Class: JWT::Rack::Auth

Inherits:

Object

Object
JWT::Rack::Auth

show all

Defined in:: lib/jwt/rack/auth.rb

Overview

Authentication middleware

Constant Summary collapse

SUPPORTED_ALGORITHMS =

[
  'none',
  'HS256',
  'HS384',
  'HS512',
  'RS256',
  'RS384',
  'RS512',
  'ES256',
  'ES384',
  'ES512',
  ('ED25519' if defined?(RbNaCl)),
  ('EdDSA' if defined?(RbNaCl))
].compact.freeze

DEFAULT_ALGORITHM =

'HS256'

BEARER_TOKEN_REGEX = The last segment gets dropped for ‘none’ algorithm since there is no signature so both of these patterns are valid. All character chunks are base64url format and periods. Bearer abc123.abc123.abc123 Bearer abc123.abc123.

%r{
  ^Bearer\s{1}(       # starts with Bearer and a single space
  [a-zA-Z0-9\-\_]+\.  # 1 or more chars followed by a single period
  [a-zA-Z0-9\-\_]+\.  # 1 or more chars followed by a single period
  [a-zA-Z0-9\-\_]*    # 0 or more chars, no trailing chars
  )$
}x.freeze

JWT_DECODE_ERRORS =

[
  ::JWT::DecodeError,
  ::JWT::VerificationError,
  ::JWT::ExpiredSignature,
  ::JWT::IncorrectAlgorithm,
  ::JWT::ImmatureSignature,
  ::JWT::InvalidIssuerError,
  ::JWT::InvalidIatError,
  ::JWT::InvalidAudError,
  ::JWT::InvalidSubError,
  ::JWT::InvalidJtiError,
  ::JWT::InvalidPayload
].freeze

MissingAuthHeader =

Class.new(StandardError)

InvalidAuthHeaderFormat =

Class.new(StandardError)

ERRORS_TO_RESCUE =

(JWT_DECODE_ERRORS + [MissingAuthHeader, InvalidAuthHeaderFormat]).freeze

Instance Attribute Summary collapse

#exclude ⇒ Object readonly

Returns the value of attribute exclude.
#options ⇒ Object readonly

Returns the value of attribute options.
#secret ⇒ Object readonly

Returns the value of attribute secret.
#verify ⇒ Object readonly

Returns the value of attribute verify.

Instance Method Summary collapse

#call(env) ⇒ Object
#initialize(app, opts = {}) ⇒ Auth constructor

Initialization should fail fast with an ArgumentError if any args are invalid.

Constructor Details

#initialize(app, opts = {}) ⇒ `Auth`

Initialization should fail fast with an ArgumentError if any args are invalid.

# File 'lib/jwt/rack/auth.rb', line 65

def initialize(app, opts = {})
  @app     = app
  @secret  = opts.fetch(:secret, nil)
  @verify  = opts.fetch(:verify, true)
  @options = opts.fetch(:options, {})
  @exclude = opts.fetch(:exclude, [])

  @on_error = opts.fetch(:on_error, method(:default_on_error))

  @secret = @secret.strip if @secret.is_a?(String)
  @options[:algorithm] = DEFAULT_ALGORITHM if @options[:algorithm].nil?

  check_secret_type!
  check_secret!
  check_secret_and_verify_for_none_alg!
  check_verify_type!
  check_options_type!
  check_valid_algorithm!
  check_exclude_type!
  check_on_error_callable!
end

Instance Attribute Details

#exclude ⇒ `Object` (readonly)

Returns the value of attribute exclude.



12
13
14

# File 'lib/jwt/rack/auth.rb', line 12

def exclude
  @exclude
end

#options ⇒ `Object` (readonly)

Returns the value of attribute options.



11
12
13

# File 'lib/jwt/rack/auth.rb', line 11

def options
  @options
end

#secret ⇒ `Object` (readonly)

Returns the value of attribute secret.



9
10
11

# File 'lib/jwt/rack/auth.rb', line 9

def secret
  @secret
end

#verify ⇒ `Object` (readonly)

Returns the value of attribute verify.



10
11
12

# File 'lib/jwt/rack/auth.rb', line 10

def verify
  @verify
end

Instance Method Details

#call(env) ⇒ `Object`

# File 'lib/jwt/rack/auth.rb', line 87

def call(env)
  if path_matches_excluded_path?(env)
    @app.call(env)
  else
    verify_token(env)
  end
end