Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' into feature/remove_state_from_profile
- Loading branch information
Showing
38 changed files
with
1,838 additions
and
137 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# frozen_string_literal: true | ||
|
||
module Entities | ||
class APIKey < Grape::Entity | ||
format_with(:iso_timestamp) { |d| d.utc.iso8601 } | ||
|
||
expose :uid, documentation: { type: 'String' } | ||
expose :public_key, documentation: { type: 'String' } | ||
expose :scopes, documentation: { type: 'String', desc: 'comma separated scopes' } | ||
expose :expires_in, documentation: { type: 'String', desc: 'expires_in duration in seconds. Min 30 seconds, Max 86400 seconds' } | ||
expose :state, documentation: { type: 'String' } | ||
|
||
with_options(format_with: :iso_timestamp) do | ||
expose :created_at | ||
expose :updated_at | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,96 @@ | ||
# frozen_string_literal: true | ||
|
||
module UserApi | ||
module V1 | ||
# Responsible for CRUD for api keys | ||
class APIKeys < Grape::API | ||
resource :api_keys do | ||
before do | ||
unless current_account.otp_enabled | ||
error!('Only accounts with enabled 2FA alowed', 400) | ||
end | ||
|
||
unless Vault::TOTP.validate?(current_account.uid, params[:totp_code]) | ||
error!('Your code is invalid', 422) | ||
end | ||
end | ||
|
||
desc 'List all api keys for current account.' | ||
params do | ||
requires :totp_code, type: String, desc: 'Code from Google Authenticator', allow_blank: false | ||
end | ||
get do | ||
present current_account.api_keys, with: Entities::APIKey | ||
end | ||
|
||
desc 'Return an api key by uid' | ||
params do | ||
requires :uid, type: String, allow_blank: false | ||
requires :totp_code, type: String, desc: 'Code from Google Authenticator', allow_blank: false | ||
end | ||
get ':uid' do | ||
api_key = current_account.api_keys.find_by!(uid: params[:uid]) | ||
present api_key, with: Entities::APIKey | ||
end | ||
|
||
desc 'Create an api key' | ||
params do | ||
requires :public_key, type: String, | ||
allow_blank: false | ||
optional :scopes, type: String, | ||
allow_blank: false, | ||
desc: 'comma separated scopes' | ||
optional :expires_in, type: String, | ||
allow_blank: false, | ||
desc: 'expires_in duration in seconds' | ||
requires :totp_code, type: String, desc: 'Code from Google Authenticator', allow_blank: false | ||
end | ||
post do | ||
declared_params = declared(params, include_missing: false).except(:totp_code) | ||
api_key = current_account.api_keys.create(declared_params) | ||
if api_key.errors.any? | ||
error!(api_key.errors.full_messages.to_sentence, 422) | ||
end | ||
|
||
present api_key, with: Entities::APIKey | ||
end | ||
|
||
desc 'Updates an api key' | ||
params do | ||
requires :uid, type: String, allow_blank: false | ||
optional :public_key, type: String, | ||
allow_blank: false | ||
optional :scopes, type: String, | ||
allow_blank: false, | ||
desc: 'comma separated scopes' | ||
optional :expires_in, type: String, | ||
allow_blank: false, | ||
desc: 'expires_in duration in seconds' | ||
optional :state, type: String, desc: 'State of API Key. "active" state means key is active and can be used for auth', | ||
allow_blank: false | ||
requires :totp_code, type: String, desc: 'Code from Google Authenticator', allow_blank: false | ||
end | ||
patch ':uid' do | ||
declared_params = declared(params, include_missing: false).except(:totp_code) | ||
api_key = current_account.api_keys.find_by!(uid: params[:uid]) | ||
unless api_key.update(declared_params) | ||
error!(api_key.errors.full_messages.to_sentence, 422) | ||
end | ||
|
||
present api_key, with: Entities::APIKey | ||
end | ||
|
||
desc 'Delete an api key' | ||
params do | ||
requires :uid, type: String, allow_blank: false | ||
requires :totp_code, type: String, desc: 'Code from Google Authenticator', allow_blank: false | ||
end | ||
delete ':uid' do | ||
api_key = current_account.api_keys.find_by!(uid: params[:uid]) | ||
api_key.destroy | ||
status 204 | ||
end | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
# frozen_string_literal: true | ||
|
||
module UserApi | ||
module V1 | ||
class SessionJWTGenerator | ||
ALGORITHM = 'RS256' | ||
|
||
def initialize(jwt_token:, kid:) | ||
@kid = kid | ||
@jwt_token = jwt_token | ||
@api_key = APIKey.active.find_by!(uid: kid) | ||
end | ||
|
||
def verify_payload | ||
payload, = decode_payload | ||
payload.present? | ||
end | ||
|
||
def generate_session_jwt | ||
account = @api_key.account | ||
payload = { | ||
iat: Time.current.to_i, | ||
exp: @api_key.expires_in.seconds.from_now.to_i, | ||
sub: 'session', | ||
iss: 'barong', | ||
aud: @api_key.scopes, | ||
jti: SecureRandom.hex(12).upcase, | ||
uid: account.uid, | ||
email: account.email, | ||
role: account.role, | ||
level: account.level, | ||
state: account.state, | ||
api_kid: @api_key.uid | ||
} | ||
|
||
JWT.encode(payload, secret_key, ALGORITHM) | ||
end | ||
|
||
private | ||
|
||
def secret_key | ||
key_path = ENV['JWT_PRIVATE_KEY_PATH'] | ||
private_key = if key_path.present? | ||
File.read(key_path) | ||
else | ||
Base64.urlsafe_decode64(Rails.application.secrets.jwt_shared_secret_key) | ||
end | ||
|
||
OpenSSL::PKey.read private_key | ||
end | ||
|
||
def decode_payload | ||
public_key = OpenSSL::PKey.read(Base64.urlsafe_decode64(@api_key.public_key)) | ||
return {} if public_key.private? | ||
|
||
JWT.decode(@jwt_token, | ||
public_key, | ||
true, | ||
APIKey::JWT_OPTIONS) | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.