Module: Faye::Authentication

Extended by:

Logging

Defined in:

lib/faye/authentication.rb,
lib/faye/authentication/engine.rb,
lib/faye/authentication/version.rb,
lib/faye/authentication/http_client.rb,
lib/faye/authentication/client_extension.rb,
lib/faye/authentication/server_extension.rb

Defined Under Namespace

Classes: AuthError, ClientExtension, Engine, ExpiredError, HTTPClient, PayloadError, ServerExtension

Constant Summary

VERSION =

File.read(File.join(File.dirname(__FILE__),'..', '..', '..', 'VERSION') ).strip

Class Method Summary

• .authentication_required?(message, options = {}) ⇒ Boolean
• .decode(signature, secret) ⇒ Object

  Return signed payload or raise.

• .sign(payload, secret, options = {}) ⇒ Object

  Return jwt signature, pass hash of payload including channel and client_id.

• .validate(signature, channel, clientId, secret) ⇒ Object

  Return true if signature is valid and correspond to channel and clientId or raise.

Class Method Details

.authentication_required?(message, options = {}) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/faye/authentication.rb', line 42

def self.authentication_required?(message, options = {})
  subscription_or_channel = message['subscription'] || message['channel']
  return false unless (message['channel'] == '/meta/subscribe' || (!(message['channel'].start_with?('/meta/'))))
  whitelist_proc = options[:whitelist]
  if whitelist_proc
    begin
      return !whitelist_proc.call(subscription_or_channel)
    rescue => e
      error("Error caught when evaluating whitelist lambda : #{e.message}")
    end
  end
  true
end

.decode(signature, secret) ⇒ Object

Return signed payload or raise

# File 'lib/faye/authentication.rb', line 25

def self.decode(signature, secret)
  payload, _ = JWT.decode(signature, secret)
  payload
rescue JWT::ExpiredSignature
  raise ExpiredError
rescue
  raise AuthError
end

.sign(payload, secret, options = {}) ⇒ Object

Return jwt signature, pass hash of payload including channel and client_id

# File 'lib/faye/authentication.rb', line 19

def self.sign(payload, secret, options = {})
  options = {expires_at: Time.now + 12*3600, algorithm: 'HS256'}.merge(options)
  JWT.encode(payload.merge(exp: options[:expires_at].to_i), secret, options[:algorithm])
end

.validate(signature, channel, clientId, secret) ⇒ Object

Return true if signature is valid and correspond to channel and clientId or raise

Raises:

• (PayloadError)

# File 'lib/faye/authentication.rb', line 35

def self.validate(signature, channel, clientId, secret)
  payload = self.decode(signature, secret)
  raise PayloadError if channel.to_s.empty? || clientId.to_s.empty?
  raise PayloadError unless channel == payload['channel'] && clientId == payload['clientId']
  true
end