Class: Rack::Firebase::Middleware
- Inherits:
-
Object
- Object
- Rack::Firebase::Middleware
- Defined in:
- lib/rack/firebase/middleware.rb
Constant Summary collapse
- USER_UID =
"firebase.user.uid"
Instance Method Summary collapse
- #call(env) ⇒ Object
-
#initialize(app) ⇒ Middleware
constructor
A new instance of Middleware.
Constructor Details
#initialize(app) ⇒ Middleware
Returns a new instance of Middleware.
9 10 11 12 13 14 15 16 |
# File 'lib/rack/firebase/middleware.rb', line 9 def initialize(app) @app = app @config = ::Rack::Firebase.configuration @jwt_loader = FIREBASE_KEY_LOADER @error_responder = DEFAULT_ERROR_RESPONDER end |
Instance Method Details
#call(env) ⇒ Object
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
# File 'lib/rack/firebase/middleware.rb', line 18 def call(env) path = env.fetch("PATH_INFO", "no-match") if config.public_routes.none? { |r| r.match(path) } begin token = AuthorizationHeader.read_token(env) decoded_token = TokenDecoder.new.call(token) raise Rack::Firebase::InvalidSubError.new("Invalid subject") if decoded_token["sub"].nil? || decoded_token["sub"] == "" raise Rack::Firebase::InvalidAuthTimeError.new("Invalid auth time") unless decoded_token["auth_time"] <= Time.now.to_i env[USER_UID] = decoded_token["sub"] @app.call(env) rescue JWT::JWKError => error # Issues with fetched JWKs error_responder.call(error, "unauthorized") rescue JWT::ExpiredSignature => error # Token has expired error_responder.call(error, "expired") rescue JWT::InvalidIatError => error # invalid issued at claim (iat) error_responder.call(error, "unauthorized") rescue JWT::InvalidIssuerError => error # invalid issuer error_responder.call(error, "unauthorized") rescue JWT::InvalidAudError => error # invalid audience error_responder.call(error, "unauthorized") rescue JWT::DecodeError => error # General JWT error error_responder.call(error, "unauthorized") rescue Rack::Firebase::InvalidSubError => error # subject is empty or missing error_responder.call(error, "unauthorized") rescue Rack::Firebase::InvalidAuthTimeError => error # auth time is in the future error_responder.call(error, "unauthorized") end else @app.call(env) end end |