joseph
/
roysathome.net
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add new features for JWT

This commit is contained in:
Joseph.Roy 2023-12-13 16:02:09 +00:00
parent 35440e6b43
commit e925905a4a
6 changed files with 71 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
auth/Gemfile
View File

@ -10,5 +10,6 @@ gem 'webrick'
gem 'jwt'
gem 'sqlite3'
gem 'bcrypt'
gem 'securerandom'
# bundle install

2
auth/Gemfile.lock
View File

@ -9,6 +9,7 @@ GEM
rack-protection (3.1.0)
rack (~> 2.2, >= 2.2.4)
ruby2_keywords (0.0.5)
securerandom (0.3.0)
sinatra (3.1.0)
mustermann (~> 3.0)
rack (~> 2.2, >= 2.2.4)
@ -24,6 +25,7 @@ PLATFORMS
DEPENDENCIES
bcrypt
jwt
securerandom
sinatra
sqlite3
webrick

61
auth/auth.rb
View File

@ -9,21 +9,23 @@ require 'json'
require 'sqlite3'
require 'jwt'
payload = { data: {time: 'now', help: 'no'}.to_json, test: 'hello' }
hmac_secret = 'my$ecretK3y'
token = JWT.encode payload, hmac_secret, 'HS256'
#puts token
#puts generate_random_string(256)
begin
decoded_token = JWT.decode token, hmac_secret, true, { algorithm: 'HS256' }
puts "Token is valid!"
puts "Decoded token: #{decoded_token}"
puts data_value = decoded_token.first['data']
puts test_value = decoded_token.first['test']
rescue JWT::DecodeError
puts "Invalid token or signature!"
end
#
#token = JWT.encode payload, hmac_secret, 'HS256'
##puts token
#
#begin
# decoded_token = JWT.decode token, hmac_secret, true, { algorithm: 'HS256' }
# puts "Token is valid!"
# puts "Decoded token: #{decoded_token}"
#
# puts data_value = decoded_token.first['data']
# puts test_value = decoded_token.first['test']
#rescue JWT::DecodeError
# puts "Invalid token or signature!"
#end
#puts decoded_token
@ -38,7 +40,7 @@ post '/auth/login' do
unless check_if_user_exists username
status 401
return { jwt: "Unuthorized Access" }.to_json
return { reply: "Unuthorized Access" }.to_json
end
user_id = get_user_id username
@ -46,26 +48,41 @@ post '/auth/login' do
unless check_password_for_user(user_id, password)
status 401
return { jwt: "Unuthorized Access" }.to_json
return { reply: "Unuthorized Access" }.to_json
end
{ jwt: "Logged in" }.to_json
reauthJWT = get_reauth_jwt user_id
return reauthJWT.to_json
end
def get_jwt (username, expiry_time)
get_claims username
def get_reauth_jwt (user_id)
#claims = get_claims user_id
payload = {
sub: 'reauthentication' ,
admin: check_if_user_is_admin(user_id),
iss: 'roysathome.net',
uid: user_id, #Example id
iat: Time.now.to_i,
exp: Time.now.to_i + 3600
}
hmac_secret = 'WChX-tQWbGbj_pGJQREoFAZGC9JWh58KSk8O7KPj-P8Nd-J88g3eSFDVuNe6zddj0ZB3yxjm_IuPNPyLhiSnxlWHImqXR6ajh3OzrzYm0bNb3f5C4IAScphyEdAfYGMcM-HvYOXxxxp5u5mryfiV3JH1CTqL1CzGyO8df7zUpRKXEXZ5SKmUvhfLU0XKCR_28FAZUgPCAi3GywkDDsH0by68j33BU5cnMT8KiEkHOX4wVUVDQc85_AuE7fN3ji_WkhnDCSLXU9dBCcXM3ziFFeX0RbvIRDG0vKdzwt4TOr4Jws7NP9w11GrUGDFKARZqvT7FTxwxO3MM-mmjb2xyGg'
return JWT.encode payload, hmac_secret, 'HS256'
#data: {time: 'now', help: 'no'}.to_json
end
def get_claims (username)
puts "Getting claims for #{username}"
def get_claims (user_id)
puts "Getting claims for #{user_id}"
db = SQLite3::Database.new('./database/auth.db')
results = db.execute('
SELECT C.claim
FROM users U
INNER JOIN user_claims UC ON U.id = UC.user_id
INNER JOIN claims C ON UC.claim_id = U.id
WHERE u.username = ?
', username)
WHERE u.id = ?
', user_id)
if results.empty?

7
auth/cryptography.rb
View File

@ -1,4 +1,5 @@
require 'bcrypt'
require 'securerandom'
def create_password_for_user(password)
return BCrypt::Password.create(password)
@ -12,4 +13,8 @@ def check_password_for_user(user_id, entered_password)
else
return false
end
end
end
def generate_random_string(length)
SecureRandom.urlsafe_base64(length)
end

22
auth/database_queries.rb
View File

@ -1,13 +1,12 @@
require 'sqlite3'
def create_new_user(username, password)
def create_new_user(username, password, is_admin)
db = SQLite3::Database.new('./database/auth.db')
db.execute('
INSERT INTO users (username, hashed_password)
VALUES (?, ?)
', [username.downcase, create_password_for_user(password)])
INSERT INTO users (username, hashed_password, is_admin)
VALUES (?, ?, ?)
', [username.downcase, create_password_for_user(password), is_admin])
end
def check_if_user_exists(username)
@ -22,6 +21,19 @@ def check_if_user_exists(username)
end
end
def check_if_user_is_admin(user_id)
db = SQLite3::Database.new('./database/auth.db')
result = db.get_first_value('SELECT is_admin FROM users WHERE id = ?', user_id)
if result == 1
return true
else
return false
end
end
def get_user_id(username)
db = SQLite3::Database.new('./database/auth.db')

8
auth/initialize_database.rb
View File

@ -16,7 +16,7 @@ def initialize_database
db = SQLite3::Database.new('./database/auth.db')
puts 'Creating tables if necessary.'
db.execute('CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY, username TEXT, hashed_password TEXT, salt TEXT)')
db.execute('CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY, username TEXT, hashed_password TEXT, is_admin INTEGER)')
db.execute('CREATE TABLE IF NOT EXISTS claims (id INTEGER PRIMARY KEY, claim TEXT)')
db.execute('CREATE TABLE IF NOT EXISTS user_claims (id INTEGER PRIMARY KEY, user_id INTEGER, claim_id INTEGER)')
@ -25,7 +25,7 @@ def initialize_database
if result == 0
puts 'Default admin user added.'
create_new_user('admin', 'pass123')
create_new_user('admin', 'pass123', 1)
else
puts 'Table already contains data. Skipping default user creation.'
end
@ -36,6 +36,10 @@ def initialize_database
db.execute('INSERT INTO claims (claim) VALUES (?)', ['add_user'])
db.execute('INSERT INTO claims (claim) VALUES (?)', ['remove_user'])
db.execute('INSERT INTO claims (claim) VALUES (?)', ['add_claim_to_user'])
db.execute('INSERT INTO claims (claim) VALUES (?)', ['is_machine'])
db.execute('INSERT INTO claims (claim) VALUES (?)', ['is_user'])
db.execute('INSERT INTO claims (claim) VALUES (?)', ['remove_claim_from_user'])
db.execute('INSERT INTO claims (claim) VALUES (?)', ['remove_claim_from_user'])
db.execute('INSERT INTO claims (claim) VALUES (?)', ['remove_claim_from_user'])
end