Class: ExoAuth::Auth
- Inherits:
-
Object
- Object
- ExoAuth::Auth
- Defined in:
- lib/exoauth/auth.rb
Constant Summary collapse
- DEFAULT_ALGORITHM =
'RS256'- DEFAULT_HMAC_SIZE =
20- DEFAULT_RSA_SIZE =
4096- DEFAULT_TOKEN_TTL =
3600- DEFAULT_SIGNING_KEY_PATH =
'~/.ssh/exotic-app.rsa'- DEFAULT_VERIFY_KEY_PATH =
'~/.ssh/exotic-app.rsa.pub'- @@conf =
ExoBasic::Settings.loaded['user_auth']
- @@app_signing_key =
ExoBasic::Settings.try_get_key(@@conf, true, 'signing_enabled') ? Auth.key_from_file( File.( ExoBasic::Settings.try_get_key(@@conf, Auth::DEFAULT_SIGNING_KEY_PATH, 'signing_key_path'), __FILE__), Auth.app_algorithm) : nil
- @@app_verify_key =
ExoBasic::Settings.try_get_key(@@conf, true, 'verify_enabled') ? Auth.key_from_file( File.( ExoBasic::Settings.try_get_key(@@conf, Auth::DEFAULT_VERIFY_KEY_PATH, 'verify_key_path'), __FILE__), Auth.app_algorithm) : nil
Class Method Summary collapse
- .app_algorithm ⇒ Object
- .app_expiration_ttl ⇒ Object
- .app_keys ⇒ Object
- .decode(token, verify_key = 'default', algorithm = 'default') ⇒ Object
- .encode(payload, signing_key = 'default', algorithm = 'default') ⇒ Object
- .expired?(now, expiration_time) ⇒ Boolean
- .generate_key(algorithm, parm = nil) ⇒ Object
- .get_app_signing_key ⇒ Object
- .get_app_verify_key ⇒ Object
- .issued_expiration_time(now) ⇒ Object
- .key_from_file(fname, algorithm) ⇒ Object
- .key_to_file(fname, key) ⇒ Object
- .private_key_from_pem(pem, algorithm) ⇒ Object
- .public_key_from_pem(pem, algorithm) ⇒ Object
- .settings_reloaded ⇒ Object
- .show_key(key, algorithm) ⇒ Object
Class Method Details
.app_algorithm ⇒ Object
15 16 17 18 19 |
# File 'lib/exoauth/auth.rb', line 15 def self.app_algorithm ExoBasic::Settings.try_get_key(@@conf, Auth::DEFAULT_ALGORITHM, 'algorithm') end |
.app_expiration_ttl ⇒ Object
21 22 23 24 25 |
# File 'lib/exoauth/auth.rb', line 21 def self.app_expiration_ttl ExoBasic::Settings.try_get_key(@@conf, Auth::DEFAULT_TOKEN_TTL, 'token_ttl') end |
.app_keys ⇒ Object
242 243 244 245 246 247 248 249 250 251 |
# File 'lib/exoauth/auth.rb', line 242 def self.app_keys algorithm = Auth.app_algorithm { :algorithm => algorithm, :signing_key => Auth.show_key(Auth.get_app_signing_key, algorithm), :verify_key => Auth.show_key(Auth.get_app_verify_key, algorithm), :token_ttl => Auth.app_expiration_ttl } end |
.decode(token, verify_key = 'default', algorithm = 'default') ⇒ Object
145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 |
# File 'lib/exoauth/auth.rb', line 145 def self.decode(token, verify_key='default', algorithm='default') if algorithm == 'default' algorithm = Auth.app_algorithm end if verify_key == 'default' verify_key = Auth.get_app_verify_key else verify_key = Auth.public_key_from_pem(verify_key, algorithm) end begin payload, headers = [nil, nil] if verify_key.nil? payload, headers = JWT.decode(token, nil, false) else payload, headers = JWT.decode(token, verify_key, true, { algorithm: algorithm }) end now = Time.now if !headers['iat'].nil? && (headers['iat'].to_f > now.to_f || Auth.expired?(now, Auth.issued_expiration_time(headers['iat']))) false elsif !headers['exp'].nil? && (headers['exp'].to_i < now.to_i || Auth.expired?(now, headers['exp'])) false else payload end rescue JWT::DecodeError => e return false end end |
.encode(payload, signing_key = 'default', algorithm = 'default') ⇒ Object
123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 |
# File 'lib/exoauth/auth.rb', line 123 def self.encode(payload, signing_key='default', algorithm='default') if algorithm == 'default' algorithm = Auth.app_algorithm end if signing_key == 'default' signing_key = Auth.get_app_signing_key else signing_key = Auth.private_key_from_pem(signing_key, algorithm) end now = Time.now headers = { 'iat' => now.to_i, 'exp' => Auth.issued_expiration_time(now) } if signing_key.nil? JWT.encode(payload, nil, 'none', headers) else JWT.encode(payload, signing_key, algorithm, headers) end end |
.expired?(now, expiration_time) ⇒ Boolean
31 32 33 |
# File 'lib/exoauth/auth.rb', line 31 def self.expired?(now, expiration_time) now > Time.at(expiration_time.to_i) end |
.generate_key(algorithm, parm = nil) ⇒ Object
48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
# File 'lib/exoauth/auth.rb', line 48 def self.generate_key(algorithm, parm=nil) case algorithm when 'HS256' if parm.nil? parm = Auth::DEFAULT_HMAC_SIZE end ExoBasic::HMACKeys.gen_key(parm) when 'ES384' ExoBasic::ECDSAKeys.gen_key('secp384r1') when 'ES512' ExoBasic::ECDSAKeys.gen_key('secp521r1') when 'RS256' if parm.nil? parm = Auth::DEFAULT_RSA_SIZE end ExoBasic::RSAKeys.gen_key(parm) else nil end end |
.get_app_signing_key ⇒ Object
234 235 236 |
# File 'lib/exoauth/auth.rb', line 234 def self.get_app_signing_key @@app_signing_key end |
.get_app_verify_key ⇒ Object
238 239 240 |
# File 'lib/exoauth/auth.rb', line 238 def self.get_app_verify_key @@app_verify_key end |
.issued_expiration_time(now) ⇒ Object
27 28 29 |
# File 'lib/exoauth/auth.rb', line 27 def self.issued_expiration_time(now) now.to_i + Auth.app_expiration_ttl end |
.key_from_file(fname, algorithm) ⇒ Object
100 101 102 103 104 105 106 107 108 109 110 111 112 |
# File 'lib/exoauth/auth.rb', line 100 def self.key_from_file(fname, algorithm) key = nil File.open(fname) do |file| case algorithm when 'HS256' key = file.read when 'ES384', 'ES512', 'RS256' key = OpenSSL::PKey.read(file) end end key end |
.key_to_file(fname, key) ⇒ Object
114 115 116 117 118 119 120 121 |
# File 'lib/exoauth/auth.rb', line 114 def self.key_to_file(fname, key) done = false File.open(fname, 'w') do |file| done = file.write(key) > 0 end done end |
.private_key_from_pem(pem, algorithm) ⇒ Object
71 72 73 74 75 76 77 78 79 80 81 82 83 |
# File 'lib/exoauth/auth.rb', line 71 def self.private_key_from_pem(pem, algorithm) pkey = nil case algorithm when 'HS256' pkey = pem when 'ES384', 'ES512' pkey = ExoBasic::ECDSAKeys.from_pem(pem) when 'RS256' pkey = ExoBasic::RSAKeys.from_pem(pem) end pkey end |
.public_key_from_pem(pem, algorithm) ⇒ Object
85 86 87 88 89 90 91 92 93 94 95 96 97 98 |
# File 'lib/exoauth/auth.rb', line 85 def self.public_key_from_pem(pem, algorithm) pub_key = nil case algorithm when 'HS256' pub_key = pem when 'ES384', 'ES512' pub_key = ExoBasic::ECDSAKeys.from_pem(pem) pub_key.private_key = nil when 'RS256' pub_key = ExoBasic::RSAKeys.from_pem(pem) end pub_key end |
.settings_reloaded ⇒ Object
206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 |
# File 'lib/exoauth/auth.rb', line 206 def self.settings_reloaded @@conf = ExoBasic::Settings.loaded['user_auth'] @@app_signing_key = ExoBasic::Settings.try_get_key(@@conf, true, 'signing_enabled') ? Auth.key_from_file( File.( ExoBasic::Settings.try_get_key(@@conf, Auth::DEFAULT_SIGNING_KEY_PATH, 'signing_key_path'), __FILE__), Auth.app_algorithm) : nil @@app_verify_key = ExoBasic::Settings.try_get_key(@@conf, true, 'verify_enabled') ? Auth.key_from_file( File.( ExoBasic::Settings.try_get_key(@@conf, Auth::DEFAULT_VERIFY_KEY_PATH, 'verify_key_path'), __FILE__), Auth.app_algorithm) : nil end |
.show_key(key, algorithm) ⇒ Object
35 36 37 38 39 40 41 42 43 44 45 46 |
# File 'lib/exoauth/auth.rb', line 35 def self.show_key(key, algorithm) case algorithm when 'HS256' key when 'ES384', 'ES512' ExoBasic::ECDSAKeys.to_pem(key) when 'RS256' ExoBasic::RSAKeys.to_pem(key) else nil end end |