zaikio-jwt_auth 0.4.2 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +12 -1
- data/lib/zaikio/jwt_auth.rb +1 -1
- data/lib/zaikio/jwt_auth/directory_cache.rb +29 -19
- data/lib/zaikio/jwt_auth/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5246d95da7085c56dce3719ba3bdba4c102c3b4dd01c941cacb5de5d9e813eb0
|
|
4
|
+
data.tar.gz: 354e97d2ef3972049e103fa0afea9e047f9990ab816ca8b7afec7c3671e0d90b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8025ca7934fac9df869afde1fd23287208fb9edbd1970e3d065d9591062a1557a435f6cb0d7d8147d8f8f2fdbb476ae00dead2d89bb232951489de785df0e248
|
|
7
|
+
data.tar.gz: 89431f5cdf4ad50dff018a35530fb95d97d2a9a91a1908566b8d9de187dff65f1203bfb76a7eef79fcc3fca116f336ab194c18b8bd583d830098481678a53aa8
|
data/README.md
CHANGED
|
@@ -152,7 +152,18 @@ class MyRackMiddleware < Rack::Middleware
|
|
|
152
152
|
...
|
|
153
153
|
```
|
|
154
154
|
|
|
155
|
-
This function expects to receive the string in the format `"Bearer $token"`.
|
|
155
|
+
This function expects to receive the string in the format `"Bearer $token"`. If the JWT is
|
|
156
|
+
invalid, expired, or has some other fundamental issues, the JWT library may throw
|
|
157
|
+
[additional errors](https://github.com/jwt/ruby-jwt/blob/v2.2.2/lib/jwt/error.rb), and you
|
|
158
|
+
should be prepared to handle these, for example:
|
|
159
|
+
|
|
160
|
+
```ruby
|
|
161
|
+
def call(env)
|
|
162
|
+
token = Zaikio::JWTAuth.extract("definitely.not.jwt")
|
|
163
|
+
rescue JWT::DecodeError, JWT::ExpiredSignature
|
|
164
|
+
[401, {}, ["Unauthorized"]]
|
|
165
|
+
end
|
|
166
|
+
```
|
|
156
167
|
|
|
157
168
|
## Contributing
|
|
158
169
|
|
data/lib/zaikio/jwt_auth.rb
CHANGED
|
@@ -18,7 +18,7 @@ module Zaikio
|
|
|
18
18
|
def self.configure
|
|
19
19
|
self.configuration ||= Configuration.new
|
|
20
20
|
|
|
21
|
-
if Zaikio.const_defined?("Webhooks")
|
|
21
|
+
if Zaikio.const_defined?("Webhooks", false)
|
|
22
22
|
Zaikio::Webhooks.on "directory.revoked_access_token", Zaikio::JWTAuth::RevokeAccessTokenJob,
|
|
23
23
|
perform_now: true
|
|
24
24
|
end
|
|
@@ -5,6 +5,15 @@ require "logger"
|
|
|
5
5
|
module Zaikio
|
|
6
6
|
module JWTAuth
|
|
7
7
|
class DirectoryCache
|
|
8
|
+
class UpdateJob < ::ActiveJob::Base
|
|
9
|
+
def perform(directory_path)
|
|
10
|
+
DirectoryCache.fetch(directory_path)
|
|
11
|
+
true # This job will always re-queue until it succeeds.
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
BadResponseError = Class.new(StandardError)
|
|
16
|
+
|
|
8
17
|
class << self
|
|
9
18
|
def fetch(directory_path, options = {})
|
|
10
19
|
cache = Zaikio::JWTAuth.configuration.redis.get("zaikio::jwt_auth::#{directory_path}")
|
|
@@ -12,7 +21,8 @@ module Zaikio
|
|
|
12
21
|
json = Oj.load(cache) if cache
|
|
13
22
|
|
|
14
23
|
if !cache || options[:invalidate] || cache_expired?(json, options[:expires_after])
|
|
15
|
-
|
|
24
|
+
new_values = reload_or_enqueue(directory_path)
|
|
25
|
+
return new_values || json["data"]
|
|
16
26
|
end
|
|
17
27
|
|
|
18
28
|
json["data"]
|
|
@@ -37,29 +47,29 @@ module Zaikio
|
|
|
37
47
|
DateTime.strptime(json["fetched_at"].to_s, "%s") < Time.now.utc - (expires_after || 1.hour)
|
|
38
48
|
end
|
|
39
49
|
|
|
40
|
-
def
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
data
|
|
45
|
-
|
|
46
|
-
fetched_at: Time.now.to_i,
|
|
47
|
-
data: data
|
|
48
|
-
}.to_json)
|
|
49
|
-
|
|
50
|
-
data
|
|
51
|
-
rescue Errno::ECONNREFUSED, Net::ReadTimeout => e
|
|
52
|
-
raise unless (retries += 1) <= 3
|
|
50
|
+
def reload_or_enqueue(directory_path)
|
|
51
|
+
data = fetch_from_directory(directory_path)
|
|
52
|
+
Zaikio::JWTAuth.configuration.redis.set("zaikio::jwt_auth::#{directory_path}", {
|
|
53
|
+
fetched_at: Time.now.to_i,
|
|
54
|
+
data: data
|
|
55
|
+
}.to_json)
|
|
53
56
|
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
57
|
+
data
|
|
58
|
+
rescue Errno::ECONNREFUSED, Net::ReadTimeout, BadResponseError
|
|
59
|
+
Zaikio::JWTAuth.configuration.logger.info("Error updating DirectoryCache(#{directory_path}), enqueueing job to update")
|
|
60
|
+
UpdateJob.set(wait: 10.seconds).perform_later(directory_path)
|
|
61
|
+
nil
|
|
58
62
|
end
|
|
59
63
|
|
|
60
64
|
def fetch_from_directory(directory_path)
|
|
61
65
|
uri = URI("#{Zaikio::JWTAuth.configuration.host}/#{directory_path}")
|
|
62
|
-
|
|
66
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
|
67
|
+
http.use_ssl = uri.scheme == "https"
|
|
68
|
+
response = http.request(Net::HTTP::Get.new(uri.request_uri))
|
|
69
|
+
raise BadResponseError unless (200..299).cover?(response.code.to_i)
|
|
70
|
+
raise BadResponseError unless response["content-type"].to_s.include?("application/json")
|
|
71
|
+
|
|
72
|
+
Oj.load(response.body)
|
|
63
73
|
end
|
|
64
74
|
end
|
|
65
75
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zaikio-jwt_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- crispymtn
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2021-
|
|
13
|
+
date: 2021-04-23 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: oj
|
|
@@ -27,7 +27,7 @@ dependencies:
|
|
|
27
27
|
- !ruby/object:Gem::Version
|
|
28
28
|
version: 3.0.0
|
|
29
29
|
- !ruby/object:Gem::Dependency
|
|
30
|
-
name:
|
|
30
|
+
name: railties
|
|
31
31
|
requirement: !ruby/object:Gem::Requirement
|
|
32
32
|
requirements:
|
|
33
33
|
- - ">="
|