Module: Useless::Rack::Middleware::Authentication::AccessToken

Included in:

QueryString, RequestHeader

Defined in:

lib/useless/rack/middleware/authentication/access_token.rb

Overview

The ‘Authentication::AccessToken` module defines the behavior for access- token-based authentication middleware. The middlewares are responsible only for providing the access token via the `#access_token_for_env` method.

Instance Method Summary

• #call(env) ⇒ Object
• #initialize(app) ⇒ Object

Instance Method Details

#call(env) ⇒ Object

# File 'lib/useless/rack/middleware/authentication/access_token.rb', line 14

def call(env)
  # If we don't already have a user set in the environment,
  unless env['useless.user']
    # check to see if an access token was specified.
    if access_token = access_token_for_env(env)
      # If so, and a corresponding user can be found,
      if user = env['useless.mongo']['users'].find_one('access_token' => access_token)
        # set 'useless.user' in the environment.
        env['useless.user'] = user
      else
        # Otherwise, return a 401 Unauthorized.
        return [401, {'Content-Type' => 'text/plain'}, ["Invalid access token: #{access_token}"]]
      end
    end
  end

  @app.call(env)
end

#initialize(app) ⇒ Object

# File 'lib/useless/rack/middleware/authentication/access_token.rb', line 10

def initialize(app)
  @app = app
end