Class: Rack::Firebase::Middleware

Inherits:
Object
  • Object
show all
Defined in:
lib/rack/firebase/middleware.rb

Constant Summary collapse

USER_UID = 
"firebase.user.uid"

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ Middleware

Returns a new instance of Middleware.



9
10
11
12
13
14
15
16
 
# File 'lib/rack/firebase/middleware.rb', line 9

def initialize(app)
  @app = app

  @config = ::Rack::Firebase.configuration

  @jwt_loader = FIREBASE_KEY_LOADER
  @error_responder = DEFAULT_ERROR_RESPONDER
end

Instance Method Details

#call(env) ⇒ Object 



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/rack/firebase/middleware.rb', line 18

def call(env)
  token = AuthorizationHeader.read_token(env)
  decoded_token = TokenDecoder.new.call(token)

  raise Rack::Firebase::InvalidSubError.new("Invalid subject") if decoded_token["sub"].nil? || decoded_token["sub"] == ""
  raise Rack::Firebase::InvalidAuthTimeError.new("Invalid auth time") unless decoded_token["auth_time"] <= Time.now.to_i

  env[USER_UID] = decoded_token["sub"]
  @app.call(env)
rescue JWT::JWKError => error # Issues with fetched JWKs
  error_responder.call(error, "unauthorized")
rescue JWT::ExpiredSignature => error # Token has expired
  error_responder.call(error, "expired")
rescue JWT::InvalidIatError => error # invalid issued at claim (iat)
  error_responder.call(error, "unauthorized")
rescue JWT::InvalidIssuerError => error # invalid issuer
  error_responder.call(error, "unauthorized")
rescue JWT::InvalidAudError => error # invalid audience
  error_responder.call(error, "unauthorized")
rescue JWT::DecodeError => error # General JWT error
  error_responder.call(error, "unauthorized")
rescue Rack::Firebase::InvalidSubError => error # subject is empty or missing
  error_responder.call(error, "unauthorized")
rescue Rack::Firebase::InvalidAuthTimeError => error # auth time is in the future
  error_responder.call(error, "unauthorized")
end