Class: Triannon::ApplicationController

Inherits:

ActionController::Base

• Object
• ActionController::Base
• Triannon::ApplicationController

Defined in:

app/controllers/triannon/application_controller.rb

Direct Known Subclasses

AnnotationsController, AuthController, SearchController

Instance Method Summary

• #access_token_data ⇒ Object

  Extract access login data for a session.

• #access_token_error(msg = nil, status = 401) ⇒ Object

  Issue an access token error.

• #access_token_expired?(timestamp) ⇒ Boolean
• #access_token_generate(data) ⇒ Object

  construct and encrypt an access token, using login data save the token into session.

• #access_token_valid? ⇒ Boolean

  decrypt, parse and validate access token.

• #json_response(data, status) ⇒ Object
• #json_type_accepted ⇒ Object

  Response content type to match an HTTP accept type for JSON formats.

Instance Method Details

#access_token_data ⇒ Object

Extract access login data for a session.

# File 'app/controllers/triannon/application_controller.rb', line 28

def access_token_data
  @access_data ||= begin
    data = {}
    auth = request.headers['Authorization']
    if auth.nil? || auth !~ /^Bearer/ || session[:access_token].nil?
      access_token_error
    else
      token = auth.split.last
      if token == session[:access_token]
        timestamp, salt = session[:access_data]
        if access_token_expired?(timestamp)
          access_token_error('Access token expired')
        else
          key = ActiveSupport::KeyGenerator.new(timestamp).generate_key(salt)
          crypt = ActiveSupport::MessageEncryptor.new(key)
          data = crypt.decrypt_and_verify(token)
        end
      else
        access_token_error('Access code does not match login session')
      end
    end
    data
  rescue
    access_token_error('Failed to validate access code')
    data
  end
end

#access_token_error(msg = nil, status = 401) ⇒ Object

Issue an access token error

# File 'app/controllers/triannon/application_controller.rb', line 67

def access_token_error(msg=nil, status=401)
  msg ||= 'Access token required'
  err = {
    error: 'invalidRequest',
    errorDescription: msg,
    errorUri: 'http://image-auth.iiif.io/api/image/2.1/authentication.html#access-token-service'
  }
  json_response(err, status)
end

#access_token_expired?(timestamp) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/controllers/triannon/application_controller.rb', line 56

def access_token_expired?(timestamp)
  elapsed = Time.now.to_i - timestamp.to_i  # sec since code was issued
  elapsed >= Triannon.config[:access_token_expiry]
end

#access_token_generate(data) ⇒ Object

construct and encrypt an access token, using login data save the token into session

# File 'app/controllers/triannon/application_controller.rb', line 17

def access_token_generate(data)
  timestamp = Time.now.to_i.to_s # seconds since epoch
  salt  = SecureRandom.base64(64)
  key   = ActiveSupport::KeyGenerator.new(timestamp).generate_key(salt)
  crypt = ActiveSupport::MessageEncryptor.new(key)
  session[:access_data] = [timestamp, salt]
  session[:access_token] = crypt.encrypt_and_sign(data)
end

#access_token_valid? ⇒ Boolean

decrypt, parse and validate access token

Returns:

• (Boolean)

# File 'app/controllers/triannon/application_controller.rb', line 62

def access_token_valid?
  not access_token_data.empty?
end

#json_response(data, status) ⇒ Object

Parameters:

• data (Hash) —

  Hash.to_json is rendered

• status (Integer) —

  HTTP status code

# File 'app/controllers/triannon/application_controller.rb', line 84

def json_response(data, status)
  render json: data.to_json, content_type: json_type_accepted, status: status
end

#json_type_accepted ⇒ Object

Response content type to match an HTTP accept type for JSON formats

# File 'app/controllers/triannon/application_controller.rb', line 89

def json_type_accepted
  mime_type_from_accept(['application/json', 'text/x-json', 'application/jsonrequest'])
end