zaikio-jwt_auth 2.1.1 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1f9c9c81be4267790236a02e7b3ffe5b6f7e1aa8ac13196e421b6140cb109081
-  data.tar.gz: 9081893a8669d3729bba2ccc7f8bc03eeb71ca371c637fddfc6d245d1ad0cfd1
+  metadata.gz: 10365dcb96c417de5f8226e97fc835334e5b6ed92868fead27d443565013c7d3
+  data.tar.gz: 5c66b0a5359ab1db156861650ccb142ec1e5572074000fb8c0c4c1740ccc833c
 SHA512:
-  metadata.gz: 4c57d8b69bf85297feaf2486fe809de05c2cc2a2deed4a1123b9a27a4503b39d71182ff8cf8f2550e9ee9105729957e8d3395ec223ad146fa258c08132da0b31
-  data.tar.gz: dabda6c4b3aa7ed7c1ffe41b0e14d40994db16918c85a9e86535fb7deb369af37226752b5e74ff925cb3e31d2919336066b9f1d626a3619c0dbfefe967d602ab
+  metadata.gz: b52f0baddf61c6d418b0b82a1e003a82fde64484182485662111ec52a8d37275886db7c282ab9ab7d211888eb64c760d2541662905200e80f016c13dcb04566a
+  data.tar.gz: 815b388a900b8b3f6d10a46f9a0968f6c51c7227fe232ef44ecb2509f4c23d9dbea34482de4f9229af6de455e98bf3d31529ab86618d30685dcfcae2e4cc6881

data/README.md

@@ -134,6 +134,27 @@ class ResourcesControllerTest < ActionDispatch::IntegrationTest
 end
 ```
 
+### 8. Setup rack-attack for throttling
+
+This gem ships with a rack middleware that should be used to throttle requests by app and/or subject. You can use the middleware with [rack-attack](https://github.com/rack/rack-attack) as described here:
+
+```rb
+# config/initializers/rack_attack.rb
+
+MyApp::Application.config.middleware.insert_before Rack::Attack, Zaikio::JWTAuth::RackMiddleware
+
+class Rack::Attack
+  Rack::Attack.throttled_response_retry_after_header = true
+
+  throttle("zaikio/by_app_sub", limit: 600, period: 1.minute) do |request|
+    next unless request.path.start_with?("/api/")
+    next unless request.env[Zaikio::JWTAuth::RackMiddleware::SUBJECT] # does not use zaikio JWT
+
+    "#{request.env[Zaikio::JWTAuth::RackMiddleware::AUDIENCE]}/#{request.env[Zaikio::JWTAuth::RackMiddleware::SUBJECT]}"
+  end
+end
+```
+
 ## Advanced
 
 ### `only` and `except`

data/lib/zaikio/jwt_auth/rack_middleware.rb

@@ -0,0 +1,27 @@
+module Zaikio
+  module JWTAuth
+    class RackMiddleware
+      AUDIENCE = "zaikio.jwt.audience".freeze
+      SUBJECT  = "zaikio.jwt.subject".freeze
+
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        token_data = begin
+          Zaikio::JWTAuth.extract(env["HTTP_AUTHORIZATION"])
+        rescue JWT::ExpiredSignature, JWT::DecodeError
+          nil
+        end
+
+        if token_data
+          env[AUDIENCE] = token_data.audience || :personal_token
+          env[SUBJECT] = token_data.subject
+        end
+
+        @app.call(env)
+      end
+    end
+  end
+end

data/lib/zaikio/jwt_auth/token_data.rb

@@ -95,6 +95,10 @@ module Zaikio
         subject_match[5]
       end
 
+      def subject
+        "#{subject_type}/#{subject_id}"
+      end
+
       def on_behalf_of_id
         subject_match[3]
       end

data/lib/zaikio/jwt_auth/version.rb

@@ -1,5 +1,5 @@
 module Zaikio
   module JWTAuth
-    VERSION = "2.1.1".freeze
+    VERSION = "2.2.0".freeze
   end
 end

data/lib/zaikio/jwt_auth.rb

@@ -6,6 +6,7 @@ require "zaikio/jwt_auth/configuration"
 require "zaikio/jwt_auth/directory_cache"
 require "zaikio/jwt_auth/jwk"
 require "zaikio/jwt_auth/token_data"
+require "zaikio/jwt_auth/rack_middleware"
 require "zaikio/jwt_auth/engine"
 require "zaikio/jwt_auth/test_helper"
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: zaikio-jwt_auth
 version: !ruby/object:Gem::Version
-  version: 2.1.1
+  version: 2.2.0
 platform: ruby
 authors:
 - crispymtn
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-09-06 00:00:00.000000000 Z
+date: 2022-09-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activejob
@@ -88,6 +88,7 @@ files:
 - lib/zaikio/jwt_auth/directory_cache.rb
 - lib/zaikio/jwt_auth/engine.rb
 - lib/zaikio/jwt_auth/jwk.rb
+- lib/zaikio/jwt_auth/rack_middleware.rb
 - lib/zaikio/jwt_auth/railtie.rb
 - lib/zaikio/jwt_auth/test_helper.rb
 - lib/zaikio/jwt_auth/token_data.rb