class Devise::JWT::Cookie::Middleware
Constants
- ENV_KEY
Attributes
app[R]
config[R]
Public Class Methods
new(app)
click to toggle source
# File lib/devise/jwt/cookie/middleware.rb, line 9 def initialize(app) @app = app @config = Warden::JWTAuth.config end
Public Instance Methods
call(env)
click to toggle source
# File lib/devise/jwt/cookie/middleware.rb, line 14 def call(env) token_should_be_revoked = token_should_be_revoked?(env) if token_should_be_revoked # add the Authorization header, devise-jwt needs this to revoke tokens # we need to make sure this is done before the other middleware is run request = ActionDispatch::Request.new(env) env['HTTP_AUTHORIZATION'] = "Bearer #{CookieHelper.new.read_from(request.cookies)}" end status, headers, response = app.call(env) if headers['Authorization'] && env[ENV_KEY] name, cookie = CookieHelper.new.build(env[ENV_KEY]) Rack::Utils.set_cookie_header!(headers, name, cookie) elsif token_should_be_revoked name, cookie = CookieHelper.new.build(nil) Rack::Utils.set_cookie_header!(headers, name, cookie) end [status, headers, response] end
token_should_be_revoked?(env)
click to toggle source
# File lib/devise/jwt/cookie/middleware.rb, line 34 def token_should_be_revoked?(env) path_info = env['PATH_INFO'] || '' method = env['REQUEST_METHOD'] revocation_requests = config.revocation_requests revocation_requests.each do |tuple| revocation_method, revocation_path = tuple return true if path_info.match(revocation_path) && method == revocation_method end false end