Class: Booqable::Middleware::Auth::SingleUse

Inherits:

Base

• Object
• Booqable::Middleware::Auth::SingleUse

Defined in:

lib/booqable/middleware/auth/single_use.rb

Overview

Faraday middleware for single-use JWT token authentication

This middleware generates and adds single-use JWT tokens for authentication. Each token is unique per request and includes request-specific data like method, path, and body hash to prevent replay attacks.

Supports multiple JWT algorithms: HS256 (HMAC), RS256 (RSA), and ES256 (ECDSA).

For more info see: developers.booqable.com/#authentication-request-signing

Examples:

Adding to Faraday middleware stack

builder.use Booqable::Middleware::Auth::SingleUse,
  single_use_token: "token_id",
  single_use_token_algorithm: "HS256",
  single_use_token_private_key: "secret_key",
  single_use_token_company_id: "company_uuid",
  single_use_token_user_id: "user_uuid",
  api_endpoint: "https://company.booqable.com/api/4"

Constant Summary

KIND =

Token kind identifier for JWT header

"single_use"

BOOQABLE_DOMAIN =

Default domain for issuer URL construction

"booqable.com"

Instance Method Summary

• #call(env) ⇒ Faraday::Response

  Process the HTTP request and add single-use token authentication.

• #initialize(app, options = {}) ⇒ SingleUse constructor

  Initialize the single-use token authentication middleware.

Constructor Details

#initialize(app, options = {}) ⇒ SingleUse

Initialize the single-use token authentication middleware

Parameters:

• app (#call) —

  The next middleware in the Faraday stack

• options (Hash) (defaults to: {}) —

  Configuration options

Options Hash (options):

• :single_use_token (String) —

  Token identifier (kid)

• :single_use_token_algorithm (String) —

  JWT algorithm (HS256, RS256, ES256)

• :single_use_token_expiration_period (Integer) —

  Token expiration in seconds (default: 600)

• :single_use_token_company_id (String) —

  Company UUID for audience claim

• :single_use_token_user_id (String) —

  User UUID for subject claim

• :single_use_token_private_key (String) —

  Private key or secret for signing

• :api_endpoint (String) —

  API endpoint URL for issuer determination

Raises:

• (SingleUseTokenAlgorithmRequired) —

  If algorithm is not provided

• (SingleUseTokenCompanyIdRequired) —

  If company ID is not provided

• (SingleUseTokenUserIdRequired) —

  If user ID is not provided

• (PrivateKeyOrSecretRequired) —

  If private key/secret is not provided

# File 'lib/booqable/middleware/auth/single_use.rb', line 44

def initialize(app, options = {})
  super(app)

  @kid = options.fetch(:single_use_token)
  @alg = options.fetch(:single_use_token_algorithm) || raise(SingleUseTokenAlgorithmRequired)
  @exp = options.fetch(:single_use_token_expiration_period, Time.now.to_i + 10 * 60)
  @aud = options.fetch(:single_use_token_company_id) || raise(SingleUseTokenCompanyIdRequired)
  @sub = options.fetch(:single_use_token_user_id) || raise(SingleUseTokenUserIdRequired)
  @raw_private_key = options.fetch(:single_use_token_private_key) || raise(PrivateKeyOrSecretRequired)
  @api_endpoint = options.fetch(:api_endpoint, nil)

  @private_key = private_key
end

Instance Method Details

#call(env) ⇒ Faraday::Response

Process the HTTP request and add single-use token authentication

Generates a unique JWT token for this specific request and adds it to the Authorization header. Then passes the request to the next middleware in the stack.

Parameters:

• env (Faraday::Env) —

  The request environment

Returns:

• (Faraday::Response) —

  The response from the next middleware

# File 'lib/booqable/middleware/auth/single_use.rb', line 66

def call(env)
  env.request_headers["Authorization"] ||= "Bearer #{generate_token(env)}"

  @app.call(env)
end