Class: BSV::Auth::AuthMiddleware

Inherits:

Object

• Object
• BSV::Auth::AuthMiddleware

Defined in:

lib/bsv/auth/auth_middleware.rb

Overview

Rack middleware providing BRC-104 server-side authentication.

Intercepts three categories of request:

1. POST /.well-known/auth — BRC-31 handshake (initialRequest, certificateRequest, etc.). Delegates to an internal Peer instance via BridgeTransport.

2. Requests carrying x-bsv-auth-* headers — general authenticated messages. Verifies the signature, calls the downstream app, and signs the response.

3. Everything else — passed through to the downstream app unchanged.

Examples:

Mounting in a Rack application

use BSV::Auth::AuthMiddleware, wallet: my_wallet

Constant Summary

RACK_INPUT =

Rack env key for the request input IO.

'rack.input'

REQUEST_METHOD =

Rack env key for the HTTP method.

'REQUEST_METHOD'

PATH_INFO =

Rack env key for the URL path.

'PATH_INFO'

QUERY_STRING =

Rack env key for the query string.

'QUERY_STRING'

AUTH_ENDPOINT =

Well-known path for BRC-31 handshake messages.

'/.well-known/auth'

HTTP_PREFIX =

Rack env prefix for HTTP headers.

'HTTP_'

Instance Method Summary

• #call(env) ⇒ Array

  Processes a Rack request.

• #initialize(app, wallet:, session_manager: nil, certificates_to_request: nil) ⇒ AuthMiddleware constructor

  A new instance of AuthMiddleware.

Constructor Details

#initialize(app, wallet:, session_manager: nil, certificates_to_request: nil) ⇒ AuthMiddleware

Returns a new instance of AuthMiddleware.

Parameters:

• app (#call) —

  downstream Rack application

• wallet (BSV::Wallet::Interface) —

  server wallet for signing and verification

• session_manager (SessionManager, nil) (defaults to: nil) —

  optional; defaults to a new SessionManager

• certificates_to_request (Hash, nil) (defaults to: nil) —

  optional certificate requirements

# File 'lib/bsv/auth/auth_middleware.rb', line 46

def initialize(app, wallet:, session_manager: nil, certificates_to_request: nil)
  @app             = app
  @wallet          = wallet
  @session_manager = session_manager || SessionManager.new

  @bridge    = BridgeTransport.new
  @peer      = Peer.new(
    wallet: wallet,
    transport: @bridge,
    session_manager: @session_manager,
    certificates_to_request: certificates_to_request
  )
end

Instance Method Details

#call(env) ⇒ Array

Processes a Rack request.

Parameters:

• env (Hash) —

  Rack environment

Returns:

• (Array) —

  Rack response triplet [status, headers, body]

# File 'lib/bsv/auth/auth_middleware.rb', line 64

def call(env)
  if well_known_auth_request?(env)
    handle_auth_endpoint(env)
  elsif auth_headers?(env)
    handle_authenticated_request(env)
  else
    @app.call(env)
  end
end