Class: Devise::JWT::Cookie::Middleware

Inherits:
Object
  • Object
show all
Defined in:
lib/devise/jwt/cookie/middleware.rb

Constant Summary collapse

ENV_KEY =
'warden-jwt_auth.token'

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ Middleware

Returns a new instance of Middleware.



9
10
11
12
# File 'lib/devise/jwt/cookie/middleware.rb', line 9

def initialize(app)
  @app = app
  @config = Warden::JWTAuth.config
end

Instance Attribute Details

#appObject (readonly)

Returns the value of attribute app.



7
8
9
# File 'lib/devise/jwt/cookie/middleware.rb', line 7

def app
  @app
end

#configObject (readonly)

Returns the value of attribute config.



7
8
9
# File 'lib/devise/jwt/cookie/middleware.rb', line 7

def config
  @config
end

Instance Method Details

#call(env) ⇒ Object



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# File 'lib/devise/jwt/cookie/middleware.rb', line 14

def call(env)
  token_should_be_revoked = token_should_be_revoked?(env)
  if token_should_be_revoked
    # add the Authorization header, devise-jwt needs this to revoke tokens
    # we need to make sure this is done before the other middleware is run
    request = ActionDispatch::Request.new(env)
    env['HTTP_AUTHORIZATION'] = "Bearer #{CookieHelper.new.read_from(request.cookies)}"
  end

  status, headers, response = app.call(env)
  if headers['Authorization'] && env[ENV_KEY]
    name, cookie = CookieHelper.new.build(env[ENV_KEY])
    Rack::Utils.set_cookie_header!(headers, name, cookie)
  elsif token_should_be_revoked
    name, cookie = CookieHelper.new.build(nil)
    Rack::Utils.set_cookie_header!(headers, name, cookie)
  end
  [status, headers, response]
end

#token_should_be_revoked?(env) ⇒ Boolean

Returns:

  • (Boolean)


34
35
36
37
38
39
40
41
42
43
44
# File 'lib/devise/jwt/cookie/middleware.rb', line 34

def token_should_be_revoked?(env)
  path_info = env['PATH_INFO'] || ''
  method = env['REQUEST_METHOD']
  revocation_requests = config.revocation_requests
  revocation_requests.each do |tuple|
    revocation_method, revocation_path = tuple
    return true if path_info.match(revocation_path) &&
                   method == revocation_method
  end
  false
end