Class: DistributedPress::V1::Token

Inherits:

Object

• Object
• DistributedPress::V1::Token

Defined in:

lib/distributed_press/v1/token.rb

Overview

Authentication is done using a JWT with different capabilities. This class decodes and help us figure out what we can do client-side.

Instance Attribute Summary

• #decoded ⇒ JWT readonly

  Decoded JWT.

• #header ⇒ DistributedPress::V1::Schemas::TokenHeader readonly

  Parsed and validated token header.

• #payload ⇒ DistributedPress::V1::Schemas::TokenPayload readonly

  Parsed and validated token payload.

Instance Method Summary

• #admin? ⇒ Boolean

  Checks if a token gives us admin capabilities.

• #capabilities ⇒ Array

  Returns payload capabilities.

• #expired? ⇒ Boolean

  Checks if the token expired.

• #expires_at ⇒ Time

  Return expiration time.

• #expires_in_x_seconds ⇒ Integer

  Returns expiration time in seconds.

• #forever? ⇒ Boolean

  Checks if the token never expires.

• #initialize(token:) ⇒ Token constructor

  Decodes a JWT string.

• #issued_at ⇒ Time

  Return issuing time.

• #publisher? ⇒ Boolean

  Checks if a token gives us publisher capabilities.

• #refresh? ⇒ Boolean

  Checks if a token gives us refresh capabilities.

• #to_s ⇒ String

  Returns the original token when converted to String.

Constructor Details

#initialize(token:) ⇒ Token

Decodes a JWT string

Parameters:

• token (String)

Raises:

• (TokenHeaderNotValidError)

# File 'lib/distributed_press/v1/token.rb', line 33

def initialize(token:)
  @token = token
  # XXX: We can't validate the token without its secret.
  @decoded = JWT.decode(token, nil, false)

  @header = Schemas::TokenHeader.new.call(decoded.find do |part|
    part['alg']
  end)

  @payload = Schemas::TokenPayload.new.call(decoded.find do |part|
    part['tokenId']
  end)

  raise TokenHeaderNotValidError unless header.success?
  raise TokenPayloadNotValidError unless payload.success?
end

Instance Attribute Details

#decoded ⇒ JWT (readonly)

Decoded JWT

Returns:

• (JWT)

# File 'lib/distributed_press/v1/token.rb', line 17

def decoded
  @decoded
end

#header ⇒ DistributedPress::V1::Schemas::TokenHeader (readonly)

Parsed and validated token header

Returns:

• (DistributedPress::V1::Schemas::TokenHeader)

See Also:

• https://jwt.io

# File 'lib/distributed_press/v1/token.rb', line 23

def header
  @header
end

#payload ⇒ DistributedPress::V1::Schemas::TokenPayload (readonly)

Parsed and validated token payload

Returns:

• (DistributedPress::V1::Schemas::TokenPayload)

# File 'lib/distributed_press/v1/token.rb', line 28

def payload
  @payload
end

Instance Method Details

#admin? ⇒ Boolean

Checks if a token gives us admin capabilities

Returns:

• (Boolean)

# File 'lib/distributed_press/v1/token.rb', line 105

def admin?
  payload[:capabilities].include? 'admin'
end

#capabilities ⇒ Array

Returns payload capabilities

Returns:

• (Array)

# File 'lib/distributed_press/v1/token.rb', line 119

def capabilities
  payload[:capabilities]
end

#expired? ⇒ Boolean

Checks if the token expired. Returns false if expiration time is negative.

Returns:

• (Boolean)

# File 'lib/distributed_press/v1/token.rb', line 61

def expired?
  return false if forever?

  !expires_in_x_seconds.positive?
end

#expires_at ⇒ Time

Return expiration time

Returns:

• (Time)

# File 'lib/distributed_press/v1/token.rb', line 84

def expires_at
  Time.at(0, payload[:expires], :millisecond)
end

#expires_in_x_seconds ⇒ Integer

Returns expiration time in seconds

Returns:

• (Integer)

# File 'lib/distributed_press/v1/token.rb', line 91

def expires_in_x_seconds
  expires_at.to_i - Time.now.to_i
end

#forever? ⇒ Boolean

Checks if the token never expires

Returns:

• (Boolean)

# File 'lib/distributed_press/v1/token.rb', line 70

def forever?
  payload[:expires].negative?
end

#issued_at ⇒ Time

Return issuing time

Returns:

• (Time)

# File 'lib/distributed_press/v1/token.rb', line 77

def issued_at
  Time.at(payload[:iat])
end

#publisher? ⇒ Boolean

Checks if a token gives us publisher capabilities

Returns:

• (Boolean)

# File 'lib/distributed_press/v1/token.rb', line 98

def publisher?
  payload[:capabilities].include? 'publisher'
end

#refresh? ⇒ Boolean

Checks if a token gives us refresh capabilities

Returns:

• (Boolean)

# File 'lib/distributed_press/v1/token.rb', line 112

def refresh?
  payload[:capabilities].include? 'refresh'
end

#to_s ⇒ String

Returns the original token when converted to String

Returns:

• (String)

# File 'lib/distributed_press/v1/token.rb', line 53

def to_s
  @token
end