Class: Triannon::ApplicationController

Inherits:

ActionController::Base

Object
ActionController::Base
Triannon::ApplicationController

show all

Defined in:: app/controllers/triannon/application_controller.rb

Direct Known Subclasses

AnnotationsController, AuthController, SearchController

Instance Method Summary collapse

#access_token_data(headers) ⇒ Object

Extract access login data from Authorization header, if it is valid.
#access_token_generate(data) ⇒ Object

construct and encrypt an access token, using login data save the token into session.
#access_token_valid?(code) ⇒ Boolean

decrypt, parse and validate access token.

Instance Method Details

#access_token_data(headers) ⇒ `Object`

Extract access login data from Authorization header, if it is valid.

Parameters:

headers (Hash) —

request.headers with ‘Authorization’

# File 'app/controllers/triannon/application_controller.rb', line 45

def access_token_data(headers)
  auth = headers['Authorization']
  unless auth.nil? || auth !~ /^Bearer/
    token = auth.split.last
    access_token_valid?(token)
  end
end

#access_token_generate(data) ⇒ `Object`

construct and encrypt an access token, using login data save the token into session

# File 'app/controllers/triannon/application_controller.rb', line 17

def access_token_generate(data)
  timestamp = Time.now.to_i.to_s # seconds since epoch
  salt  = SecureRandom.base64(64)
  key   = ActiveSupport::KeyGenerator.new(timestamp).generate_key(salt)
  crypt = ActiveSupport::MessageEncryptor.new(key)
  session[:access_data] = [timestamp, salt]
  session[:access_token] = crypt.encrypt_and_sign([data, timestamp])
end

#access_token_valid?(code) ⇒ `Boolean`

decrypt, parse and validate access token

Returns:

(Boolean)

# File 'app/controllers/triannon/application_controller.rb', line 27

def access_token_valid?(code)
  begin
    if code == session[:access_token]
      identity, salt = session[:access_data]
      key = ActiveSupport::KeyGenerator.new(identity).generate_key(salt)
      crypt = ActiveSupport::MessageEncryptor.new(key)
      data, timestamp = crypt.decrypt_and_verify(code)
      elapsed = Time.now.to_i - timestamp.to_i  # sec since token was issued
      return data if elapsed < Triannon.config[:access_token_expiry]
    end
  rescue ActiveSupport::MessageVerifier::InvalidSignature
    # This is an invalid code, so return nil (a falsy value).
  end
end