zaikio-jwt_auth 2.1.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +21 -0
  3. data/lib/zaikio/jwt_auth/rack_middleware.rb +27 -0
  4. data/lib/zaikio/jwt_auth/test_helper.rb +1 -1
  5. data/lib/zaikio/jwt_auth/token_data.rb +4 -0
  6. data/lib/zaikio/jwt_auth/version.rb +1 -1
  7. data/lib/zaikio/jwt_auth.rb +1 -0
  8. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e030f7e4c7f0be8b37a722ff691b7bf1398cd31ca449b41a9923b51f5a008df8
4
- data.tar.gz: 13a0d7a174af3ca58772b116e22d2fcc893291d59010ce127df82f1dca77ea5c
3
+ metadata.gz: 10365dcb96c417de5f8226e97fc835334e5b6ed92868fead27d443565013c7d3
4
+ data.tar.gz: 5c66b0a5359ab1db156861650ccb142ec1e5572074000fb8c0c4c1740ccc833c
5
5
  SHA512:
6
- metadata.gz: c91befdc7f28018a2e19bcafdcbd805ef87467a6fde8fc1b4899b6c6a327a6a89327902f84bdd07f42749c265535cdc3b83bd6289e958fcd2b4d520e46462d94
7
- data.tar.gz: aa56620ee2936346ef5b6d73ff0e8189ad8cc46d7ab44ca36783ad744f577513fb4786fa48023f4918491b04f166d9f0db5b66ef8b9f9a7d6ee04a315938bde7
6
+ metadata.gz: b52f0baddf61c6d418b0b82a1e003a82fde64484182485662111ec52a8d37275886db7c282ab9ab7d211888eb64c760d2541662905200e80f016c13dcb04566a
7
+ data.tar.gz: 815b388a900b8b3f6d10a46f9a0968f6c51c7227fe232ef44ecb2509f4c23d9dbea34482de4f9229af6de455e98bf3d31529ab86618d30685dcfcae2e4cc6881
data/README.md CHANGED
@@ -134,6 +134,27 @@ class ResourcesControllerTest < ActionDispatch::IntegrationTest
134
134
  end
135
135
  ```
136
136
 
137
+ ### 8. Setup rack-attack for throttling
138
+
139
+ This gem ships with a rack middleware that should be used to throttle requests by app and/or subject. You can use the middleware with [rack-attack](https://github.com/rack/rack-attack) as described here:
140
+
141
+ ```rb
142
+ # config/initializers/rack_attack.rb
143
+
144
+ MyApp::Application.config.middleware.insert_before Rack::Attack, Zaikio::JWTAuth::RackMiddleware
145
+
146
+ class Rack::Attack
147
+ Rack::Attack.throttled_response_retry_after_header = true
148
+
149
+ throttle("zaikio/by_app_sub", limit: 600, period: 1.minute) do |request|
150
+ next unless request.path.start_with?("/api/")
151
+ next unless request.env[Zaikio::JWTAuth::RackMiddleware::SUBJECT] # does not use zaikio JWT
152
+
153
+ "#{request.env[Zaikio::JWTAuth::RackMiddleware::AUDIENCE]}/#{request.env[Zaikio::JWTAuth::RackMiddleware::SUBJECT]}"
154
+ end
155
+ end
156
+ ```
157
+
137
158
  ## Advanced
138
159
 
139
160
  ### `only` and `except`
data/lib/zaikio/jwt_auth/rack_middleware.rb ADDED
@@ -0,0 +1,27 @@
1
+ module Zaikio
2
+ module JWTAuth
3
+ class RackMiddleware
4
+ AUDIENCE = "zaikio.jwt.audience".freeze
5
+ SUBJECT = "zaikio.jwt.subject".freeze
6
+
7
+ def initialize(app)
8
+ @app = app
9
+ end
10
+
11
+ def call(env)
12
+ token_data = begin
13
+ Zaikio::JWTAuth.extract(env["HTTP_AUTHORIZATION"])
14
+ rescue JWT::ExpiredSignature, JWT::DecodeError
15
+ nil
16
+ end
17
+
18
+ if token_data
19
+ env[AUDIENCE] = token_data.audience || :personal_token
20
+ env[SUBJECT] = token_data.subject
21
+ end
22
+
23
+ @app.call(env)
24
+ end
25
+ end
26
+ end
27
+ end
data/lib/zaikio/jwt_auth/test_helper.rb CHANGED
@@ -11,7 +11,7 @@ module Zaikio
11
11
  iss: "ZAI",
12
12
  sub: nil,
13
13
  aud: %w[test_app],
14
- jti: "unique-access-token-id",
14
+ jti: SecureRandom.uuid,
15
15
  nbf: Time.now.to_i,
16
16
  exp: 1.hour.from_now.to_i,
17
17
  jku: "http://hub.zaikio.test/api/v1/jwt_public_keys.json",
data/lib/zaikio/jwt_auth/token_data.rb CHANGED
@@ -95,6 +95,10 @@ module Zaikio
95
95
  subject_match[5]
96
96
  end
97
97
 
98
+ def subject
99
+ "#{subject_type}/#{subject_id}"
100
+ end
101
+
98
102
  def on_behalf_of_id
99
103
  subject_match[3]
100
104
  end
data/lib/zaikio/jwt_auth/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Zaikio
2
2
  module JWTAuth
3
- VERSION = "2.1.0".freeze
3
+ VERSION = "2.2.0".freeze
4
4
  end
5
5
  end
data/lib/zaikio/jwt_auth.rb CHANGED
@@ -6,6 +6,7 @@ require "zaikio/jwt_auth/configuration"
6
6
  require "zaikio/jwt_auth/directory_cache"
7
7
  require "zaikio/jwt_auth/jwk"
8
8
  require "zaikio/jwt_auth/token_data"
9
+ require "zaikio/jwt_auth/rack_middleware"
9
10
  require "zaikio/jwt_auth/engine"
10
11
  require "zaikio/jwt_auth/test_helper"
11
12
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: zaikio-jwt_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.0
4
+ version: 2.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - crispymtn
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2022-08-02 00:00:00.000000000 Z
13
+ date: 2022-09-28 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: activejob
@@ -88,6 +88,7 @@ files:
88
88
  - lib/zaikio/jwt_auth/directory_cache.rb
89
89
  - lib/zaikio/jwt_auth/engine.rb
90
90
  - lib/zaikio/jwt_auth/jwk.rb
91
+ - lib/zaikio/jwt_auth/rack_middleware.rb
91
92
  - lib/zaikio/jwt_auth/railtie.rb
92
93
  - lib/zaikio/jwt_auth/test_helper.rb
93
94
  - lib/zaikio/jwt_auth/token_data.rb