zaikio-jwt_auth 2.1.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e030f7e4c7f0be8b37a722ff691b7bf1398cd31ca449b41a9923b51f5a008df8
-  data.tar.gz: 13a0d7a174af3ca58772b116e22d2fcc893291d59010ce127df82f1dca77ea5c
+  metadata.gz: 10365dcb96c417de5f8226e97fc835334e5b6ed92868fead27d443565013c7d3
+  data.tar.gz: 5c66b0a5359ab1db156861650ccb142ec1e5572074000fb8c0c4c1740ccc833c
 SHA512:
-  metadata.gz: c91befdc7f28018a2e19bcafdcbd805ef87467a6fde8fc1b4899b6c6a327a6a89327902f84bdd07f42749c265535cdc3b83bd6289e958fcd2b4d520e46462d94
-  data.tar.gz: aa56620ee2936346ef5b6d73ff0e8189ad8cc46d7ab44ca36783ad744f577513fb4786fa48023f4918491b04f166d9f0db5b66ef8b9f9a7d6ee04a315938bde7
+  metadata.gz: b52f0baddf61c6d418b0b82a1e003a82fde64484182485662111ec52a8d37275886db7c282ab9ab7d211888eb64c760d2541662905200e80f016c13dcb04566a
+  data.tar.gz: 815b388a900b8b3f6d10a46f9a0968f6c51c7227fe232ef44ecb2509f4c23d9dbea34482de4f9229af6de455e98bf3d31529ab86618d30685dcfcae2e4cc6881

data/README.md

@@ -134,6 +134,27 @@ class ResourcesControllerTest < ActionDispatch::IntegrationTest
 end
 ```
 
+### 8. Setup rack-attack for throttling
+
+This gem ships with a rack middleware that should be used to throttle requests by app and/or subject. You can use the middleware with [rack-attack](https://github.com/rack/rack-attack) as described here:
+
+```rb
+# config/initializers/rack_attack.rb
+
+MyApp::Application.config.middleware.insert_before Rack::Attack, Zaikio::JWTAuth::RackMiddleware
+
+class Rack::Attack
+  Rack::Attack.throttled_response_retry_after_header = true
+
+  throttle("zaikio/by_app_sub", limit: 600, period: 1.minute) do |request|
+    next unless request.path.start_with?("/api/")
+    next unless request.env[Zaikio::JWTAuth::RackMiddleware::SUBJECT] # does not use zaikio JWT
+
+    "#{request.env[Zaikio::JWTAuth::RackMiddleware::AUDIENCE]}/#{request.env[Zaikio::JWTAuth::RackMiddleware::SUBJECT]}"
+  end
+end
+```
+
 ## Advanced
 
 ### `only` and `except`

data/lib/zaikio/jwt_auth/rack_middleware.rb

@@ -0,0 +1,27 @@
+module Zaikio
+  module JWTAuth
+    class RackMiddleware
+      AUDIENCE = "zaikio.jwt.audience".freeze
+      SUBJECT  = "zaikio.jwt.subject".freeze
+
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        token_data = begin
+          Zaikio::JWTAuth.extract(env["HTTP_AUTHORIZATION"])
+        rescue JWT::ExpiredSignature, JWT::DecodeError
+          nil
+        end
+
+        if token_data
+          env[AUDIENCE] = token_data.audience || :personal_token
+          env[SUBJECT] = token_data.subject
+        end
+
+        @app.call(env)
+      end
+    end
+  end
+end

data/lib/zaikio/jwt_auth/test_helper.rb

@@ -11,7 +11,7 @@ module Zaikio
           iss: "ZAI",
           sub: nil,
           aud: %w[test_app],
-          jti: "unique-access-token-id",
+          jti: SecureRandom.uuid,
           nbf: Time.now.to_i,
           exp: 1.hour.from_now.to_i,
           jku: "http://hub.zaikio.test/api/v1/jwt_public_keys.json",

data/lib/zaikio/jwt_auth/token_data.rb

@@ -95,6 +95,10 @@ module Zaikio
         subject_match[5]
       end
 
+      def subject
+        "#{subject_type}/#{subject_id}"
+      end
+
       def on_behalf_of_id
         subject_match[3]
       end

data/lib/zaikio/jwt_auth/version.rb

@@ -1,5 +1,5 @@
 module Zaikio
   module JWTAuth
-    VERSION = "2.1.0".freeze
+    VERSION = "2.2.0".freeze
   end
 end

data/lib/zaikio/jwt_auth.rb

@@ -6,6 +6,7 @@ require "zaikio/jwt_auth/configuration"
 require "zaikio/jwt_auth/directory_cache"
 require "zaikio/jwt_auth/jwk"
 require "zaikio/jwt_auth/token_data"
+require "zaikio/jwt_auth/rack_middleware"
 require "zaikio/jwt_auth/engine"
 require "zaikio/jwt_auth/test_helper"
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: zaikio-jwt_auth
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.2.0
 platform: ruby
 authors:
 - crispymtn
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-08-02 00:00:00.000000000 Z
+date: 2022-09-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activejob
@@ -88,6 +88,7 @@ files:
 - lib/zaikio/jwt_auth/directory_cache.rb
 - lib/zaikio/jwt_auth/engine.rb
 - lib/zaikio/jwt_auth/jwk.rb
+- lib/zaikio/jwt_auth/rack_middleware.rb
 - lib/zaikio/jwt_auth/railtie.rb
 - lib/zaikio/jwt_auth/test_helper.rb
 - lib/zaikio/jwt_auth/token_data.rb