Skip to content

Commit

Permalink
refactor: simplifies auth class code
Browse files Browse the repository at this point in the history
  • Loading branch information
@ctran88
ctran88 committed Dec 23, 2024
1 parent 5410bd9 commit f94da24
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 68 deletions.
88 changes: 23 additions & 65 deletions lib/passageidentity/auth.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

require 'active_support'
require 'jwt'
require_relative 'client'
require_relative '../openapi_client'

module Passage
Expand All @@ -21,18 +20,6 @@ def initialize(app_id:, req_opts:)
def validate_jwt(token)
raise ArgumentError, 'jwt is required.' unless token && !token.empty?

begin
fetch_jwks
rescue Faraday::Error
raise PassageError.new(
status_code: 401,
body: {
error: 'invalid JWKs',
code: 'invalid_access_token'
}
)
end

claims =
JWT.decode(
token,
Expand All @@ -42,26 +29,17 @@ def validate_jwt(token)
aud: @app_id,
verify_aud: true,
algorithms: ['RS256'],
jwks: @jwks
jwks: fetch_jwks
}
)

claims[0]['sub']
rescue JWT::InvalidIssuerError, JWT::InvalidAudError, JWT::ExpiredSignature, JWT::IncorrectAlgorithm,
JWT::DecodeError => e
raise PassageError.new(
status_code: 401,
body: {
error: e.message,
code: 'invalid_access_token'
}
)
end

def create_magic_link_with_email(email, type, send, opts = {})
args = {}
args['email'] = email
args['channel'] = EMAIL_CHANNEL
args['channel'] = 'email'
args['type'] = type
args['send'] = send

Expand All @@ -71,14 +49,19 @@ def create_magic_link_with_email(email, type, send, opts = {})
def create_magic_link_with_phone(phone, type, send, opts = {})
args = {}
args['phone'] = phone
args['channel'] = PHONE_CHANNEL
args['channel'] = 'phone'
args['type'] = type
args['send'] = send

create_magic_link(args, opts)
end

def create_magic_link_with_user(user_id, channel, type, send, opts = {})
raise ArgumentError, "channel must be either 'email' or 'phone'" unless %w[
email
phone
].include?(channel)

args = {}
args['user_id'] = user_id
args['channel'] = channel
Expand All @@ -91,27 +74,22 @@ def create_magic_link_with_user(user_id, channel, type, send, opts = {})
private

def fetch_jwks
app_cache = get_cache(@app_id)

if app_cache
@jwks = app_cache
else
auth_gw_connection =
Faraday.new(url: 'https://auth.passage.id') do |f|
f.request :json
f.response :raise_error
f.response :json
f.adapter :net_http
end

response =
auth_gw_connection.get("/v1/apps/#{@app_id}/.well-known/jwks.json")

if response.success?
@jwks = response.body
set_cache(key: @app_id, jwks: @jwks)
jwks = @app_cache.read(@app_id)
return jwks if jwks

auth_gw_connection =
Faraday.new(url: 'https://auth.passage.id') do |f|
f.request :json
f.response :raise_error
f.response :json
f.adapter :net_http
end
end

response = auth_gw_connection.get("/v1/apps/#{@app_id}/.well-known/jwks.json")
jwks = response.body

@app_cache.write(@app_id, jwks, expires_in: 86_400) # 24 hours in seconds
jwks
end

def create_magic_link(args, opts)
Expand Down Expand Up @@ -142,25 +120,5 @@ def try_parse_json_string(string)
rescue JSON::ParserError
string
end

def user_exists?(user_id)
return unless user_id.to_s.empty?

raise PassageError.new(
status_code: 400,
body: {
error: 'Must supply a valid user_id',
code: 'invalid_request'
}
)
end

def get_cache(key)
@app_cache.read(key)
end

def set_cache(key:, jwks:)
@app_cache.write(key, jwks, expires_in: 86_400)
end
end
end
3 changes: 0 additions & 3 deletions lib/passageidentity/client.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,6 @@
require_relative 'version'

module Passage
EMAIL_CHANNEL = 'email'
PHONE_CHANNEL = 'phone'

# The Passage::Client class provides methods for interacting with Passage
class Client
attr_reader :auth, :user
Expand Down

0 comments on commit f94da24

Please sign in to comment.