ end
data/lib/touth/store.rb ADDED
@@ -0,0 +1,24 @@
1
+ module Touth
2
+ module Store
3
+
4
+ ACCESS_TOKENS_STORE_KEY = :touth_access_tokens_store
5
+ CURRENTS_STORE_KEY = :touth_currents_store
6
+
7
+ class << self
8
+
9
+ def access_tokens
10
+ Thread.current[ACCESS_TOKENS_STORE_KEY] ||= {}
11
+ end
12
+
13
+ def currents
14
+ Thread.current[CURRENTS_STORE_KEY] ||= {}
15
+ end
16
+
17
+ def clear!
18
+ Thread.current[ACCESS_TOKENS_STORE_KEY] = {}
19
+ Thread.current[CURRENTS_STORE_KEY] = {}
20
+ end
21
+
22
+ end
23
+ end
24
+ end
data/lib/touth/version.rb CHANGED
@@ -1,3 +1,9 @@
1
1
  module Touth
2
- VERSION = '1.2.0'
2
+
3
+ MAJOR = 1
4
+ MINOR = 3
5
+ REVISION = 0
6
+
7
+ VERSION = [MAJOR, MINOR, REVISION].compact.join '.'
8
+
3
9
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: touth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Yuki Iwanaga
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-11-24 00:00:00.000000000 Z
11
+ date: 2014-12-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -75,6 +75,9 @@ files:
75
75
  - lib/touth/action_controller_support.rb
76
76
  - lib/touth/active_record_support.rb
77
77
  - lib/touth/authenticator.rb
78
+ - lib/touth/middleware.rb
79
+ - lib/touth/railtie.rb
80
+ - lib/touth/store.rb
78
81
  - lib/touth/version.rb
79
82
  - touth.gemspec
80
83
  homepage: https://github.com/creasty/touth