16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
# File 'app/openbel/api/middleware/auth.rb', line 16
def self.check_cookie(env)
cookie_hdr = env['HTTP_COOKIE']
auth_hdr = env['HTTP_AUTHORIZATION']
if cookie_hdr.nil? and auth_hdr.nil?
raise 'missing authorization cookie/header'
end
if not cookie_hdr.nil?
cookies = cookie_hdr.split('; ')
selected = cookies.select {|x| x.start_with?('jwt=') }
if selected.size > 0
tokens = selected[0].split('=')
if tokens.size > 1
token = tokens[1]
end
end
if token.nil?
raise 'missing authorization cookie'
end
end
if not auth_hdr.nil?
tokens = auth_hdr.split('Bearer ')
if tokens.size == 2
token = tokens[1]
end
if token.nil?
raise 'missing authorization header'
end
end
secret = OpenBEL::Settings[:auth][:secret]
secret = Base64.decode64(secret)
verify = true
options = {}
begin
decoded_token = decode(token, secret, verify, options)
rescue ::JWT::VerificationError => ve
raise 'invalid authorization token'
rescue ::JWT::DecodeError => je
puts je.inspect
raise 'malformed authorization token'
end
env['jwt.header'] = decoded_token.last unless decoded_token.nil?
env['jwt.payload'] = decoded_token.first unless decoded_token.nil?
exp = env['jwt.payload']['exp']
now = Time.now.to_i
if now > exp
raise 'token expired'
end
env['email'] = env['jwt.payload']['email']
end
|