Class: Rack::JWT::Auth

Inherits:

Object

Object
Rack::JWT::Auth

show all

Defined in:: lib/rack/jwt/auth.rb

Overview

Authentication middleware

Constant Summary collapse

SUPPORTED_ALGORITHMS =

%w(none HS256 HS384 HS512 RS256 RS384 RS512 ES256 ES384 ES512).freeze

DEFAULT_ALGORITHM =

'HS256'.freeze

BEARER_TOKEN_REGEX = The last segment gets dropped for ‘none’ algorithm since there is no signature so both of these patterns are valid. All character chunks are base64url format and periods. Bearer abc123.abc123.abc123 Bearer abc123.abc123.

%r{
  ^Bearer\s{1}(       # starts with Bearer and a single space
  [a-zA-Z0-9\-\_]+\.  # 1 or more chars followed by a single period
  [a-zA-Z0-9\-\_]+\.  # 1 or more chars followed by a single period
  [a-zA-Z0-9\-\_]*    # 0 or more chars, no trailing chars
  )$
}x

Instance Attribute Summary collapse

#exclude ⇒ Object readonly

Returns the value of attribute exclude.
#options ⇒ Object readonly

Returns the value of attribute options.
#secret ⇒ Object readonly

Returns the value of attribute secret.
#verify ⇒ Object readonly

Returns the value of attribute verify.

Instance Method Summary collapse

#call(env) ⇒ Object
#initialize(app, opts = {}) ⇒ Auth constructor

Initialization should fail fast with an ArgumentError if any args are invalid.

Constructor Details

#initialize(app, opts = {}) ⇒ `Auth`

Initialization should fail fast with an ArgumentError if any args are invalid.

# File 'lib/rack/jwt/auth.rb', line 30

def initialize(app, opts = {})
  @app     = app
  @secret  = opts.fetch(:secret, nil)
  @verify  = opts.fetch(:verify, true)
  @options = opts.fetch(:options, {})
  @exclude = opts.fetch(:exclude, [])

  @secret  = @secret.strip if @secret.is_a?(String)
  @options[:algorithm] = DEFAULT_ALGORITHM if @options[:algorithm].nil?

  check_secret_type!
  check_secret!
  check_secret_and_verify_for_none_alg!
  check_verify_type!
  check_options_type!
  check_valid_algorithm!
  check_exclude_type!
end

Instance Attribute Details

#exclude ⇒ `Object` (readonly)

Returns the value of attribute exclude.



10
11
12

# File 'lib/rack/jwt/auth.rb', line 10

def exclude
  @exclude
end

#options ⇒ `Object` (readonly)

Returns the value of attribute options.



9
10
11

# File 'lib/rack/jwt/auth.rb', line 9

def options
  @options
end

#secret ⇒ `Object` (readonly)

Returns the value of attribute secret.



7
8
9

# File 'lib/rack/jwt/auth.rb', line 7

def secret
  @secret
end

#verify ⇒ `Object` (readonly)

Returns the value of attribute verify.



8
9
10

# File 'lib/rack/jwt/auth.rb', line 8

def verify
  @verify
end

Instance Method Details

#call(env) ⇒ `Object`

# File 'lib/rack/jwt/auth.rb', line 49

def call(env)
  if path_matches_excluded_path?(env)
    @app.call(env)
  elsif missing_auth_header?(env)
    return_error('Missing Authorization header')
  elsif invalid_auth_header?(env)
    return_error('Invalid Authorization header format')
  else
    verify_token(env)
  end
end