class Actn::Api::Mw::Auth

Attributes

client[RW]
opts[RW]

Public Class Methods

new(env, opts = {}) click to toggle source
Calls superclass method
# File lib/actn/api/mw/auth.rb, line 22
def initialize(env, opts = {})
  self.opts = opts
  super(env)
end

Public Instance Methods

apikey() click to toggle source
# File lib/actn/api/mw/auth.rb, line 81
def apikey
  env['HTTP_X_APIKEY']
end
authorize_client!() click to toggle source
# File lib/actn/api/mw/auth.rb, line 73
def authorize_client!
  return true if with_session? && current_user_uuid          
  unless client_valid? && client_authorized?
    raise InvalidCredentialsError.new("Invalid Credentials")
  end
  env['rack.session'][:user_uuid] = self.client.uuid
end
client_authorized?() click to toggle source
# File lib/actn/api/mw/auth.rb, line 93
def client_authorized?
  return unless self.client
  (
  self.secret.nil? ? 
  self.client.auth_by_session(env['rack.session'].id) : 
  self.client.auth_by_secret(self.secret)
  ) && self.client.can?("#{env['REQUEST_METHOD']}:#{env['REQUEST_PATH']}")
end
client_valid?() click to toggle source
# File lib/actn/api/mw/auth.rb, line 89
def client_valid?
  self.client = Client.find_for_auth(host, apikey)
end
current_user_uuid() click to toggle source
# File lib/actn/api/mw/auth.rb, line 114
def current_user_uuid
  env['rack.session'][:user_uuid]
end
excluded?() click to toggle source
# File lib/actn/api/mw/auth.rb, line 106
def excluded?
  opts[:exclude].nil? ? false : (env['REQUEST_PATH'] =~ opts[:exclude])
end
host() click to toggle source
# File lib/actn/api/mw/auth.rb, line 102
def host
  (env['HTTP_ORIGIN'] || env['HTTP_HOST']).to_domain
end
lazy_authorization?() click to toggle source
# File lib/actn/api/mw/auth.rb, line 59
def lazy_authorization?
  (env['REQUEST_METHOD'] == 'GET') || (env['REQUEST_METHOD'] == 'HEAD')
end
post_process() click to toggle source
# File lib/actn/api/mw/auth.rb, line 45
def post_process
  
  unless excluded?
      
    # We have to check auth now, we skipped it before
    if lazy_authorization?
      validate_client!
    end

  end

  [status, headers, body]
end
pre_process() click to toggle source
# File lib/actn/api/mw/auth.rb, line 28
def pre_process
  
  unless excluded?
      
    validate_apikey! 

    # On non-GET non-HEAD requests, we have to check auth now.
    unless lazy_authorization?
      perform     # yield execution until user_info has arrived
      authorize_client!
    end
  
  end
  
  return Goliath::Connection::AsyncResponse
end
secret() click to toggle source
# File lib/actn/api/mw/auth.rb, line 85
def secret
  env['HTTP_X_SECRET']
end
validate_apikey!() click to toggle source
# File lib/actn/api/mw/auth.rb, line 63
def validate_apikey!
  return true if with_session? && current_user_uuid
  raise MissingApikeyError.new("Missing Api Key") if apikey.to_s.empty?
end
validate_client!() click to toggle source
# File lib/actn/api/mw/auth.rb, line 68
def validate_client!          
  return true if with_session? && current_user_uuid          
  raise Goliath::Validation::UnauthorizedError unless client_valid?
end
with_session?() click to toggle source
# File lib/actn/api/mw/auth.rb, line 110
def with_session?
  opts[:with_session]
end