Class: Specwrk::Web::Auth

Inherits:

Object

• Object
• Specwrk::Web::Auth

Defined in:

lib/specwrk/web/auth.rb

Instance Method Summary

• #call(env) ⇒ Object
• #initialize(app, excluded_paths = []) ⇒ Auth constructor

  A new instance of Auth.

Constructor Details

#initialize(app, excluded_paths = []) ⇒ Auth

Returns a new instance of Auth.

# File 'lib/specwrk/web/auth.rb', line 8

def initialize(app, excluded_paths = [])
  @app = app
  @excluded_paths = excluded_paths
end

Instance Method Details

#call(env) ⇒ Object

# File 'lib/specwrk/web/auth.rb', line 13

def call(env)
  @request = env[:request] ||= Rack::Request.new(env)

  return @app.call(env) if [nil, ""].include? ENV["SPECWRK_SRV_KEY"]
  return @app.call(env) if @excluded_paths.include? env[:request].path_info

  auth = Rack::Auth::AbstractRequest.new(env)

  return unauthorized unless auth.provided?
  return unauthorized unless auth.scheme == "bearer"
  return unauthorized unless Rack::Utils.secure_compare(auth.params, ENV["SPECWRK_SRV_KEY"])

  @app.call(env)
end