class Monban::Domain::Auth::Decoder

Public Instance Methods

decode(token, type:, roles:) click to toggle source
# File lib/monban/domain/auth.rb, line 100
def decode(token, type:, roles:)
  case type
  when :full
    full_format ::JWT.decode(
      token,
      jwt_secret,
      true,

      algorithm: jwt_algorithm,

      verify_iss: true, iss: iss(type),
      verify_iat: true,
      verify_sub: true,

      verify_aud: !!roles, aud: ([*roles] + allow_full_access).map(&:to_s),
    )
  when :authy
    authy_format ::JWT.decode(
      token,
      jwt_secret,
      true,

      algorithm: jwt_algorithm,

      verify_iss: true, iss: iss(type),
      verify_iat: true,
      verify_sub: true,

      verify_aud: roles[:only_registered], aud: authy_roles.first,
    )
  when :reset
    reset_format ::JWT.decode(
      token,
      jwt_secret,
      true,

      algorithm: jwt_algorithm,

      verify_iss: true, iss: iss(type),
      verify_sub: true,
      verify_iat: true,
    )
  else
    raise SettingError, "decode: invalid type: #{type}"
  end
rescue ::JWT::DecodeError => e
  error! e.message
end

Private Instance Methods

authy_format(result) click to toggle source
# File lib/monban/domain/auth.rb, line 163
def authy_format(result)
  payload, header = result

  validate_header! header
  validate_authy!  payload

  {
    public_id: payload["sub"],
  }
end
error!(message) click to toggle source
# File lib/monban/domain/auth.rb, line 236
def error!(message)
  raise DecodeError, message
end
full_format(result) click to toggle source
# File lib/monban/domain/auth.rb, line 151
def full_format(result)
  payload, header = result

  validate_header! header
  validate_full!   payload

  {
    public_id: payload["sub"],
    roles:     payload["aud"],
  }
end
reset_format(result) click to toggle source
# File lib/monban/domain/auth.rb, line 174
def reset_format(result)
  payload, header = result

  validate_header! header
  validate_reset!  payload

  {
    public_id:   payload["sub"],
    reset_token: payload["aud"],
  }
end
validate_authy!(payload) click to toggle source
# File lib/monban/domain/auth.rb, line 210
def validate_authy!(payload)
  Getto::Params.new.validate(payload) do |v|
    v.hash_strict(
      "iss" => v.string,  # verified by jwt
      "iat" => v.integer, # verified by jwt
      "exp" => v.integer, # verified by jwt

      "sub" => v.combine([v.string, v.length(public_id_length)]){|val| error! "sub: #{val}" },
      "aud" => v.combine([v.string, v.in(authy_roles)])         {|val| error! "aud: #{val}" },
    )
  end or error! "authy: #{payload}"
end
validate_full!(payload) click to toggle source
# File lib/monban/domain/auth.rb, line 195
def validate_full!(payload)
  aud = (all_roles + allow_full_access).map(&:to_s)

  Getto::Params.new.validate(payload) do |v|
    v.hash_strict(
      "iss" => v.string,  # verified by jwt
      "iat" => v.integer, # verified by jwt
      "exp" => v.integer, # verified by jwt

      "sub" => v.combine([v.string, v.length(public_id_length)]){|val| error! "sub: #{val}" },
      "aud" => v.array_include(aud)                             {|val| error! "aud: #{val}" },
    )
  end or error! "full: #{payload}"
end
validate_header!(header) click to toggle source
# File lib/monban/domain/auth.rb, line 187
def validate_header!(header)
  Getto::Params.new.validate(header) do |v|
    v.hash_strict(
      "alg" => v.string, # verified by jwt
    )
  end or error! "header: #{header}"
end
validate_reset!(payload) click to toggle source
# File lib/monban/domain/auth.rb, line 223
def validate_reset!(payload)
  Getto::Params.new.validate(payload) do |v|
    v.hash_strict(
      "iss" => v.string,  # verified by jwt
      "iat" => v.integer, # verified by jwt
      "exp" => v.integer, # verified by jwt

      "sub" => v.combine([v.string, v.length(public_id_length)])  {|val| error! "sub: #{val}" },
      "aud" => v.combine([v.string, v.length(reset_token_length)]){|val| error! "aud: #{val}" },
    )
  end or error! "reset: #{payload}"
end