class BigSession::RackMiddleware

This middleware reads BigSession headers from the request and sets/creates a SessionId usable by the rest of the app

Public Class Methods

activate(header_secret = nil) click to toggle source
# File lib/big_session/rack_middleware.rb, line 12
def activate(header_secret = nil)
  Rails.application.config.middleware.use ::BigSession::RackMiddleware, header_secret
end
new(app, header_secret = nil) click to toggle source
# File lib/big_session/rack_middleware.rb, line 17
def initialize(app, header_secret = nil)
  @app = app
  @header_secret = header_secret
end

Public Instance Methods

call(env) click to toggle source
# File lib/big_session/rack_middleware.rb, line 22
def call(env)
  session_id = retrieve_or_generate_session_id(env)
  env['rack.session'][::BigSession::RAILS_SESSION_BIG_SESSION_ID_KEY] = session_id
  SessionId.with_session_id(session_id) do
    @app.call(env)
  end
end

Private Instance Methods

retrieve_or_generate_session_id(env) click to toggle source
# File lib/big_session/rack_middleware.rb, line 32
def retrieve_or_generate_session_id(env)
  header_session_id, header_signature = env.values_at(
    'HTTP_' + ::BigSession::BIG_SESSION_HEADER_NAME.upcase.gsub(/-/, '_'),
    'HTTP_' + ::BigSession::BIG_SESSION_SIGNATURE_HEADER_NAME
      .upcase.gsub(/-/, '_')
  )

  return validate_header_session_id(header_session_id, header_signature) \
    if header_session_id

  SessionId.current ||
    env['rack.session'][::BigSession::RAILS_SESSION_BIG_SESSION_ID_KEY] ||
    SessionId.new_session_id
end
validate_header_session_id(header_session_id, header_signature) click to toggle source
# File lib/big_session/rack_middleware.rb, line 47
def validate_header_session_id(header_session_id, header_signature)
  return header_session_id unless @header_secret

  digest = OpenSSL::HMAC.hexdigest('sha256', @header_secret, header_session_id)
  return header_session_id if digest == header_signature

  logger = Logger.new(STDOUT)
  logger.warn('Failed to validate big session header signature.')
  nil
end