Class: Clerk::RackMiddlewareV2

Inherits:
Object
  • Object
show all
Defined in:
lib/clerk/rack_middleware_v2.rb

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ RackMiddlewareV2

Returns a new instance of RackMiddlewareV2.



61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
 
# File 'lib/clerk/rack_middleware_v2.rb', line 61

def initialize(app)
  @app = app
  @excluded_routes = {}
  @excluded_routes_wildcards = []

  Clerk.configuration.excluded_routes.each do |route|
    route = route.strip

    if route.ends_with?("/*")
      @excluded_routes_wildcards << route[0..-2]
    else
      @excluded_routes[route] = true
    end
  end

  @excluded_routes_wildcards.uniq!
end

Instance Method Details

#call(env) ⇒ Object 



79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
 
# File 'lib/clerk/rack_middleware_v2.rb', line 79

def call(env)
  env = env
  req = Rack::Request.new(env)

  if @excluded_routes[req.path]
    return @app.call(env)
  end

  @excluded_routes_wildcards.each do |route|
    return @app.call(env) if req.path.starts_with?(route)
  end

  env["clerk"] = Clerk::ProxyV2.new
  header_token = req.env["HTTP_AUTHORIZATION"]
  header_token = header_token.strip.sub(/\ABearer /, '') if header_token
  cookie_token = req.cookies["__session"]
  client_uat = req.cookies["__client_uat"]

  ##########################################################################
  #                                                                        #
  #                          HEADER AUTHENTICATION                         #
  #                                                                        #
  ##########################################################################
  if header_token
    begin
      return signed_out(env) if !sdk.decode_token(header_token) # malformed JWT
    rescue JWT::DecodeError
      return signed_out(env)  # malformed JSON authorization header
    end
    
    token = verify_token(header_token)
    return signed_in(env, token, header_token) if token

    # Clerk.js should refresh the token and retry
    return unknown(interstitial: false)
  end

  # in cross-origin XHRs the use of Authorization header is mandatory.
  if cross_origin_request?(req)
    return signed_out(env)
  end

  if development_or_staging? && !browser_request?(req)
    # the interstitial won't work if the user agent is not a browser, so
    # short-circuit and avoid rendering it
    #
    # We only limit this to dev/stg because we're not yet sure how robust
    # this strategy is, yet. In the future, we might enable it for prod too.
    return signed_out(env)
  end

  ##########################################################################
  #                                                                        #
  #                             COOKIE AUTHENTICATION                      #
  #                                                                        #
  ##########################################################################
  if development_or_staging? && (req.referrer.nil? || cross_origin_request?(req))
    return unknown(interstitial: true)
  end

  if production? && client_uat.nil?
    return signed_out(env)
  end

  if client_uat == "0"
    return signed_out(env)
  end

  token = verify_token(cookie_token)

  if token && token["iat"] && client_uat && Integer(client_uat) <= token["iat"]
    return signed_in(env, token, cookie_token)
  end

  unknown(interstitial: true)
end