Class: Cerberus::Jwt

Inherits:

Object

• Object
• Cerberus::Jwt

Defined in:

lib/cerberus/jwt.rb

Defined Under Namespace

Classes: EmptyJWT

Constant Summary

JWT_OPTIONS =

{
  algorithm: Cerberus.config.jwt.algorithm || ENV["JWT_ALGORITHM"],
  iss: Cerberus.config.jwt.issuer || ENV["JWT_ISSUER"],
  verify_iss: true,
  verify_iat: true
}.freeze

JWT_ERRORS =

{
  JWT::ExpiredSignature => {
    status: 403, body: "The token has expired."
  },
  JWT::InvalidIssuerError => {
    status: 403, body: "The token does not have a valid issuer."
  },
  JWT::InvalidIatError => {
    status: 403, body: "The token does not have a valid 'issued at' time."
  },
  JWT::DecodeError => {
    status: 401, body: "A valid token must be passed."
  },
  KeyError => {
    status: 401, body: "HTTP_AUTHORIZATION header must be present."
  }
}.freeze

JWT_RSA_PUBLIC =

OpenSSL::PKey::RSA.new(Base64.decode64(Cerberus.config.jwt.rsa_public))

Class Method Summary

• .respond_with(status_code, message) ⇒ Object

Instance Method Summary

• #call(env) ⇒ Object
• #initialize(app) ⇒ Jwt constructor

  A new instance of Jwt.

Constructor Details

#initialize(app) ⇒ Jwt

# File 'lib/cerberus/jwt.rb', line 43

def initialize(app)
  @app = app
end

Class Method Details

.respond_with(status_code, message) ⇒ Object

# File 'lib/cerberus/jwt.rb', line 62

def self.respond_with(status_code, message)
  [status_code, { "Content-Type" => "text/plain" }, [message]]
end

Instance Method Details

#call(env) ⇒ Object

# File 'lib/cerberus/jwt.rb', line 47

def call(env)
  if Cerberus.config.jwt.enabled.call(env)
    auth_token = env.fetch("HTTP_AUTHORIZATION").gsub(/bearer /i, "")
    _payload, _header = JWT.decode(auth_token, JWT_RSA_PUBLIC, true, JWT_OPTIONS)
  end

  @app.call(env)
rescue StandardError => error
  if JWT_ERRORS.keys.include?(error.class)
    self.class.respond_with(*JWT_ERRORS.fetch(error.class).values)
  else
    raise error
  end
end