line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Web::Request::Role::JWT; |
2
|
|
|
|
|
|
|
|
3
|
|
|
|
|
|
|
# ABSTRACT: Accessors for JSON Web Token (JWT) stored in psgix |
4
|
|
|
|
|
|
|
|
5
|
|
|
|
|
|
|
our $VERSION = '1.002'; # VERSION |
6
|
|
|
|
|
|
|
|
7
|
3
|
|
|
3
|
|
12656
|
use 5.010; |
|
3
|
|
|
|
|
18
|
|
8
|
3
|
|
|
3
|
|
18
|
use Moose::Role; |
|
3
|
|
|
|
|
5
|
|
|
3
|
|
|
|
|
33
|
|
9
|
3
|
|
|
3
|
|
19226
|
use HTTP::Throwable::Factory qw(http_throw); |
|
3
|
|
|
|
|
29336
|
|
|
3
|
|
|
|
|
25
|
|
10
|
3
|
|
|
3
|
|
1212
|
use Log::Any qw($log); |
|
3
|
|
|
|
|
8612
|
|
|
3
|
|
|
|
|
27
|
|
11
|
|
|
|
|
|
|
|
12
|
|
|
|
|
|
|
|
13
|
|
|
|
|
|
|
sub get_jwt { |
14
|
6
|
|
|
6
|
1
|
72579
|
my $self = shift; |
15
|
|
|
|
|
|
|
|
16
|
6
|
|
|
|
|
152
|
return $self->env->{'psgix.token'}; |
17
|
|
|
|
|
|
|
} |
18
|
|
|
|
|
|
|
|
19
|
|
|
|
|
|
|
|
20
|
|
|
|
|
|
|
sub get_jwt_claims { |
21
|
15
|
|
|
15
|
1
|
22820
|
my $self = shift; |
22
|
|
|
|
|
|
|
|
23
|
15
|
|
|
|
|
354
|
return $self->env->{'psgix.claims'}; |
24
|
|
|
|
|
|
|
} |
25
|
|
|
|
|
|
|
|
26
|
|
|
|
|
|
|
|
27
|
|
|
|
|
|
|
sub get_jwt_claim_sub { |
28
|
6
|
|
|
6
|
1
|
20889
|
my $self = shift; |
29
|
|
|
|
|
|
|
|
30
|
6
|
|
|
|
|
21
|
my $claims = $self->get_jwt_claims; |
31
|
6
|
100
|
66
|
|
|
93
|
return unless $claims && ref($claims) eq 'HASH'; |
32
|
4
|
|
|
|
|
12
|
return $claims->{sub}; |
33
|
|
|
|
|
|
|
} |
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
|
36
|
|
|
|
|
|
|
sub get_jwt_claim_aud { |
37
|
3
|
|
|
3
|
1
|
20848
|
my $self = shift; |
38
|
|
|
|
|
|
|
|
39
|
3
|
|
|
|
|
12
|
my $claims = $self->get_jwt_claims; |
40
|
3
|
100
|
66
|
|
|
42
|
return unless $claims && ref($claims) eq 'HASH'; |
41
|
2
|
|
|
|
|
8
|
return $claims->{aud}; |
42
|
|
|
|
|
|
|
} |
43
|
|
|
|
|
|
|
|
44
|
|
|
|
|
|
|
|
45
|
|
|
|
|
|
|
sub requires_jwt { |
46
|
3
|
|
|
3
|
1
|
20795
|
my $self = shift; |
47
|
|
|
|
|
|
|
|
48
|
3
|
|
|
|
|
20
|
my $token = $self->get_jwt; |
49
|
3
|
100
|
|
|
|
33
|
return $token if $token; |
50
|
|
|
|
|
|
|
|
51
|
1
|
|
|
|
|
8
|
$log->error("No JWT found in request"); |
52
|
1
|
|
|
|
|
11
|
http_throw( 'Unauthorized' => { www_authenticate => 'bearer' } ); |
53
|
|
|
|
|
|
|
} |
54
|
|
|
|
|
|
|
|
55
|
|
|
|
|
|
|
|
56
|
|
|
|
|
|
|
sub requires_jwt_claims { |
57
|
3
|
|
|
3
|
1
|
195392
|
my $self = shift; |
58
|
|
|
|
|
|
|
|
59
|
3
|
|
|
|
|
14
|
my $claims = $self->get_jwt_claims; |
60
|
3
|
100
|
|
|
|
95
|
return $claims if $claims; |
61
|
|
|
|
|
|
|
|
62
|
1
|
|
|
|
|
6
|
$log->error("No claims found in JWT"); |
63
|
1
|
|
|
|
|
7
|
http_throw( 'Unauthorized' => { www_authenticate => 'bearer' } ); |
64
|
|
|
|
|
|
|
} |
65
|
|
|
|
|
|
|
|
66
|
|
|
|
|
|
|
|
67
|
|
|
|
|
|
|
sub requires_jwt_claim_sub { |
68
|
3
|
|
|
3
|
1
|
31324
|
my $self = shift; |
69
|
|
|
|
|
|
|
|
70
|
3
|
|
|
|
|
14
|
my $sub = $self->get_jwt_claim_sub; |
71
|
|
|
|
|
|
|
|
72
|
3
|
100
|
|
|
|
23
|
return $sub if $sub; |
73
|
|
|
|
|
|
|
|
74
|
1
|
|
|
|
|
15
|
$log->error("Claim 'sub' not found in JWT"); |
75
|
1
|
|
|
|
|
8
|
http_throw( 'Unauthorized' => { www_authenticate => 'bearer' } ); |
76
|
|
|
|
|
|
|
} |
77
|
|
|
|
|
|
|
|
78
|
|
|
|
|
|
|
|
79
|
|
|
|
|
|
|
sub requires_jwt_claim_aud { |
80
|
0
|
|
|
0
|
1
|
|
my $self = shift; |
81
|
|
|
|
|
|
|
|
82
|
0
|
|
|
|
|
|
my $aud = $self->get_jwt_claim_aud; |
83
|
|
|
|
|
|
|
|
84
|
0
|
0
|
|
|
|
|
return $aud if $aud; |
85
|
|
|
|
|
|
|
|
86
|
0
|
|
|
|
|
|
$log->error("Claim 'aud' not found in JWT"); |
87
|
0
|
|
|
|
|
|
http_throw( 'Unauthorized' => { www_authenticate => 'bearer' } ); |
88
|
|
|
|
|
|
|
} |
89
|
|
|
|
|
|
|
|
90
|
|
|
|
|
|
|
1; |
91
|
|
|
|
|
|
|
|
92
|
|
|
|
|
|
|
__END__ |
93
|
|
|
|
|
|
|
|
94
|
|
|
|
|
|
|
=pod |
95
|
|
|
|
|
|
|
|
96
|
|
|
|
|
|
|
=encoding UTF-8 |
97
|
|
|
|
|
|
|
|
98
|
|
|
|
|
|
|
=head1 NAME |
99
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
Web::Request::Role::JWT - Accessors for JSON Web Token (JWT) stored in psgix |
101
|
|
|
|
|
|
|
|
102
|
|
|
|
|
|
|
=head1 VERSION |
103
|
|
|
|
|
|
|
|
104
|
|
|
|
|
|
|
version 1.002 |
105
|
|
|
|
|
|
|
|
106
|
|
|
|
|
|
|
=head1 SYNOPSIS |
107
|
|
|
|
|
|
|
|
108
|
|
|
|
|
|
|
# Create a request handler |
109
|
|
|
|
|
|
|
package My::App::Request; |
110
|
|
|
|
|
|
|
use Moose; |
111
|
|
|
|
|
|
|
extends 'Web::Request'; |
112
|
|
|
|
|
|
|
with 'Web::Request::Role::JWT'; |
113
|
|
|
|
|
|
|
|
114
|
|
|
|
|
|
|
# Finally, in some controller action |
115
|
|
|
|
|
|
|
sub action_that_needs_a_user_stored_in_jwt { |
116
|
|
|
|
|
|
|
my ($self, $req) = @_; |
117
|
|
|
|
|
|
|
|
118
|
|
|
|
|
|
|
my $sub = $req->requires_jwt_claim_sub; |
119
|
|
|
|
|
|
|
|
120
|
|
|
|
|
|
|
my $data = $self->model->do_something( $sub ); |
121
|
|
|
|
|
|
|
return $self->json_response( $data ); |
122
|
|
|
|
|
|
|
} |
123
|
|
|
|
|
|
|
|
124
|
|
|
|
|
|
|
=head1 DESCRIPTION |
125
|
|
|
|
|
|
|
|
126
|
|
|
|
|
|
|
C<Web::Request::Role::JWT> provides a few accessor and helper methods |
127
|
|
|
|
|
|
|
that make accessing JSON Web Tokens (JWT) stored in your PSGI C<$env> |
128
|
|
|
|
|
|
|
easier. |
129
|
|
|
|
|
|
|
|
130
|
|
|
|
|
|
|
It works especially well when used with |
131
|
|
|
|
|
|
|
L<Plack::Middleware::Auth::JWT>, which will validate the token and |
132
|
|
|
|
|
|
|
extract the payload into the PSGI C<$env>. |
133
|
|
|
|
|
|
|
|
134
|
|
|
|
|
|
|
=head1 METHODS |
135
|
|
|
|
|
|
|
|
136
|
|
|
|
|
|
|
=head2 requires_* and logging |
137
|
|
|
|
|
|
|
|
138
|
|
|
|
|
|
|
If a C<requires_*> method fails, it will log an error via L<Log::Any>. |
139
|
|
|
|
|
|
|
|
140
|
|
|
|
|
|
|
=head2 get_jwt |
141
|
|
|
|
|
|
|
|
142
|
|
|
|
|
|
|
my $raw_token = $req->get_jwt; |
143
|
|
|
|
|
|
|
|
144
|
|
|
|
|
|
|
Returns the raw token, so you can inspect it, or maybe pass it along to some other endpoint. |
145
|
|
|
|
|
|
|
|
146
|
|
|
|
|
|
|
If you want to store your token somewhere else than the default C<< |
147
|
|
|
|
|
|
|
$env->{'psgix.token'} >>, you have to provide another implementation |
148
|
|
|
|
|
|
|
for this method. |
149
|
|
|
|
|
|
|
|
150
|
|
|
|
|
|
|
=head2 get_jwt_claims |
151
|
|
|
|
|
|
|
|
152
|
|
|
|
|
|
|
my $claims = $req->get_jwt_claims; |
153
|
|
|
|
|
|
|
|
154
|
|
|
|
|
|
|
Returns all the claims as a hashref. |
155
|
|
|
|
|
|
|
|
156
|
|
|
|
|
|
|
If you want to store your claims somewhere else than the default C<< |
157
|
|
|
|
|
|
|
$env->{'psgix.claims'} >>, you have to provide another implementation |
158
|
|
|
|
|
|
|
for this method. |
159
|
|
|
|
|
|
|
|
160
|
|
|
|
|
|
|
=head2 get_jwt_claim_sub |
161
|
|
|
|
|
|
|
|
162
|
|
|
|
|
|
|
my $sub = $req->get_jwt_claim_sub; |
163
|
|
|
|
|
|
|
|
164
|
|
|
|
|
|
|
Get the C<sub> claim: L<https://tools.ietf.org/html/rfc7519#section-4.1.2> |
165
|
|
|
|
|
|
|
|
166
|
|
|
|
|
|
|
=head2 get_jwt_claim_aud |
167
|
|
|
|
|
|
|
|
168
|
|
|
|
|
|
|
my $aud = $req->get_jwt_claim_aud; |
169
|
|
|
|
|
|
|
|
170
|
|
|
|
|
|
|
Get the C<aud> claim: L<https://tools.ietf.org/html/rfc7519#section-4.1.3> |
171
|
|
|
|
|
|
|
|
172
|
|
|
|
|
|
|
=head2 requires_jwt |
173
|
|
|
|
|
|
|
|
174
|
|
|
|
|
|
|
my $raw_token = $req->requires_jwt; |
175
|
|
|
|
|
|
|
|
176
|
|
|
|
|
|
|
Returns the raw token. If no token is available, throws a L<HTTP::Throwable::Role::Status::Unauthorized> exception (aka HTTP Status 401) |
177
|
|
|
|
|
|
|
|
178
|
|
|
|
|
|
|
=head2 requires_jwt_claims |
179
|
|
|
|
|
|
|
|
180
|
|
|
|
|
|
|
my $claims = $req->requires_jwt_claims; |
181
|
|
|
|
|
|
|
|
182
|
|
|
|
|
|
|
Returns all the claims as a hashref. If no claims are available, throws a L<HTTP::Throwable::Role::Status::Unauthorized> exception (aka HTTP Status 401) |
183
|
|
|
|
|
|
|
|
184
|
|
|
|
|
|
|
=head2 requires_jwt_claim_sub |
185
|
|
|
|
|
|
|
|
186
|
|
|
|
|
|
|
my $sub = $req->requires_jwt_claim_sub; |
187
|
|
|
|
|
|
|
|
188
|
|
|
|
|
|
|
Returns the C<sub> claim. If the C<sub> claim is missing, throws a L<HTTP::Throwable::Role::Status::Unauthorized> exception (aka HTTP Status 401) |
189
|
|
|
|
|
|
|
|
190
|
|
|
|
|
|
|
=head2 requires_jwt_claim_aud |
191
|
|
|
|
|
|
|
|
192
|
|
|
|
|
|
|
my $aud = $req->requires_jwt_claim_aud; |
193
|
|
|
|
|
|
|
|
194
|
|
|
|
|
|
|
Returns the C<aud> claim. If the C<aud> claim is missing, throws a L<HTTP::Throwable::Role::Status::Unauthorized> exception (aka HTTP Status 401) |
195
|
|
|
|
|
|
|
|
196
|
|
|
|
|
|
|
=head1 THANKS |
197
|
|
|
|
|
|
|
|
198
|
|
|
|
|
|
|
Thanks to |
199
|
|
|
|
|
|
|
|
200
|
|
|
|
|
|
|
=over |
201
|
|
|
|
|
|
|
|
202
|
|
|
|
|
|
|
=item * |
203
|
|
|
|
|
|
|
|
204
|
|
|
|
|
|
|
L<validad.com|https://www.validad.com/> for supporting Open Source. |
205
|
|
|
|
|
|
|
|
206
|
|
|
|
|
|
|
=back |
207
|
|
|
|
|
|
|
|
208
|
|
|
|
|
|
|
=head1 AUTHOR |
209
|
|
|
|
|
|
|
|
210
|
|
|
|
|
|
|
Thomas Klausner <domm@plix.at> |
211
|
|
|
|
|
|
|
|
212
|
|
|
|
|
|
|
=head1 COPYRIGHT AND LICENSE |
213
|
|
|
|
|
|
|
|
214
|
|
|
|
|
|
|
This software is copyright (c) 2017 - 2021 by Thomas Klausner. |
215
|
|
|
|
|
|
|
|
216
|
|
|
|
|
|
|
This is free software; you can redistribute it and/or modify it under |
217
|
|
|
|
|
|
|
the same terms as the Perl 5 programming language system itself. |
218
|
|
|
|
|
|
|
|
219
|
|
|
|
|
|
|
=cut |