Home

Awesome

JayDoubleuTee

A JWT authorization middleware for any web application.

JayDoubleuTee is inspired by Hanami philosophy to build components that are highly reusable, and compatible with any ruby application.

JayDoubleuTee is fully compatible with RACK, so it is with Hanami, Rails, Sinatra, Roda, and whatever else you can think about.

Installation

Add this line to your application's Gemfile:

gem 'jay_doubleu_tee'

And then execute:

$ bundle install

Or install it yourself as:

$ gem install jay_doubleu_tee

Usage

jay_doubleu_tee uses RS256 algorithm by default, so youl'll need a private/public key pair and the access token for testing it out.

In your console run

require 'jwt'
payload = {
  data: { user_id: "de804507-5d03-4493-a038-d62f499b8a96" }, scopes: ""
}
private_key = OpenSSL::PKey::RSA.generate 2048
secret = private_key.public_key.to_s
token = JWT.encode payload, private_key, 'RS256'

Then save the ENV variable JAY_DOUBLEU_TEE_PUBLIC_KEY by setting the as a value your secret.

Plain ruby Rack application

require "jay_doubleu_tee"

class App
  include JayDoubleuTee::Auth

  def call(env)
    status, body = [200, [{ message: "Hello, World!", auth: auth.value! }]]

    [status, headers, body]
  end

  private

  def headers
    { 'Content-Type' => 'application/json' }
  end
end

JayDoubleuTee.configure do |config|
  config.algorithm = 'RS256'
  config.secret = ENV['JAY_DOUBLEU_TEE_PUBLIC_KEY']
end

use JayDoubleuTee::Authorization

run App.new
curl --location --request GET 'http://localhost:9292' \
--header 'Authorization: Bearer <<YOUR_TOKEN>>'

# => 200:
  # {
  #   message: 'Hello, World!,
  #   auth: {
  #     data: { user_id: "de804507-5d03-4493-a038-d62f499b8a96" },
  #     scopes: ""
  #   }
  # }
curl --location --request GET 'http://localhost:9292' \
--header 'Authorization: Bearer invalid'

# => 401: { error: Unauthorized. Token invalid }

Hanami 2.0

# config.ru

require "jay_doubleu_tee"
use JayDoubleuTee::Authorization

Rails

# config.ru

require "jay_doubleu_tee"
use JayDoubleuTee::Authorization

Supported algorithms

JayDoubleuTee users RS256 encryption algoritym by default, but you can completely disable the token signature validation by setting up algorithm to 'none'. Check out the Configuration section.

Below are listed all supported algoritms at the moment.

%w[none HS256 RS256 prime256v1 ES256 ED25519 PS256]

For more info about each of them refer to jwt documentation

Configuration

To set encryption algorithm, you can configure several fields

JayDoubleuTee.configure do |config|
  config.algorithm = 'RS256'
  config.secret = ENV['PUBLIC_KEY']
end

Again, for information how to generate private and public keys, jwt documentation or check out the spec files

Authorizing by default

JayDoubleuTee uses secure by default principle, adding authorization to all endpoints using the middleware. If you don't want to authorize all responses by default, you can override the corresponding setting.

JayDoubleuTee.configure do |config|
  config.authorize_by_default = false
end

Then in your action you need to handle authorization failure on your own.

  if auth.success?
    [200, [{ message: "Hello, World!", auth: auth.value! }]]
  else
    [401, [{ error: auth.failure }.to_json]]
  end

This may be useful if you have only one component in your application using the JWT flow, while the rest use different authorization mechanism.

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Resources

It's built on top of several gems to ensure the best user experience.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/hanamimastery/jay_doubleu_tee. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the code of conduct.

License

The gem is available as open source under the terms of the MIT License.

Code of Conduct

Everyone interacting in the JayDoubleuTee project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.