primait · cpiemontese · May 31, 2022 · May 27, 2022 · May 27, 2022 · May 27, 2022
@@ -10,6 +10,14 @@ An easy to use library to authenticate machine-to-machine communications through
 
 Supports both retrieval of JWTs and their verification and validation.
 
+## Table of contents
+
+- [Installation](#installation)
+- [Configuration](#configuration)
+  - [I am a DevOps, what do I have to do?](#i-am-a-devops-what-do-i-have-to-do)
+- [Usage](#usage)
+- [Development](#development)
+
 ## Installation
 
 The package can be installed by adding `prima_auth0_ex` to your list of dependencies in `mix.exs`:
@@ -22,11 +30,11 @@ def deps do
 end
 ```
 
-### Configuration
+## Configuration
 
 `prima_auth0_ex` can be configured to be used for an API consumer, an API provider or both.
 
-#### API Consumer
+### API Consumer
 
 To configure the library for use from a client (ie. a service that needs to obtain tokens to access some API),
 the following configuration is supported:
@@ -55,7 +63,7 @@ Otherwise, the JWTs generated by Auth0 may not include the necessary permissions
 
 A visualization of the logic behind the `TokenProvider` is available [here](client_flow.jpg).
 
-#### API Provider
+### API Provider
 
 To configure the library for use from a server (ie. a service that exposes an API),
 the following configuration is supported:
@@ -83,6 +91,16 @@ config :prima_auth0_ex, :server,
   missing_auth_header_log_level: :warn
 ```
 
+### I am a DevOps, what do I have to do?
+
+As a DevOps someone is probably going to ask you to generate a `cache_encryption_key`, which can be generated either running `mix keygen` or using the following snippet:
+
+```elixir
+:crypto.strong_rand_bytes(32) |> Base.encode64()
+```
+
+> :warning: **The token needs to be 32 bytes long AND base64 encoded**, failing to do so will result in tokens not getting cached on Redis. :warning:
+
 ## Usage
 
 ### Obtaining tokens

@@ -1,46 +1,48 @@
-defmodule PrimaAuth0Ex.Absinthe.CreateSecurityContext do
-  @moduledoc """
-  Plug that reads the permissions from the received token and creates the security context.
-  It does not validate the token!
-  """
+if Code.ensure_loaded?(Absinthe.Plug) do
+  defmodule PrimaAuth0Ex.Absinthe.CreateSecurityContext do
+    @moduledoc """
+    Plug that reads the permissions from the received token and creates the security context.
+    It does not validate the token!
+    """
 
-  defmodule Context do
-    @moduledoc false
+    defmodule Context do
+      @moduledoc false
 
-    @type t :: %__MODULE__{
-            dry_run: boolean(),
-            permissions: [String.t()] | nil
-          }
-    defstruct dry_run: false,
-              permissions: nil
-  end
+      @type t :: %__MODULE__{
+              dry_run: boolean(),
+              permissions: [String.t()] | nil
+            }
+      defstruct dry_run: false,
+                permissions: nil
+    end
 
-  @behaviour Plug
+    @behaviour Plug
 
-  @impl true
-  def init(opts) do
-    Keyword.merge([dry_run: dry_run()], opts)
-  end
+    @impl true
+    def init(opts) do
+      Keyword.merge([dry_run: dry_run()], opts)
+    end
 
-  @impl true
-  def call(conn, dry_run: dry_run) do
-    permissions =
-      case Plug.Conn.get_req_header(conn, "authorization") do
-        ["Bearer " <> token] -> PrimaAuth0Ex.Token.peek_permissions(token)
-        [] -> nil
-      end
+    @impl true
+    def call(conn, dry_run: dry_run) do
+      permissions =
+        case Plug.Conn.get_req_header(conn, "authorization") do
+          ["Bearer " <> token] -> PrimaAuth0Ex.Token.peek_permissions(token)
+          [] -> nil
+        end
 
-    Absinthe.Plug.put_options(conn,
-      context: %Context{
-        permissions: permissions,
-        dry_run: dry_run
-      }
-    )
-  end
+      Absinthe.Plug.put_options(conn,
+        context: %Context{
+          permissions: permissions,
+          dry_run: dry_run
+        }
+      )
+    end
 
-  defp dry_run do
-    :prima_auth0_ex
-    |> Application.get_env(:server, [])
-    |> Keyword.get(:dry_run, false)
+    defp dry_run do
+      :prima_auth0_ex
+      |> Application.get_env(:server, [])
+      |> Keyword.get(:dry_run, false)
+    end
   end
 end
@@ -1,39 +1,41 @@
-defmodule PrimaAuth0Ex.Absinthe.RequirePermissions do
-  @moduledoc """
-  Absinthe middleware that ensure the permission is included in the current security context.
-  """
+if Code.ensure_loaded?(Absinthe) do
+  defmodule PrimaAuth0Ex.Absinthe.RequirePermissions do
+    @moduledoc """
+    Absinthe middleware that ensure the permission is included in the current security context.
+    """
+
+    require Logger
+
+    alias PrimaAuth0Ex.Absinthe.CreateSecurityContext.Context
+
+    @behaviour Absinthe.Middleware
+
+    @impl true
+    def call(
+          %{context: %Context{permissions: permissions}} = resolution,
+          required_permissions
+        ) do
+      if has_required_permissions?(permissions, required_permissions) do
+        resolution
+      else
+        resolve(resolution, required_permissions)
+      end
+    end
 
-  require Logger
+    defp has_required_permissions?(nil = _permissions, _required_permissions), do: false
 
-  alias PrimaAuth0Ex.Absinthe.CreateSecurityContext.Context
+    defp has_required_permissions?(permissions, required_permissions),
+      do: Enum.all?(required_permissions, &Enum.member?(permissions, &1))
 
-  @behaviour Absinthe.Middleware
+    defp resolve(%{context: %Context{dry_run: true, permissions: permissions}} = resolution, required_permissions) do
+      if permissions != nil do
+        Logger.warn("Received invalid token", required_permissions: required_permissions)
+      end
 
-  @impl true
-  def call(
-        %{context: %Context{permissions: permissions}} = resolution,
-        required_permissions
-      ) do
-    if has_required_permissions?(permissions, required_permissions) do
       resolution
-    else
-      resolve(resolution, required_permissions)
     end
-  end
-
-  defp has_required_permissions?(nil = _permissions, _required_permissions), do: false
-
-  defp has_required_permissions?(permissions, required_permissions),
-    do: Enum.all?(required_permissions, &Enum.member?(permissions, &1))
 
-  defp resolve(%{context: %Context{dry_run: true, permissions: permissions}} = resolution, required_permissions) do
-    if permissions != nil do
-      Logger.warn("Received invalid token", required_permissions: required_permissions)
-    end
-
-    resolution
+    defp resolve(%{context: %Context{dry_run: false}} = resolution, _required_permissions),
+      do: Absinthe.Resolution.put_result(resolution, {:error, "unauthorized"})
   end
-
-  defp resolve(%{context: %Context{dry_run: false}} = resolution, _required_permissions),
-    do: Absinthe.Resolution.put_result(resolution, {:error, "unauthorized"})
 end