zaikio-jwt_auth 0.5.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +18 -0
- data/lib/zaikio/jwt_auth/directory_cache.rb +30 -22
- data/lib/zaikio/jwt_auth/version.rb +1 -1
- data/lib/zaikio/jwt_auth.rb +14 -3
- metadata +17 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7b3b79eed92b123729aea0048bfcd019ca98bb914430a5d8cd1f081241ef3752
|
|
4
|
+
data.tar.gz: d148777cff0767854dfedd703eaf55713666fd6e96d2551f6cd68103f59f52bc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 891bf2b7f94f9ee25878ebd46e49e7e2fcf8e7472d2688e9c00716241199b78ad2d57c14a5ac3b0ff9605ce1059c8be2285c9d97513a192c1eb989ab8ba1ed65
|
|
7
|
+
data.tar.gz: d44a02245269d8693380ba6a6e7a389214582848b3264ae5fc2b11678c8d2ba5bb2f77781bb63c85e4c110ec08490fd0f87c309b1770253388a7b76707107d87
|
data/README.md
CHANGED
|
@@ -63,6 +63,24 @@ end
|
|
|
63
63
|
|
|
64
64
|
By convention, `authorize_by_jwt_scopes` automatically maps all CRUD actions in a controller. Requests for `show` and `index` with a read or read_write scope are allowed. All other actions like `create`, `update` and `destroy` are accepted if the scope is a write or read_write scope. Therefore it is strongly recommended to always create standard Rails resources. If a custom action is required, you will need to authorize yourself using the `after_jwt_auth`.
|
|
65
65
|
|
|
66
|
+
Both of these behaviours are automatically inherited by child classes, for example:
|
|
67
|
+
|
|
68
|
+
```ruby
|
|
69
|
+
class API::ChildController < API::ResourcesController
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
API::ChildController.authorize_by_jwt_subject_type
|
|
73
|
+
#=> "Organization"
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
You can always override the behaviour in children if needed:
|
|
77
|
+
|
|
78
|
+
```ruby
|
|
79
|
+
class API::ChildController < API::ResourcesController
|
|
80
|
+
authorize_by_jwt_subject_type nil
|
|
81
|
+
end
|
|
82
|
+
```
|
|
83
|
+
|
|
66
84
|
#### Modifying required scopes
|
|
67
85
|
If you nonetheless want to change the required scopes for CRUD routes, you can use the `type` option which accepts the following values: `:read`, `:write`, `:read_write`
|
|
68
86
|
|
|
@@ -5,6 +5,13 @@ require "logger"
|
|
|
5
5
|
module Zaikio
|
|
6
6
|
module JWTAuth
|
|
7
7
|
class DirectoryCache
|
|
8
|
+
class UpdateJob < ::ActiveJob::Base
|
|
9
|
+
def perform(directory_path)
|
|
10
|
+
DirectoryCache.fetch(directory_path)
|
|
11
|
+
true # This job will always re-queue until it succeeds.
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
|
|
8
15
|
BadResponseError = Class.new(StandardError)
|
|
9
16
|
|
|
10
17
|
class << self
|
|
@@ -14,7 +21,8 @@ module Zaikio
|
|
|
14
21
|
json = Oj.load(cache) if cache
|
|
15
22
|
|
|
16
23
|
if !cache || options[:invalidate] || cache_expired?(json, options[:expires_after])
|
|
17
|
-
|
|
24
|
+
new_values = reload_or_enqueue(directory_path)
|
|
25
|
+
return new_values || json["data"]
|
|
18
26
|
end
|
|
19
27
|
|
|
20
28
|
json["data"]
|
|
@@ -39,36 +47,36 @@ module Zaikio
|
|
|
39
47
|
DateTime.strptime(json["fetched_at"].to_s, "%s") < Time.now.utc - (expires_after || 1.hour)
|
|
40
48
|
end
|
|
41
49
|
|
|
42
|
-
def
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
data
|
|
47
|
-
|
|
48
|
-
fetched_at: Time.now.to_i,
|
|
49
|
-
data: data
|
|
50
|
-
}.to_json)
|
|
51
|
-
|
|
52
|
-
data
|
|
53
|
-
rescue Errno::ECONNREFUSED, Net::ReadTimeout, BadResponseError => e
|
|
54
|
-
raise unless (retries += 1) <= 3
|
|
50
|
+
def reload_or_enqueue(directory_path)
|
|
51
|
+
data = fetch_from_directory(directory_path)
|
|
52
|
+
Zaikio::JWTAuth.configuration.redis.set("zaikio::jwt_auth::#{directory_path}", {
|
|
53
|
+
fetched_at: Time.now.to_i,
|
|
54
|
+
data: data
|
|
55
|
+
}.to_json)
|
|
55
56
|
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
57
|
+
data
|
|
58
|
+
rescue Errno::ECONNREFUSED, Net::ReadTimeout, BadResponseError
|
|
59
|
+
Zaikio::JWTAuth.configuration.logger
|
|
60
|
+
.info("Error updating DirectoryCache(#{directory_path}), enqueueing job to update")
|
|
61
|
+
UpdateJob.set(wait: 10.seconds).perform_later(directory_path)
|
|
62
|
+
nil
|
|
60
63
|
end
|
|
61
64
|
|
|
62
65
|
def fetch_from_directory(directory_path)
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
http.use_ssl = uri.scheme == "https"
|
|
66
|
-
response = http.request(Net::HTTP::Get.new(uri.request_uri))
|
|
66
|
+
response = make_http_request(directory_path)
|
|
67
|
+
|
|
67
68
|
raise BadResponseError unless (200..299).cover?(response.code.to_i)
|
|
68
69
|
raise BadResponseError unless response["content-type"].to_s.include?("application/json")
|
|
69
70
|
|
|
70
71
|
Oj.load(response.body)
|
|
71
72
|
end
|
|
73
|
+
|
|
74
|
+
def make_http_request(directory_path)
|
|
75
|
+
uri = URI("#{Zaikio::JWTAuth.configuration.host}/#{directory_path}")
|
|
76
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
|
77
|
+
http.use_ssl = uri.scheme == "https"
|
|
78
|
+
http.request(Net::HTTP::Get.new(uri.request_uri))
|
|
79
|
+
end
|
|
72
80
|
end
|
|
73
81
|
end
|
|
74
82
|
end
|
data/lib/zaikio/jwt_auth.rb
CHANGED
|
@@ -45,7 +45,7 @@ module Zaikio
|
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
def self.mocked_jwt_payload
|
|
48
|
-
@mocked_jwt_payload
|
|
48
|
+
instance_variable_defined?(:@mocked_jwt_payload) && @mocked_jwt_payload
|
|
49
49
|
end
|
|
50
50
|
|
|
51
51
|
def self.mocked_jwt_payload=(payload)
|
|
@@ -67,8 +67,12 @@ module Zaikio
|
|
|
67
67
|
end
|
|
68
68
|
|
|
69
69
|
module ClassMethods
|
|
70
|
-
def authorize_by_jwt_subject_type(type =
|
|
71
|
-
|
|
70
|
+
def authorize_by_jwt_subject_type(type = :_not_given_)
|
|
71
|
+
if type != :_not_given_
|
|
72
|
+
@authorize_by_jwt_subject_type = type
|
|
73
|
+
elsif instance_variable_defined?(:@authorize_by_jwt_subject_type)
|
|
74
|
+
@authorize_by_jwt_subject_type
|
|
75
|
+
end
|
|
72
76
|
end
|
|
73
77
|
|
|
74
78
|
def authorize_by_jwt_scopes(scopes = nil, options = {})
|
|
@@ -78,6 +82,13 @@ module Zaikio
|
|
|
78
82
|
|
|
79
83
|
@authorize_by_jwt_scopes
|
|
80
84
|
end
|
|
85
|
+
|
|
86
|
+
def inherited(child)
|
|
87
|
+
super(child)
|
|
88
|
+
|
|
89
|
+
child.instance_variable_set(:@authorize_by_jwt_subject_type, @authorize_by_jwt_subject_type)
|
|
90
|
+
child.instance_variable_set(:@authorize_by_jwt_scopes, @authorize_by_jwt_scopes)
|
|
91
|
+
end
|
|
81
92
|
end
|
|
82
93
|
|
|
83
94
|
module InstanceMethods
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zaikio-jwt_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- crispymtn
|
|
@@ -10,8 +10,22 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2022-04-22 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
|
+
- !ruby/object:Gem::Dependency
|
|
16
|
+
name: activejob
|
|
17
|
+
requirement: !ruby/object:Gem::Requirement
|
|
18
|
+
requirements:
|
|
19
|
+
- - ">="
|
|
20
|
+
- !ruby/object:Gem::Version
|
|
21
|
+
version: '0'
|
|
22
|
+
type: :runtime
|
|
23
|
+
prerelease: false
|
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
25
|
+
requirements:
|
|
26
|
+
- - ">="
|
|
27
|
+
- !ruby/object:Gem::Version
|
|
28
|
+
version: '0'
|
|
15
29
|
- !ruby/object:Gem::Dependency
|
|
16
30
|
name: oj
|
|
17
31
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -99,7 +113,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
99
113
|
- !ruby/object:Gem::Version
|
|
100
114
|
version: '0'
|
|
101
115
|
requirements: []
|
|
102
|
-
rubygems_version: 3.
|
|
116
|
+
rubygems_version: 3.3.11
|
|
103
117
|
signing_key:
|
|
104
118
|
specification_version: 4
|
|
105
119
|
summary: JWT-Based authentication and authorization with zaikio
|