Class: Koi::Middleware::AdminAuthentication

Inherits:
Object
  • Object
show all
Defined in:
lib/koi/middleware/admin_authentication.rb

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ AdminAuthentication

Returns a new instance of AdminAuthentication.



6
7
8
 
# File 'lib/koi/middleware/admin_authentication.rb', line 6

def initialize(app)
  @app = app
end

Instance Method Details

#admin_call(env) ⇒ Object 



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/koi/middleware/admin_authentication.rb', line 18

def admin_call(env)
  request = ActionDispatch::Request.new(env)
  cookies = request.cookie_jar

  # Always retrieve user to ensure we are not vulnerable to timing attacks
  if (token         = bearer_token(request:)).present?
    Koi::Current.device_authorization = find_device_authentication(token:)

    # disable Rails session for API requests
    request.session_options[:skip]    = true
  elsif (session_id = cookies.signed[:admin_session_id]).present?
    Koi::Current.session = find_admin_session(session_id:)
  end

  # Remove from session if not found
  cookies.delete(:admin_session_id) unless authenticated?

  if requires_authentication?(request) && !authenticated?
    unauthorized_response(request)
  else
    @app.call(env)
  end
ensure
  Koi::Current.reset
end

#call(env) ⇒ Object 



10
11
12
13
14
15
16
 
# File 'lib/koi/middleware/admin_authentication.rb', line 10

def call(env)
  if env["PATH_INFO"].starts_with?("/admin")
    admin_call(env)
  else
    @app.call(env)
  end
end