Class: JWT::Rack::Auth
- Inherits:
-
Object
- Object
- JWT::Rack::Auth
- Defined in:
- lib/jwt/rack/auth.rb
Overview
Authentication middleware
Constant Summary collapse
- SUPPORTED_ALGORITHMS =
[ 'none', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', ('ED25519' if defined?(RbNaCl)), ('EdDSA' if defined?(RbNaCl)) ].compact.freeze
- DEFAULT_ALGORITHM =
'HS256'
- BEARER_TOKEN_REGEX =
The last segment gets dropped for ‘none’ algorithm since there is no signature so both of these patterns are valid. All character chunks are base64url format and periods.
Bearer abc123.abc123.abc123 Bearer abc123.abc123.
%r{ ^Bearer\s{1}( # starts with Bearer and a single space [a-zA-Z0-9\-\_]+\. # 1 or more chars followed by a single period [a-zA-Z0-9\-\_]+\. # 1 or more chars followed by a single period [a-zA-Z0-9\-\_]* # 0 or more chars, no trailing chars )$ }x.freeze
- JWT_DECODE_ERRORS =
[ ::JWT::DecodeError, ::JWT::VerificationError, ::JWT::ExpiredSignature, ::JWT::IncorrectAlgorithm, ::JWT::ImmatureSignature, ::JWT::InvalidIssuerError, ::JWT::InvalidIatError, ::JWT::InvalidAudError, ::JWT::InvalidSubError, ::JWT::InvalidJtiError, ::JWT::InvalidPayload ].freeze
- MissingAuthHeader =
Class.new(StandardError)
- InvalidAuthHeaderFormat =
Class.new(StandardError)
- ERRORS_TO_RESCUE =
(JWT_DECODE_ERRORS + [MissingAuthHeader, InvalidAuthHeaderFormat]).freeze
Instance Attribute Summary collapse
-
#exclude ⇒ Object
readonly
Returns the value of attribute exclude.
-
#options ⇒ Object
readonly
Returns the value of attribute options.
-
#secret ⇒ Object
readonly
Returns the value of attribute secret.
-
#verify ⇒ Object
readonly
Returns the value of attribute verify.
Instance Method Summary collapse
- #call(env) ⇒ Object
-
#initialize(app, opts = {}) ⇒ Auth
constructor
Initialization should fail fast with an ArgumentError if any args are invalid.
Constructor Details
#initialize(app, opts = {}) ⇒ Auth
Initialization should fail fast with an ArgumentError if any args are invalid.
65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 |
# File 'lib/jwt/rack/auth.rb', line 65 def initialize(app, opts = {}) @app = app @secret = opts.fetch(:secret, nil) @verify = opts.fetch(:verify, true) @options = opts.fetch(:options, {}) @exclude = opts.fetch(:exclude, []) @on_error = opts.fetch(:on_error, method(:default_on_error)) @secret = @secret.strip if @secret.is_a?(String) @options[:algorithm] = DEFAULT_ALGORITHM if @options[:algorithm].nil? check_secret_type! check_secret! check_secret_and_verify_for_none_alg! check_verify_type! check_valid_algorithm! check_exclude_type! check_on_error_callable! end |
Instance Attribute Details
#exclude ⇒ Object (readonly)
Returns the value of attribute exclude.
12 13 14 |
# File 'lib/jwt/rack/auth.rb', line 12 def exclude @exclude end |
#options ⇒ Object (readonly)
Returns the value of attribute options.
11 12 13 |
# File 'lib/jwt/rack/auth.rb', line 11 def @options end |
#secret ⇒ Object (readonly)
Returns the value of attribute secret.
9 10 11 |
# File 'lib/jwt/rack/auth.rb', line 9 def secret @secret end |
#verify ⇒ Object (readonly)
Returns the value of attribute verify.
10 11 12 |
# File 'lib/jwt/rack/auth.rb', line 10 def verify @verify end |
Instance Method Details
#call(env) ⇒ Object
87 88 89 90 91 92 93 |
# File 'lib/jwt/rack/auth.rb', line 87 def call(env) if path_matches_excluded_path?(env) @app.call(env) else verify_token(env) end end |