Class: JwtAuthCognito::Configuration

Inherits:
Object
  • Object
show all
Defined in:
lib/jwt_auth_cognito/configuration.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeConfiguration

Returns a new instance of Configuration.



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 14

def initialize
  @cognito_region = ENV['COGNITO_REGION'] || ENV['AWS_REGION'] || 'us-east-1'
  @cognito_user_pool_id = ENV.fetch('COGNITO_USER_POOL_ID', nil)
  @cognito_client_id = ENV.fetch('COGNITO_CLIENT_ID', nil)
  @cognito_client_secret = ENV.fetch('COGNITO_CLIENT_SECRET', nil)

  # Redis configuration with environment variables
  @redis_host = ENV['REDIS_HOST'] || 'localhost'
  @redis_port = (ENV['REDIS_PORT'] || 6379).to_i
  @redis_password = ENV.fetch('REDIS_PASSWORD', nil)
  @redis_db = (ENV['REDIS_DB'] || 0).to_i
  @redis_ssl = ENV['REDIS_TLS'] == 'true' || ENV['REDIS_SSL'] == 'true'
  @redis_timeout = (ENV['REDIS_TIMEOUT'] || 5).to_i
  @redis_connect_timeout = (ENV['REDIS_CONNECT_TIMEOUT'] || 10).to_i
  @redis_read_timeout = (ENV['REDIS_READ_TIMEOUT'] || 10).to_i

  # TLS specific configuration
  @redis_ca_cert_path = ENV.fetch('REDIS_CA_CERT_PATH', nil)
  @redis_ca_cert_name = ENV.fetch('REDIS_CA_CERT_NAME', nil)
  @redis_ca_cert_ssm_path = ENV.fetch('REDIS_CA_CERT_SSM_PATH', nil)
  @redis_ca_cert_ssm_name = ENV.fetch('REDIS_CA_CERT_SSM_NAME', nil)
  @redis_verify_mode = ENV['REDIS_VERIFY_MODE'] || 'peer'
  @redis_tls_min_version = ENV['REDIS_TLS_MIN_VERSION'] || 'TLSv1.2'
  @redis_tls_max_version = ENV['REDIS_TLS_MAX_VERSION'] || 'TLSv1.3'

  @jwks_cache_ttl = (ENV['JWKS_CACHE_TTL'] || 3600).to_i # 1 hour
  @environment = ENV['RAILS_ENV'] || ENV['RACK_ENV'] || ENV['NODE_ENV'] || 'development'
  @validation_mode = production? ? :secure : :basic
  @enable_api_key_validation = ENV['ENABLE_API_KEY_VALIDATION'] == 'true'
  @enable_user_data_retrieval = ENV['ENABLE_USER_DATA_RETRIEVAL'] == 'true'
end

Instance Attribute Details

#cognito_client_idObject

Returns the value of attribute cognito_client_id.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def cognito_client_id
  @cognito_client_id
end

#cognito_client_secretObject

Returns the value of attribute cognito_client_secret.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def cognito_client_secret
  @cognito_client_secret
end

#cognito_regionObject

Returns the value of attribute cognito_region.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def cognito_region
  @cognito_region
end

#cognito_user_pool_idObject

Returns the value of attribute cognito_user_pool_id.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def cognito_user_pool_id
  @cognito_user_pool_id
end

#enable_api_key_validationObject

Returns the value of attribute enable_api_key_validation.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def enable_api_key_validation
  @enable_api_key_validation
end

#enable_user_data_retrievalObject

Returns the value of attribute enable_user_data_retrieval.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def enable_user_data_retrieval
  @enable_user_data_retrieval
end

#environmentObject

Returns the value of attribute environment.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def environment
  @environment
end

#jwks_cache_ttlObject

Returns the value of attribute jwks_cache_ttl.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def jwks_cache_ttl
  @jwks_cache_ttl
end

#redis_ca_cert_nameObject

Returns the value of attribute redis_ca_cert_name.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_ca_cert_name
  @redis_ca_cert_name
end

#redis_ca_cert_pathObject

Returns the value of attribute redis_ca_cert_path.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_ca_cert_path
  @redis_ca_cert_path
end

#redis_ca_cert_ssm_nameObject

Returns the value of attribute redis_ca_cert_ssm_name.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_ca_cert_ssm_name
  @redis_ca_cert_ssm_name
end

#redis_ca_cert_ssm_pathObject

Returns the value of attribute redis_ca_cert_ssm_path.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_ca_cert_ssm_path
  @redis_ca_cert_ssm_path
end

#redis_connect_timeoutObject

Returns the value of attribute redis_connect_timeout.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_connect_timeout
  @redis_connect_timeout
end

#redis_dbObject

Returns the value of attribute redis_db.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_db
  @redis_db
end

#redis_hostObject

Returns the value of attribute redis_host.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_host
  @redis_host
end

#redis_passwordObject

Returns the value of attribute redis_password.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_password
  @redis_password
end

#redis_portObject

Returns the value of attribute redis_port.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_port
  @redis_port
end

#redis_read_timeoutObject

Returns the value of attribute redis_read_timeout.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_read_timeout
  @redis_read_timeout
end

#redis_sslObject

Returns the value of attribute redis_ssl.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_ssl
  @redis_ssl
end

#redis_timeoutObject

Returns the value of attribute redis_timeout.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_timeout
  @redis_timeout
end

#redis_tls_max_versionObject

Returns the value of attribute redis_tls_max_version.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_tls_max_version
  @redis_tls_max_version
end

#redis_tls_min_versionObject

Returns the value of attribute redis_tls_min_version.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_tls_min_version
  @redis_tls_min_version
end

#redis_verify_modeObject

Returns the value of attribute redis_verify_mode.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_verify_mode
  @redis_verify_mode
end

#validation_modeObject

Returns the value of attribute validation_mode.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def validation_mode
  @validation_mode
end

Instance Method Details

#calculate_secret_hash(identifier) ⇒ Object 



72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 72

def calculate_secret_hash(identifier)
  return '' unless has_client_secret?
  return '' unless cognito_client_id

  message = identifier + cognito_client_id

  require 'openssl'
  require 'base64'

  begin
    hmac = OpenSSL::HMAC.digest('SHA256', cognito_client_secret, message)
    Base64.encode64(hmac).strip
  rescue StandardError => e
    raise ConfigurationError, "Error calculating secret hash: #{e.message}"
  end
end

#cognito_issuerObject 



54
55
56
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 54

def cognito_issuer
  "https://cognito-idp.#{cognito_region}.amazonaws.com/#{cognito_user_pool_id}"
end

#development?Boolean

Returns:

  • (Boolean) 


50
51
52
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 50

def development?
  @environment == 'development'
end

#has_client_secret?Boolean

Returns:

  • (Boolean) 


68
69
70
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 68

def has_client_secret?
  !cognito_client_secret.nil? && !cognito_client_secret.empty?
end

#jwks_urlObject 



58
59
60
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 58

def jwks_url
  "#{cognito_issuer}/.well-known/jwks.json"
end

#production?Boolean

Returns:

  • (Boolean) 


46
47
48
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 46

def production?
  @environment == 'production'
end

#user_data_configObject 



89
90
91
92
93
94
95
96
97
98
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 89

def user_data_config
  {
    enable_user_data_retrieval: enable_user_data_retrieval,
    include_applications: ENV['INCLUDE_APPLICATIONS'] != 'false',
    include_organizations: ENV['INCLUDE_ORGANIZATIONS'] != 'false',
    include_roles: ENV['INCLUDE_ROLES'] != 'false',
    include_effective_permissions: ENV['INCLUDE_EFFECTIVE_PERMISSIONS'] == 'true',
    cache_timeout: (ENV['USER_DATA_CACHE_TIMEOUT'] || 300).to_i
  }
end

#validate!Object

Raises:



62
63
64
65
66
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 62

def validate!
  raise ConfigurationError, 'cognito_user_pool_id is required' unless cognito_user_pool_id
  raise ConfigurationError, 'cognito_region is required' unless cognito_region
  raise ConfigurationError, 'redis_host is required' unless redis_host
end