Class: Clerk::RackMiddlewareV2

Inherits:
Object
  • Object
show all
Defined in:
lib/clerk/rack_middleware_v2.rb

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ RackMiddlewareV2

Returns a new instance of RackMiddlewareV2.



79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
 
# File 'lib/clerk/rack_middleware_v2.rb', line 79

def initialize(app)
  @app = app
  @excluded_routes = {}
  @excluded_routes_wildcards = []

  Clerk.configuration.excluded_routes.each do |route|
    route = route.strip

    if route.ends_with?("/*")
      @excluded_routes_wildcards << route[0..-2]
    else
      @excluded_routes[route] = true
    end
  end

  @excluded_routes_wildcards.uniq!
end

Instance Method Details

#call(env) ⇒ Object 



97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
 
# File 'lib/clerk/rack_middleware_v2.rb', line 97

def call(env)
  env = env
  req = Rack::Request.new(env)

  if @excluded_routes[req.path]
    return @app.call(env)
  end

  @excluded_routes_wildcards.each do |route|
    return @app.call(env) if req.path.starts_with?(route)
  end

  env["clerk"] = Clerk::ProxyV2.new
  header_token = req.env["HTTP_AUTHORIZATION"]
  header_token = header_token.strip.sub(/\ABearer /, '') if header_token
  cookie_token = req.cookies["__session"]
  client_uat = req.cookies["__client_uat"]

  ##########################################################################
  #                                                                        #
  #                          HEADER AUTHENTICATION                         #
  #                                                                        #
  ##########################################################################
  if header_token
    begin
      return signed_out(env) if !sdk.decode_token(header_token) # malformed JWT
    rescue JWT::DecodeError
      return signed_out(env)  # malformed JSON authorization header
    end

    begin
      token = verify_token(header_token)
      return signed_in(env, token, header_token) if token
    rescue JWT::ExpiredSignature, JWT::InvalidIatError
      unknown(interstitial: false)
    end

    # Clerk.js should refresh the token and retry
    return unknown(interstitial: false)
  end

  # in cross-origin XHRs the use of Authorization header is mandatory.
  if cross_origin_request?(req)
    return signed_out(env)
  end

  if development_or_staging? && !browser_request?(req)
    # the interstitial won't work if the user agent is not a browser, so
    # short-circuit and avoid rendering it
    #
    # We only limit this to dev/stg because we're not yet sure how robust
    # this strategy is, yet. In the future, we might enable it for prod too.
    return signed_out(env)
  end

  ##########################################################################
  #                                                                        #
  #                             COOKIE AUTHENTICATION                      #
  #                                                                        #
  ##########################################################################
  if development_or_staging? && (req.referrer.nil? || cross_origin_request?(req))
    return unknown(interstitial: true)
  end

  if production? && client_uat.nil?
    return signed_out(env)
  end

  if client_uat == "0"
    return signed_out(env)
  end

  begin
    token = verify_token(cookie_token)
    return signed_out(env) if !token

    if token["iat"] && client_uat && Integer(client_uat) <= token["iat"]
      return signed_in(env, token, cookie_token)
    end
  rescue JWT::ExpiredSignature, JWT::InvalidIatError
    unknown(interstitial: true)
  end

  unknown(interstitial: true)
end