A JWT authorization middleware for any web application.
JayDoubleuTee is inspired by Hanami philosophy to build components that are highly reusable, and compatible with any ruby application.
JayDoubleuTee is fully compatible with RACK, so it is with Hanami, Rails, Sinatra, Roda, and whatever else you can think about.
Add this line to your application's Gemfile:
gem 'jay_doubleu_tee'
And then execute:
$ bundle install
Or install it yourself as:
$ gem install jay_doubleu_tee
jay_doubleu_tee
uses RS256 algorithm by default, so youl'll need a private/public key pair and the access token for testing it out.
In your console run
require 'jwt'
payload = {
data: { user_id: "de804507-5d03-4493-a038-d62f499b8a96" }, scopes: ""
}
private_key = OpenSSL::PKey::RSA.generate 2048
secret = private_key.public_key.to_s
token = JWT.encode payload, private_key, 'RS256'
Then save the ENV
variable JAY_DOUBLEU_TEE_PUBLIC_KEY
by setting the as a value your secret.
require "jay_doubleu_tee"
class App
include JayDoubleuTee::Auth
def call(env)
status, body = [200, [{ message: "Hello, World!", auth: auth.value! }]]
[status, headers, body]
end
private
def headers
{ 'Content-Type' => 'application/json' }
end
end
JayDoubleuTee.configure do |config|
config.algorithm = 'RS256'
config.secret = ENV['JAY_DOUBLEU_TEE_PUBLIC_KEY']
end
use JayDoubleuTee::Authorization
run App.new
curl --location --request GET 'http://localhost:9292' \
--header 'Authorization: Bearer <<YOUR_TOKEN>>'
# => 200:
# {
# message: 'Hello, World!,
# auth: {
# data: { user_id: "de804507-5d03-4493-a038-d62f499b8a96" },
# scopes: ""
# }
# }
curl --location --request GET 'http://localhost:9292' \
--header 'Authorization: Bearer invalid'
# => 401: { error: Unauthorized. Token invalid }
# config.ru
require "jay_doubleu_tee"
use JayDoubleuTee::Authorization
# config.ru
require "jay_doubleu_tee"
use JayDoubleuTee::Authorization
JayDoubleuTee users RS256 encryption algoritym by default, but you can completely disable the token signature validation by setting up algorithm to 'none'. Check out the Configuration section.
Below are listed all supported algoritms at the moment.
%w[none HS256 RS256 prime256v1 ES256 ED25519 PS256]
For more info about each of them refer to jwt documentation
To set encryption algorithm, you can configure several fields
JayDoubleuTee.configure do |config|
config.algorithm = 'RS256'
config.secret = ENV['PUBLIC_KEY']
end
Again, for information how to generate private and public keys, jwt documentation or check out the spec files
Authorizing by default
JayDoubleuTee uses secure by default principle, adding authorization to all endpoints using the middleware. If you don't want to authorize all responses by default, you can override the corresponding setting.
JayDoubleuTee.configure do |config|
config.authorize_by_default = false
end
Then in your action you need to handle authorization failure on your own.
if auth.success?
[200, [{ message: "Hello, World!", auth: auth.value! }]]
else
[401, [{ error: auth.failure }.to_json]]
end
This may be useful if you have only one component in your application using the JWT flow, while the rest use different authorization mechanism.
After checking out the repo, run bin/setup
to install dependencies. Then, run rake spec
to run the tests. You can also run bin/console
for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install
. To release a new version, update the version number in version.rb
, and then run bundle exec rake release
, which will create a git tag for the version, push git commits and tags, and push the .gem
file to rubygems.org.
It's built on top of several gems to ensure the best user experience.
- Hanami Mastery screencast
- JWT
- dry-effects. Here is the video tutorial for dry-effects
- dry-monads. Here is a video tutorial for dry-monads
- dry-configurable. Here is the video tutorial for dry-configurable
Bug reports and pull requests are welcome on GitHub at https://github.com/hanamimastery/jay_doubleu_tee. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the code of conduct.
The gem is available as open source under the terms of the MIT License.
Everyone interacting in the JayDoubleuTee project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.