zaikio-jwt_auth 2.1.0 → 2.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e030f7e4c7f0be8b37a722ff691b7bf1398cd31ca449b41a9923b51f5a008df8
4
- data.tar.gz: 13a0d7a174af3ca58772b116e22d2fcc893291d59010ce127df82f1dca77ea5c
3
+ metadata.gz: 10365dcb96c417de5f8226e97fc835334e5b6ed92868fead27d443565013c7d3
4
+ data.tar.gz: 5c66b0a5359ab1db156861650ccb142ec1e5572074000fb8c0c4c1740ccc833c
5
5
  SHA512:
6
- metadata.gz: c91befdc7f28018a2e19bcafdcbd805ef87467a6fde8fc1b4899b6c6a327a6a89327902f84bdd07f42749c265535cdc3b83bd6289e958fcd2b4d520e46462d94
7
- data.tar.gz: aa56620ee2936346ef5b6d73ff0e8189ad8cc46d7ab44ca36783ad744f577513fb4786fa48023f4918491b04f166d9f0db5b66ef8b9f9a7d6ee04a315938bde7
6
+ metadata.gz: b52f0baddf61c6d418b0b82a1e003a82fde64484182485662111ec52a8d37275886db7c282ab9ab7d211888eb64c760d2541662905200e80f016c13dcb04566a
7
+ data.tar.gz: 815b388a900b8b3f6d10a46f9a0968f6c51c7227fe232ef44ecb2509f4c23d9dbea34482de4f9229af6de455e98bf3d31529ab86618d30685dcfcae2e4cc6881
data/README.md CHANGED
@@ -134,6 +134,27 @@ class ResourcesControllerTest < ActionDispatch::IntegrationTest
134
134
  end
135
135
  ```
136
136
 
137
+ ### 8. Setup rack-attack for throttling
138
+
139
+ This gem ships with a rack middleware that should be used to throttle requests by app and/or subject. You can use the middleware with [rack-attack](https://github.com/rack/rack-attack) as described here:
140
+
141
+ ```rb
142
+ # config/initializers/rack_attack.rb
143
+
144
+ MyApp::Application.config.middleware.insert_before Rack::Attack, Zaikio::JWTAuth::RackMiddleware
145
+
146
+ class Rack::Attack
147
+ Rack::Attack.throttled_response_retry_after_header = true
148
+
149
+ throttle("zaikio/by_app_sub", limit: 600, period: 1.minute) do |request|
150
+ next unless request.path.start_with?("/api/")
151
+ next unless request.env[Zaikio::JWTAuth::RackMiddleware::SUBJECT] # does not use zaikio JWT
152
+
153
+ "#{request.env[Zaikio::JWTAuth::RackMiddleware::AUDIENCE]}/#{request.env[Zaikio::JWTAuth::RackMiddleware::SUBJECT]}"
154
+ end
155
+ end
156
+ ```
157
+
137
158
  ## Advanced
138
159
 
139
160
  ### `only` and `except`
@@ -0,0 +1,27 @@
1
+ module Zaikio
2
+ module JWTAuth
3
+ class RackMiddleware
4
+ AUDIENCE = "zaikio.jwt.audience".freeze
5
+ SUBJECT = "zaikio.jwt.subject".freeze
6
+
7
+ def initialize(app)
8
+ @app = app
9
+ end
10
+
11
+ def call(env)
12
+ token_data = begin
13
+ Zaikio::JWTAuth.extract(env["HTTP_AUTHORIZATION"])
14
+ rescue JWT::ExpiredSignature, JWT::DecodeError
15
+ nil
16
+ end
17
+
18
+ if token_data
19
+ env[AUDIENCE] = token_data.audience || :personal_token
20
+ env[SUBJECT] = token_data.subject
21
+ end
22
+
23
+ @app.call(env)
24
+ end
25
+ end
26
+ end
27
+ end
@@ -11,7 +11,7 @@ module Zaikio
11
11
  iss: "ZAI",
12
12
  sub: nil,
13
13
  aud: %w[test_app],
14
- jti: "unique-access-token-id",
14
+ jti: SecureRandom.uuid,
15
15
  nbf: Time.now.to_i,
16
16
  exp: 1.hour.from_now.to_i,
17
17
  jku: "http://hub.zaikio.test/api/v1/jwt_public_keys.json",
@@ -95,6 +95,10 @@ module Zaikio
95
95
  subject_match[5]
96
96
  end
97
97
 
98
+ def subject
99
+ "#{subject_type}/#{subject_id}"
100
+ end
101
+
98
102
  def on_behalf_of_id
99
103
  subject_match[3]
100
104
  end
@@ -1,5 +1,5 @@
1
1
  module Zaikio
2
2
  module JWTAuth
3
- VERSION = "2.1.0".freeze
3
+ VERSION = "2.2.0".freeze
4
4
  end
5
5
  end
@@ -6,6 +6,7 @@ require "zaikio/jwt_auth/configuration"
6
6
  require "zaikio/jwt_auth/directory_cache"
7
7
  require "zaikio/jwt_auth/jwk"
8
8
  require "zaikio/jwt_auth/token_data"
9
+ require "zaikio/jwt_auth/rack_middleware"
9
10
  require "zaikio/jwt_auth/engine"
10
11
  require "zaikio/jwt_auth/test_helper"
11
12
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: zaikio-jwt_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.0
4
+ version: 2.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - crispymtn
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2022-08-02 00:00:00.000000000 Z
13
+ date: 2022-09-28 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: activejob
@@ -88,6 +88,7 @@ files:
88
88
  - lib/zaikio/jwt_auth/directory_cache.rb
89
89
  - lib/zaikio/jwt_auth/engine.rb
90
90
  - lib/zaikio/jwt_auth/jwk.rb
91
+ - lib/zaikio/jwt_auth/rack_middleware.rb
91
92
  - lib/zaikio/jwt_auth/railtie.rb
92
93
  - lib/zaikio/jwt_auth/test_helper.rb
93
94
  - lib/zaikio/jwt_auth/token_data.rb