Module: Authify::API::Helpers::JWTEncryption

Includes:

Core::Helpers::JWTSSL

Defined in:

lib/authify/api/helpers/jwt_encryption.rb

Overview

Helper methods for working with JWT encryption

Instance Method Summary

• #jwt_payload(user) ⇒ Object
• #jwt_token(user = nil) ⇒ Object
• #simple_orgs_by_user(user) ⇒ Object
• #with_jwt(req, scope) ⇒ Object

Instance Method Details

#jwt_payload(user) ⇒ Object

# File 'lib/authify/api/helpers/jwt_encryption.rb', line 13

def jwt_payload(user)
  {
    exp: Time.now.to_i + 60 * CONFIG[:jwt][:expiration].to_i,
    iat: Time.now.to_i,
    iss: CONFIG[:jwt][:issuer],
    scopes: Core::Constants::JWTSCOPES.dup.tap do |scopes|
      scopes << :admin_access if user.admin?
    end,
    user: {
      username: user.email,
      uid: user.id,
      organizations: simple_orgs_by_user(user)
    }
  }
end

#jwt_token(user = nil) ⇒ Object

# File 'lib/authify/api/helpers/jwt_encryption.rb', line 8

def jwt_token(user = nil)
  user ||= current_user
  JWT.encode jwt_payload(user), private_key, CONFIG[:jwt][:algorithm]
end

#simple_orgs_by_user(user) ⇒ Object

# File 'lib/authify/api/helpers/jwt_encryption.rb', line 29

def simple_orgs_by_user(user)
  user.organizations.map do |o|
    {
      name: o.name,
      oid: o.id,
      admin: o.admins.include?(user),
      memberships: o.groups.select { |g| g.users.include?(user) }.map do |g|
        { name: g.name, gid: g.id }
      end
    }
  end
end

#with_jwt(req, scope) ⇒ Object

# File 'lib/authify/api/helpers/jwt_encryption.rb', line 42

def with_jwt(req, scope)
  scopes, user = req.env.values_at :scopes, :user
  set_current_user Models::User.from_username(user['username'])

  if scopes.include?(scope) && current_user
    yield req
  else
    halt 403
  end
end