Class: JwtAuthCognito::Configuration

Inherits:
Object
  • Object
show all
Defined in:
lib/jwt_auth_cognito/configuration.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeConfiguration

Returns a new instance of Configuration.



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 13

def initialize
  @cognito_region = ENV['COGNITO_REGION'] || ENV['AWS_REGION'] || 'us-east-1'
  @cognito_user_pool_id = ENV.fetch('COGNITO_USER_POOL_ID', nil)
  @cognito_client_id = ENV.fetch('COGNITO_CLIENT_ID', nil)
  @cognito_client_secret = ENV.fetch('COGNITO_CLIENT_SECRET', nil)

  # Redis configuration with environment variables
  @redis_host = ENV['REDIS_HOST'] || 'localhost'
  @redis_port = (ENV['REDIS_PORT'] || 6379).to_i
  @redis_password = ENV.fetch('REDIS_PASSWORD', nil)
  @redis_db = (ENV['REDIS_DB'] || 0).to_i
  @redis_ssl = ENV['REDIS_TLS'] == 'true' || ENV['REDIS_SSL'] == 'true'
  @redis_timeout = (ENV['REDIS_TIMEOUT'] || 5).to_i
  @redis_connect_timeout = (ENV['REDIS_CONNECT_TIMEOUT'] || 10).to_i
  @redis_read_timeout = (ENV['REDIS_READ_TIMEOUT'] || 10).to_i

  # TLS specific configuration (compatible with auth-service)
  @redis_ca_cert_path = ENV.fetch('REDIS_CA_CERT_PATH', nil)
  @redis_ca_cert_name = ENV.fetch('REDIS_CA_CERT_NAME', nil)
  @redis_verify_mode = ENV['REDIS_VERIFY_MODE'] || 'peer'

  @jwks_cache_ttl = (ENV['JWKS_CACHE_TTL'] || 3600).to_i # 1 hour
  @environment = ENV['RAILS_ENV'] || ENV['RACK_ENV'] || ENV['NODE_ENV'] || 'development'
  @validation_mode = production? ? :secure : :basic
  @enable_api_key_validation = ENV['ENABLE_API_KEY_VALIDATION'] == 'true'
  @enable_user_data_retrieval = ENV['ENABLE_USER_DATA_RETRIEVAL'] == 'true'

  # Cognito identity enrichment: populate payload['email'] (and other identity
  # attributes) for ACCESS tokens via GetUser, since access tokens don't carry them.
  @enable_user_identity_enrichment = ENV['ENABLE_USER_IDENTITY_ENRICHMENT'] == 'true'
  @identity_cache_timeout = (ENV['IDENTITY_CACHE_TIMEOUT'] || 300).to_i
  @identity_attributes = nil
end

Instance Attribute Details

#cognito_client_idObject

Returns the value of attribute cognito_client_id.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def cognito_client_id
  @cognito_client_id
end

#cognito_client_secretObject

Returns the value of attribute cognito_client_secret.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def cognito_client_secret
  @cognito_client_secret
end

#cognito_regionObject

Returns the value of attribute cognito_region.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def cognito_region
  @cognito_region
end

#cognito_user_pool_idObject

Returns the value of attribute cognito_user_pool_id.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def cognito_user_pool_id
  @cognito_user_pool_id
end

#enable_api_key_validationObject

Returns the value of attribute enable_api_key_validation.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def enable_api_key_validation
  @enable_api_key_validation
end

#enable_user_data_retrievalObject

Returns the value of attribute enable_user_data_retrieval.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def enable_user_data_retrieval
  @enable_user_data_retrieval
end

#enable_user_identity_enrichmentObject

Returns the value of attribute enable_user_identity_enrichment.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def enable_user_identity_enrichment
  @enable_user_identity_enrichment
end

#environmentObject

Returns the value of attribute environment.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def environment
  @environment
end

#identity_attributesObject

Returns the value of attribute identity_attributes.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def identity_attributes
  @identity_attributes
end

#identity_cache_timeoutObject

Returns the value of attribute identity_cache_timeout.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def identity_cache_timeout
  @identity_cache_timeout
end

#jwks_cache_ttlObject

Returns the value of attribute jwks_cache_ttl.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def jwks_cache_ttl
  @jwks_cache_ttl
end

#redis_ca_cert_nameObject

Returns the value of attribute redis_ca_cert_name.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_ca_cert_name
  @redis_ca_cert_name
end

#redis_ca_cert_pathObject

Returns the value of attribute redis_ca_cert_path.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_ca_cert_path
  @redis_ca_cert_path
end

#redis_connect_timeoutObject

Returns the value of attribute redis_connect_timeout.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_connect_timeout
  @redis_connect_timeout
end

#redis_dbObject

Returns the value of attribute redis_db.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_db
  @redis_db
end

#redis_hostObject

Returns the value of attribute redis_host.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_host
  @redis_host
end

#redis_passwordObject

Returns the value of attribute redis_password.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_password
  @redis_password
end

#redis_portObject

Returns the value of attribute redis_port.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_port
  @redis_port
end

#redis_read_timeoutObject

Returns the value of attribute redis_read_timeout.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_read_timeout
  @redis_read_timeout
end

#redis_sslObject

Returns the value of attribute redis_ssl.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_ssl
  @redis_ssl
end

#redis_timeoutObject

Returns the value of attribute redis_timeout.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_timeout
  @redis_timeout
end

#redis_verify_modeObject

Returns the value of attribute redis_verify_mode.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def redis_verify_mode
  @redis_verify_mode
end

#validation_modeObject

Returns the value of attribute validation_mode.



5
6
7
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 5

def validation_mode
  @validation_mode
end

Instance Method Details

#calculate_secret_hash(identifier) ⇒ Object 



73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 73

def calculate_secret_hash(identifier)
  return '' unless has_client_secret?
  return '' unless cognito_client_id

  message = identifier + cognito_client_id

  require 'openssl'
  require 'base64'

  begin
    hmac = OpenSSL::HMAC.digest('SHA256', cognito_client_secret, message)
    Base64.encode64(hmac).strip
  rescue StandardError => e
    raise ConfigurationError, "Error calculating secret hash: #{e.message}"
  end
end

#cognito_issuerObject 



55
56
57
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 55

def cognito_issuer
  "https://cognito-idp.#{cognito_region}.amazonaws.com/#{cognito_user_pool_id}"
end

#development?Boolean

Returns:

  • (Boolean) 


51
52
53
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 51

def development?
  @environment == 'development'
end

#has_client_secret?Boolean

Returns:

  • (Boolean) 


69
70
71
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 69

def has_client_secret?
  !cognito_client_secret.nil? && !cognito_client_secret.empty?
end

#jwks_urlObject 



59
60
61
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 59

def jwks_url
  "#{cognito_issuer}/.well-known/jwks.json"
end

#production?Boolean

Returns:

  • (Boolean) 


47
48
49
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 47

def production?
  @environment == 'production'
end

#user_data_configObject 



90
91
92
93
94
95
96
97
98
99
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 90

def user_data_config
  {
    enable_user_data_retrieval: enable_user_data_retrieval,
    include_applications: ENV['INCLUDE_APPLICATIONS'] != 'false',
    include_organizations: ENV['INCLUDE_ORGANIZATIONS'] != 'false',
    include_roles: ENV['INCLUDE_ROLES'] != 'false',
    include_effective_permissions: ENV['INCLUDE_EFFECTIVE_PERMISSIONS'] == 'true',
    cache_timeout: (ENV['USER_DATA_CACHE_TIMEOUT'] || 300).to_i
  }
end

#validate!Object

Raises:



63
64
65
66
67
 
# File 'lib/jwt_auth_cognito/configuration.rb', line 63

def validate!
  raise ConfigurationError, 'cognito_user_pool_id is required' unless cognito_user_pool_id
  raise ConfigurationError, 'cognito_region is required' unless cognito_region
  raise ConfigurationError, 'redis_host is required' unless redis_host
end