Class: Himari::AccessToken

Inherits:
Object
  • Object
show all
Defined in:
lib/himari/access_token.rb

Defined Under Namespace

Classes: Bearer, Format, InvalidFormat, SecretIncorrect, SecretMissing, TokenExpired

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(handler:, client_id:, claims:, expiry:, secret: nil, secret_hash: nil) ⇒ AccessToken

Returns a new instance of AccessToken.



56
57
58
59
60
61
62
63
64
 
# File 'lib/himari/access_token.rb', line 56

def initialize(handler:, client_id:, claims:, expiry:, secret: nil, secret_hash: nil)
  @handler = handler
  @client_id = client_id
  @claims = claims
  @expiry = expiry

  @secret = secret
  @secret_hash = secret_hash
end

Instance Attribute Details

#claimsObject (readonly)

Returns the value of attribute claims.



66
67
68
 
# File 'lib/himari/access_token.rb', line 66

def claims
  @claims
end

#client_idObject (readonly)

Returns the value of attribute client_id.



66
67
68
 
# File 'lib/himari/access_token.rb', line 66

def client_id
  @client_id
end

#expiryObject (readonly)

Returns the value of attribute expiry.



66
67
68
 
# File 'lib/himari/access_token.rb', line 66

def expiry
  @expiry
end

#handlerObject (readonly)

Returns the value of attribute handler.



66
67
68
 
# File 'lib/himari/access_token.rb', line 66

def handler
  @handler
end

Class Method Details

.from_authz(authz) ⇒ Object

Parameters:



49
50
51
52
53
54
 
# File 'lib/himari/access_token.rb', line 49

def self.from_authz(authz)
  make(
    client_id: authz.client_id,
    claims: authz.claims,
  )
end

.make(**kwargs) ⇒ Object 



39
40
41
42
43
44
45
46
 
# File 'lib/himari/access_token.rb', line 39

def self.make(**kwargs)
  new(
    handler: SecureRandom.urlsafe_base64(32),
    secret: SecureRandom.urlsafe_base64(32),
    expiry: Time.now.to_i + 3600,
    **kwargs
  )
end

Instance Method Details

#as_jsonObject 



109
110
111
112
113
114
115
116
117
 
# File 'lib/himari/access_token.rb', line 109

def as_json
  {
    handler: handler,
    secret_hash: secret_hash,
    client_id: client_id,
    claims: claims,
    expiry: expiry.to_i,
  }
end

#as_logObject 



100
101
102
103
104
105
106
107
 
# File 'lib/himari/access_token.rb', line 100

def as_log
  {
    handler_dgst: Digest::SHA256.hexdigest(handler),
    client_id: client_id,
    claims: claims,
    expiry: expiry,
  }
end

#formatObject 



89
90
91
 
# File 'lib/himari/access_token.rb', line 89

def format
  Format.new(handler: handler, secret: secret)
end

#secretObject

Raises:



68
69
70
71
 
# File 'lib/himari/access_token.rb', line 68

def secret
  raise SecretMissing unless @secret
  @secret
end

#secret_hashObject 



73
74
75
 
# File 'lib/himari/access_token.rb', line 73

def secret_hash
  @secret_hash ||= Base64.urlsafe_encode64(Digest::SHA384.digest(secret), padding: false)
end

#to_bearerObject 



93
94
95
96
97
98
 
# File 'lib/himari/access_token.rb', line 93

def to_bearer
  Bearer.new(
    access_token: format.to_s,
    expires_in: (expiry - Time.now.to_i).to_i,
  )
end

#verify_expiry!(now = Time.now) ⇒ Object

Raises:



85
86
87
 
# File 'lib/himari/access_token.rb', line 85

def verify_expiry!(now = Time.now)
  raise TokenExpired if @expiry <= now.to_i
end

#verify_secret!(given_secret) ⇒ Object

Raises:



77
78
79
80
81
82
83
 
# File 'lib/himari/access_token.rb', line 77

def verify_secret!(given_secret)
  dgst = Base64.urlsafe_decode64(secret_hash)
  given_dgst = Digest::SHA384.digest(given_secret)
  raise SecretIncorrect unless Rack::Utils.secure_compare(dgst, given_dgst)
  @secret = given_secret
  true
end