Skip to content

Instantly share code, notes, and snippets.

@fedurus

fedurus/web.rb

Forked from bradleybeddoes/web.rb
Last active Jan 1, 2016
Embed
What would you like to do?
require 'sinatra'
require 'json'
require 'json/jwt'
use Rack::Session::Pool, :expire_after => 3600
get '/' do
erb :index
end
get '/welcome' do
if session[:attributes]
@attributes = session[:attributes]
@jwt = session[:jwt]
erb :welcome
else
redirect '/'
end
end
get '/logout' do
session.clear
redirect '/'
end
post '/auth/jwt' do
jws = params[:assertion]
if jws
begin
jwt = JSON::JWT.decode(jws.to_s, "SECRET")
# In a complete app we'd also store and validate the jti value to ensure there is no replay attack
if jwt['iss'] == 'https://rapid.fedurus.ru' && jwt['aud'] == 'https://fedurus-echo.herokuapp.com' &&
Time.now > Time.at(jwt['nbf']) && Time.now < Time.at(jwt['exp'])
attributes = jwt['https://www.fedurus.ru/attributes']
session[:attributes] = attributes
session[:jwt] = jwt
redirect '/welcome'
else
halt 500, "Audience or timings are invalid"
end
rescue Exception => e
halt 500, "Signature was invalid or JWT was otherwise erronous"
end
else
halt 500, "JWS was not found in request"
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.