Class: LogStash::Filters::JWTDecode

Inherits:

Base

• Object
• Base
• LogStash::Filters::JWTDecode

Defined in:

lib/logstash/filters/jwt_decode.rb

Overview

This filter will decode the jwt token in your message event and retrievs the values as specified in ‘extract_fields` and adds the extracted values to the event.

It is only intended to be used as an .

Instance Method Summary

• #filter(event) ⇒ Object
• #register ⇒ Object

Instance Method Details

#filter(event) ⇒ Object

# File 'lib/logstash/filters/jwt_decode.rb', line 42

def filter(event)
  begin 
    if not @key
      decoded_token = JWT.decode event.get(@match), nil, false
    else
      decoded_token = JWT.decode event.get(@match), @key, true, {algorithm: @signature_alg}    
    end

    @extract_fields.each do |k, v| 
      event.set(k , getValueFromDecodedToken(v, decoded_token[0]))
    end
  rescue JWT::ExpiredSignature
    event.set("JWT_PARSER_ERROR","ExpiredSignature")
  rescue JWT::VerificationError
    event.set("JWT_PARSER_ERROR","VerificationError")  
  rescue JWT::ImmatureSignature
    event.set("JWT_PARSER_ERROR","ImmatureSignature")
  rescue JWT::InvalidIssuerError
    event.set("JWT_PARSER_ERROR","InvalidIssuerError")
  rescue JWT::InvalidAudError
    event.set("JWT_PARSER_ERROR","InvalidAudError")
  rescue JWT::InvalidJtiError
    event.set("JWT_PARSER_ERROR","InvalidJtiError")
  rescue JWT::InvalidIatError
    event.set("JWT_PARSER_ERROR","InvalidIatError")
  rescue JWT::InvalidSubError
    event.set("JWT_PARSER_ERROR","InvalidSubError")
  rescue JWT::DecodeError  
    event.set("JWT_PARSER_ERROR","DecodeError")
  end  
  # filter_matched should go in the last line of our successful code
  filter_matched(event)
end

#register ⇒ Object

# File 'lib/logstash/filters/jwt_decode.rb', line 34

def register
  # Add instance variables
  if @key && !@signature_alg
    raise LogStash::ConfigurationError, "signature_alg has to be specified if key is present "
  end  
end