class Rack::PrxAuth

Constants

DEFAULT_ISS
INVALID_TOKEN
VERSION

Attributes

issuer[R]

Public Class Methods

new(app, options = {}) click to toggle source
# File lib/rack/prx_auth.rb, line 18
def initialize(app, options = {})
  @app = app
  @certificate = Certificate.new(options[:cert_location])
  @issuer = options[:issuer] || DEFAULT_ISS
end

Public Instance Methods

call(env) click to toggle source
# File lib/rack/prx_auth.rb, line 24
def call(env)
  return @app.call(env) unless env['HTTP_AUTHORIZATION']

  token = env['HTTP_AUTHORIZATION'].split[1]
  claims = decode_token(token)

  return @app.call(env) unless should_validate_token?(claims)

  if valid?(claims, token)
    env['prx.auth'] = TokenData.new(claims)
    @app.call(env)
  else
    INVALID_TOKEN
  end
end

Private Instance Methods

decode_token(token) click to toggle source
# File lib/rack/prx_auth.rb, line 46
def decode_token(token)
  return {} if token.nil?

  begin
    JSON::JWT.decode(token, :skip_verification)
  rescue JSON::JWT::InvalidFormat
    {}
  end
end
expired?(claims) click to toggle source
# File lib/rack/prx_auth.rb, line 56
def expired?(claims)
  Time.now.to_i > (claims['iat'] + claims['exp'])
end
should_validate_token?(claims) click to toggle source
# File lib/rack/prx_auth.rb, line 60
def should_validate_token?(claims)
  claims['iss'] == @issuer
end
valid?(claims, token) click to toggle source
# File lib/rack/prx_auth.rb, line 42
def valid?(claims, token)
  !expired?(claims) && @certificate.valid?(token)
end