zaikio-jwt_auth 0.4.2 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +12 -1
- data/lib/zaikio/jwt_auth.rb +1 -1
- data/lib/zaikio/jwt_auth/directory_cache.rb +29 -19
- data/lib/zaikio/jwt_auth/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5246d95da7085c56dce3719ba3bdba4c102c3b4dd01c941cacb5de5d9e813eb0
|
|
4
|
+
data.tar.gz: 354e97d2ef3972049e103fa0afea9e047f9990ab816ca8b7afec7c3671e0d90b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8025ca7934fac9df869afde1fd23287208fb9edbd1970e3d065d9591062a1557a435f6cb0d7d8147d8f8f2fdbb476ae00dead2d89bb232951489de785df0e248
|
|
7
|
+
data.tar.gz: 89431f5cdf4ad50dff018a35530fb95d97d2a9a91a1908566b8d9de187dff65f1203bfb76a7eef79fcc3fca116f336ab194c18b8bd583d830098481678a53aa8
|
data/README.md
CHANGED
|
@@ -152,7 +152,18 @@ class MyRackMiddleware < Rack::Middleware
|
|
|
152
152
|
...
|
|
153
153
|
```
|
|
154
154
|
|
|
155
|
-
This function expects to receive the string in the format `"Bearer $token"`.
|
|
155
|
+
This function expects to receive the string in the format `"Bearer $token"`. If the JWT is
|
|
156
|
+
invalid, expired, or has some other fundamental issues, the JWT library may throw
|
|
157
|
+
[additional errors](https://github.com/jwt/ruby-jwt/blob/v2.2.2/lib/jwt/error.rb), and you
|
|
158
|
+
should be prepared to handle these, for example:
|
|
159
|
+
|
|
160
|
+
```ruby
|
|
161
|
+
def call(env)
|
|
162
|
+
token = Zaikio::JWTAuth.extract("definitely.not.jwt")
|
|
163
|
+
rescue JWT::DecodeError, JWT::ExpiredSignature
|
|
164
|
+
[401, {}, ["Unauthorized"]]
|
|
165
|
+
end
|
|
166
|
+
```
|
|
156
167
|
|
|
157
168
|
## Contributing
|
|
158
169
|
|
data/lib/zaikio/jwt_auth.rb
CHANGED
|
@@ -18,7 +18,7 @@ module Zaikio
|
|
|
18
18
|
def self.configure
|
|
19
19
|
self.configuration ||= Configuration.new
|
|
20
20
|
|
|
21
|
-
if Zaikio.const_defined?("Webhooks")
|
|
21
|
+
if Zaikio.const_defined?("Webhooks", false)
|
|
22
22
|
Zaikio::Webhooks.on "directory.revoked_access_token", Zaikio::JWTAuth::RevokeAccessTokenJob,
|
|
23
23
|
perform_now: true
|
|
24
24
|
end
|
|
@@ -5,6 +5,15 @@ require "logger"
|
|
|
5
5
|
module Zaikio
|
|
6
6
|
module JWTAuth
|
|
7
7
|
class DirectoryCache
|
|
8
|
+
class UpdateJob < ::ActiveJob::Base
|
|
9
|
+
def perform(directory_path)
|
|
10
|
+
DirectoryCache.fetch(directory_path)
|
|
11
|
+
true # This job will always re-queue until it succeeds.
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
BadResponseError = Class.new(StandardError)
|
|
16
|
+
|
|
8
17
|
class << self
|
|
9
18
|
def fetch(directory_path, options = {})
|
|
10
19
|
cache = Zaikio::JWTAuth.configuration.redis.get("zaikio::jwt_auth::#{directory_path}")
|
|
@@ -12,7 +21,8 @@ module Zaikio
|
|
|
12
21
|
json = Oj.load(cache) if cache
|
|
13
22
|
|
|
14
23
|
if !cache || options[:invalidate] || cache_expired?(json, options[:expires_after])
|
|
15
|
-
|
|
24
|
+
new_values = reload_or_enqueue(directory_path)
|
|
25
|
+
return new_values || json["data"]
|
|
16
26
|
end
|
|
17
27
|
|
|
18
28
|
json["data"]
|
|
@@ -37,29 +47,29 @@ module Zaikio
|
|
|
37
47
|
DateTime.strptime(json["fetched_at"].to_s, "%s") < Time.now.utc - (expires_after || 1.hour)
|
|
38
48
|
end
|
|
39
49
|
|
|
40
|
-
def
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
data
|
|
45
|
-
|
|
46
|
-
fetched_at: Time.now.to_i,
|
|
47
|
-
data: data
|
|
48
|
-
}.to_json)
|
|
49
|
-
|
|
50
|
-
data
|
|
51
|
-
rescue Errno::ECONNREFUSED, Net::ReadTimeout => e
|
|
52
|
-
raise unless (retries += 1) <= 3
|
|
50
|
+
def reload_or_enqueue(directory_path)
|
|
51
|
+
data = fetch_from_directory(directory_path)
|
|
52
|
+
Zaikio::JWTAuth.configuration.redis.set("zaikio::jwt_auth::#{directory_path}", {
|
|
53
|
+
fetched_at: Time.now.to_i,
|
|
54
|
+
data: data
|
|
55
|
+
}.to_json)
|
|
53
56
|
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
57
|
+
data
|
|
58
|
+
rescue Errno::ECONNREFUSED, Net::ReadTimeout, BadResponseError
|
|
59
|
+
Zaikio::JWTAuth.configuration.logger.info("Error updating DirectoryCache(#{directory_path}), enqueueing job to update")
|
|
60
|
+
UpdateJob.set(wait: 10.seconds).perform_later(directory_path)
|
|
61
|
+
nil
|
|
58
62
|
end
|
|
59
63
|
|
|
60
64
|
def fetch_from_directory(directory_path)
|
|
61
65
|
uri = URI("#{Zaikio::JWTAuth.configuration.host}/#{directory_path}")
|
|
62
|
-
|
|
66
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
|
67
|
+
http.use_ssl = uri.scheme == "https"
|
|
68
|
+
response = http.request(Net::HTTP::Get.new(uri.request_uri))
|
|
69
|
+
raise BadResponseError unless (200..299).cover?(response.code.to_i)
|
|
70
|
+
raise BadResponseError unless response["content-type"].to_s.include?("application/json")
|
|
71
|
+
|
|
72
|
+
Oj.load(response.body)
|
|
63
73
|
end
|
|
64
74
|
end
|
|
65
75
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zaikio-jwt_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- crispymtn
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2021-
|
|
13
|
+
date: 2021-04-23 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: oj
|
|
@@ -27,7 +27,7 @@ dependencies:
|
|
|
27
27
|
- !ruby/object:Gem::Version
|
|
28
28
|
version: 3.0.0
|
|
29
29
|
- !ruby/object:Gem::Dependency
|
|
30
|
-
name:
|
|
30
|
+
name: railties
|
|
31
31
|
requirement: !ruby/object:Gem::Requirement
|
|
32
32
|
requirements:
|
|
33
33
|
- - ">="
|