Class: Rack::JWT::Auth

Inherits:

Object

Object
Rack::JWT::Auth

show all

Defined in:: lib/rack/jwt/auth.rb

Overview

Authentication middleware

Constant Summary collapse

SUPPORTED_ALGORITHMS =

[
  'none',
  'HS256',
  'HS384',
  'HS512',
  'RS256',
  'RS384',
  'RS512',
  'ES256',
  'ES384',
  'ES512',
  ('ED25519' if defined?(RbNaCl)),
].compact.freeze

DEFAULT_ALGORITHM =

'HS256'.freeze

BEARER_TOKEN_REGEX = The last segment gets dropped for ‘none’ algorithm since there is no signature so both of these patterns are valid. All character chunks are base64url format and periods. Bearer abc123.abc123.abc123 Bearer abc123.abc123.

%r{
  ^Bearer\s{1}(       # starts with Bearer and a single space
  [a-zA-Z0-9\-\_]+\.  # 1 or more chars followed by a single period
  [a-zA-Z0-9\-\_]+\.  # 1 or more chars followed by a single period
  [a-zA-Z0-9\-\_]*    # 0 or more chars, no trailing chars
  )$
}x

Instance Attribute Summary collapse

#exclude ⇒ Object readonly

Returns the value of attribute exclude.
#options ⇒ Object readonly

Returns the value of attribute options.
#secret ⇒ Object readonly

Returns the value of attribute secret.
#verify ⇒ Object readonly

Returns the value of attribute verify.

Instance Method Summary collapse

#call(env) ⇒ Object
#initialize(app, opts = {}) ⇒ Auth constructor

Initialization should fail fast with an ArgumentError if any args are invalid.

Constructor Details

#initialize(app, opts = {}) ⇒ `Auth`

Initialization should fail fast with an ArgumentError if any args are invalid.

# File 'lib/rack/jwt/auth.rb', line 43

def initialize(app, opts = {})
  @app     = app
  @secret  = opts.fetch(:secret, nil)
  @verify  = opts.fetch(:verify, true)
  @options = opts.fetch(:options, {})
  @exclude = opts.fetch(:exclude, [])

  @secret  = @secret.strip if @secret.is_a?(String)
  @options[:algorithm] = DEFAULT_ALGORITHM if @options[:algorithm].nil?

  check_secret_type!
  check_secret!
  check_secret_and_verify_for_none_alg!
  check_verify_type!
  check_options_type!
  check_valid_algorithm!
  check_exclude_type!
end

Instance Attribute Details

#exclude ⇒ `Object` (readonly)

Returns the value of attribute exclude.



10
11
12

# File 'lib/rack/jwt/auth.rb', line 10

def exclude
  @exclude
end

#options ⇒ `Object` (readonly)

Returns the value of attribute options.



9
10
11

# File 'lib/rack/jwt/auth.rb', line 9

def options
  @options
end

#secret ⇒ `Object` (readonly)

Returns the value of attribute secret.



7
8
9

# File 'lib/rack/jwt/auth.rb', line 7

def secret
  @secret
end

#verify ⇒ `Object` (readonly)

Returns the value of attribute verify.



8
9
10

# File 'lib/rack/jwt/auth.rb', line 8

def verify
  @verify
end

Instance Method Details

#call(env) ⇒ `Object`

# File 'lib/rack/jwt/auth.rb', line 62

def call(env)
  if path_matches_excluded_path?(env)
    @app.call(env)
  elsif missing_auth_header?(env)
    return_error('Missing Authorization header')
  elsif invalid_auth_header?(env)
    return_error('Invalid Authorization header format')
  else
    verify_token(env)
  end
end