Skip to content

Instantly share code, notes, and snippets.

@fedurus
Forked from bradleybeddoes/web.rb
Last active January 1, 2016 09:39
Show Gist options
  • Save fedurus/8126557 to your computer and use it in GitHub Desktop.
Save fedurus/8126557 to your computer and use it in GitHub Desktop.
require 'sinatra'
require 'json'
require 'json/jwt'
use Rack::Session::Pool, :expire_after => 3600
get '/' do
erb :index
end
get '/welcome' do
if session[:attributes]
@attributes = session[:attributes]
@jwt = session[:jwt]
erb :welcome
else
redirect '/'
end
end
get '/logout' do
session.clear
redirect '/'
end
post '/auth/jwt' do
jws = params[:assertion]
if jws
begin
jwt = JSON::JWT.decode(jws.to_s, "SECRET")
# In a complete app we'd also store and validate the jti value to ensure there is no replay attack
if jwt['iss'] == 'https://rapid.fedurus.ru' && jwt['aud'] == 'https://fedurus-echo.herokuapp.com' &&
Time.now > Time.at(jwt['nbf']) && Time.now < Time.at(jwt['exp'])
attributes = jwt['https://www.fedurus.ru/attributes']
session[:attributes] = attributes
session[:jwt] = jwt
redirect '/welcome'
else
halt 500, "Audience or timings are invalid"
end
rescue Exception => e
halt 500, "Signature was invalid or JWT was otherwise erronous"
end
else
halt 500, "JWS was not found in request"
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment