class Monban::Domain::Auth::Decoder
Public Instance Methods
decode(token, type:, roles:)
click to toggle source
# File lib/monban/domain/auth.rb, line 100 def decode(token, type:, roles:) case type when :full full_format ::JWT.decode( token, jwt_secret, true, algorithm: jwt_algorithm, verify_iss: true, iss: iss(type), verify_iat: true, verify_sub: true, verify_aud: !!roles, aud: ([*roles] + allow_full_access).map(&:to_s), ) when :authy authy_format ::JWT.decode( token, jwt_secret, true, algorithm: jwt_algorithm, verify_iss: true, iss: iss(type), verify_iat: true, verify_sub: true, verify_aud: roles[:only_registered], aud: authy_roles.first, ) when :reset reset_format ::JWT.decode( token, jwt_secret, true, algorithm: jwt_algorithm, verify_iss: true, iss: iss(type), verify_sub: true, verify_iat: true, ) else raise SettingError, "decode: invalid type: #{type}" end rescue ::JWT::DecodeError => e error! e.message end
Private Instance Methods
authy_format(result)
click to toggle source
# File lib/monban/domain/auth.rb, line 163 def authy_format(result) payload, header = result validate_header! header validate_authy! payload { public_id: payload["sub"], } end
error!(message)
click to toggle source
# File lib/monban/domain/auth.rb, line 236 def error!(message) raise DecodeError, message end
full_format(result)
click to toggle source
# File lib/monban/domain/auth.rb, line 151 def full_format(result) payload, header = result validate_header! header validate_full! payload { public_id: payload["sub"], roles: payload["aud"], } end
reset_format(result)
click to toggle source
# File lib/monban/domain/auth.rb, line 174 def reset_format(result) payload, header = result validate_header! header validate_reset! payload { public_id: payload["sub"], reset_token: payload["aud"], } end
validate_authy!(payload)
click to toggle source
# File lib/monban/domain/auth.rb, line 210 def validate_authy!(payload) Getto::Params.new.validate(payload) do |v| v.hash_strict( "iss" => v.string, # verified by jwt "iat" => v.integer, # verified by jwt "exp" => v.integer, # verified by jwt "sub" => v.combine([v.string, v.length(public_id_length)]){|val| error! "sub: #{val}" }, "aud" => v.combine([v.string, v.in(authy_roles)]) {|val| error! "aud: #{val}" }, ) end or error! "authy: #{payload}" end
validate_full!(payload)
click to toggle source
# File lib/monban/domain/auth.rb, line 195 def validate_full!(payload) aud = (all_roles + allow_full_access).map(&:to_s) Getto::Params.new.validate(payload) do |v| v.hash_strict( "iss" => v.string, # verified by jwt "iat" => v.integer, # verified by jwt "exp" => v.integer, # verified by jwt "sub" => v.combine([v.string, v.length(public_id_length)]){|val| error! "sub: #{val}" }, "aud" => v.array_include(aud) {|val| error! "aud: #{val}" }, ) end or error! "full: #{payload}" end
validate_header!(header)
click to toggle source
# File lib/monban/domain/auth.rb, line 187 def validate_header!(header) Getto::Params.new.validate(header) do |v| v.hash_strict( "alg" => v.string, # verified by jwt ) end or error! "header: #{header}" end
validate_reset!(payload)
click to toggle source
# File lib/monban/domain/auth.rb, line 223 def validate_reset!(payload) Getto::Params.new.validate(payload) do |v| v.hash_strict( "iss" => v.string, # verified by jwt "iat" => v.integer, # verified by jwt "exp" => v.integer, # verified by jwt "sub" => v.combine([v.string, v.length(public_id_length)]) {|val| error! "sub: #{val}" }, "aud" => v.combine([v.string, v.length(reset_token_length)]){|val| error! "aud: #{val}" }, ) end or error! "reset: #{payload}" end