Module: Arc::HTTP::Session

Defined in:
lib/architect/http.rb

Class Method Summary collapse

Class Method Details

.read(request) ⇒ Object 



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
# File 'lib/architect/http.rb', line 9

def self.read(request)

  # look for the headers and return if theres nothing
  raw = request[:event]['headers']['cookie'] || false 
  return {} if raw == false

  # if we found cookie parse it; bail if _idx is missing
  parsed = raw.split(/=|;/).collect(&:strip)
  return {} unless parsed.include? '_idx'

  # return the decrypted payload
  payload = parsed[parsed.index('_idx') + 1]
  key = ENV['ARC_APP_SECRET'] || 'MDAwMDAwMDAwMDAwMDAwMA=='[0..15]
  JSON.parse(JWE.decrypt(payload, key))
end

.write(payload) ⇒ Object 



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/architect/http.rb', line 25

def self.write(payload)
  key = ENV['ARC_APP_SECRET'] || 'MDAwMDAwMDAwMDAwMDAwMA=='[0..15]
  encrypted = JWE.encrypt(payload.to_json, key, alg: 'dir', enc: 'A128GCM')
  maxAge = Time.at 788400000 * 1000
  CGI::Cookie.new(
    'name'=> '_idx', 
    'value'=>  encrypted,
    'maxAge'=> maxAge,
    'expires'=> maxAge,
    'secure'=> true,
    'httpOnly'=> true,
    'path'=> '/',
    'sameSite'=> 'lax'
  ).to_s
end