Class: Legate::Auth::Runner

Inherits:

Object

• Object
• Legate::Auth::Runner

Defined in:

lib/legate/auth/runner.rb

Overview

Runner provides the execution environment for fiber-based authentication flows. It handles creating and managing authentication coordinators, running tasks within a fiber, and handling authentication requests/responses.

Instance Method Summary

• #cancel_auth_flow(request_id, reason = nil) ⇒ Boolean

  Cancel an active authentication flow.

• #handle_auth_response(request_id, response) ⇒ Hash

  Handle an authentication response from the client.

• #initialize(session_service:, token_store: nil, token_manager: nil) ⇒ Runner constructor

  Initialize a new authentication runner.

• #run(task, context = nil) {|Hash, nil| ... } ⇒ Object

  Run a task within a fiber with authentication handling.

Constructor Details

#initialize(session_service:, token_store: nil, token_manager: nil) ⇒ Runner

Initialize a new authentication runner

Parameters:

• session_service (Legate::SessionService::Base) —

  The session service for persistence

• token_store (Legate::Auth::TokenStore, nil) (defaults to: nil) —

  Optional token store for caching tokens

• token_manager (Legate::Auth::TokenManager, nil) (defaults to: nil) —

  Optional token manager for lifecycle management

# File 'lib/legate/auth/runner.rb', line 21

def initialize(session_service:, token_store: nil, token_manager: nil)
  @session_service = session_service
  @token_store = token_store || TokenStore.new(session_service)
  @token_manager = token_manager || TokenManager.new(@token_store)
  @active_coordinators = {}
end

Instance Method Details

#cancel_auth_flow(request_id, reason = nil) ⇒ Boolean

Cancel an active authentication flow

Parameters:

• request_id (String) —

  The request ID for the authentication flow

• reason (String, nil) (defaults to: nil) —

  Optional reason for cancellation

Returns:

• (Boolean) —

  True if the flow was successfully cancelled

# File 'lib/legate/auth/runner.rb', line 135

def cancel_auth_flow(request_id, reason = nil)
  coordinator = @active_coordinators[request_id]

  return false unless coordinator

  result = coordinator.cancel(reason)
  @active_coordinators.delete(request_id) if result
  result
end

#handle_auth_response(request_id, response) ⇒ Hash

Handle an authentication response from the client

Parameters:

• request_id (String) —

  The request ID for the authentication flow

• response (Hash) —

  The response from the client

Returns:

• (Hash) —

  The result of handling the response

# File 'lib/legate/auth/runner.rb', line 86

def handle_auth_response(request_id, response)
  coordinator = @active_coordinators[request_id]

  unless coordinator
    return {
      status: :error,
      error: "No active authentication flow found for request ID: #{request_id}"
    }
  end

  begin
    result = coordinator.resume(response)

    if coordinator.complete?
      if coordinator.success?
        # Authentication completed successfully
        @active_coordinators.delete(request_id)
        {
          status: :completed,
          credential: result
        }
      else
        # Authentication failed
        @active_coordinators.delete(request_id)
        {
          status: :failed,
          error: coordinator.error&.message || 'Authentication failed'
        }
      end
    else
      # Authentication is still in progress, return the next request
      {
        status: :pending,
        request: result
      }
    end
  rescue StandardError => e
    @active_coordinators.delete(request_id)
    {
      status: :error,
      error: "Error handling authentication response: #{e.message}"
    }
  end
end

#run(task, context = nil) {|Hash, nil| ... } ⇒ Object

Run a task within a fiber with authentication handling

Parameters:

• task (Proc) —

  The task to run

• context (Object) (defaults to: nil) —

  The context to run the task in (typically ToolContext)

Yields:

• (Hash, nil) —

  Optional block to handle authentication requests

Returns:

• (Object) —

  The result of the task

Raises:

• (Legate::Auth::Error) —

  If authentication fails

# File 'lib/legate/auth/runner.rb', line 34

def run(task, context = nil, &auth_handler)
  raise ArgumentError, 'Task must be a Proc or lambda' unless task.is_a?(Proc)

  # Create a fiber for the task
  task_fiber = Fiber.new do
    # Make the auth_session method available in the context
    if context && !context.respond_to?(:auth_session)
      context.define_singleton_method(:auth_session) do |scheme, credential, **opts|
        Fiber.yield({
                      action: :authenticate,
                      scheme: scheme,
                      credential: credential,
                      options: opts
                    })
      end
    end

    # Run the task
    task.call
  rescue StandardError => e
    { error: e }
  end

  # Start the fiber
  result = nil
  loop do
    # Resume the fiber and get the next result/yield
    result = task_fiber.resume

    # If the fiber has completed (not yielded), return the result
    break unless task_fiber.alive?

    # Handle authentication requests
    if result.is_a?(Hash) && result[:action] == :authenticate
      handle_authentication_request(result, task_fiber, &auth_handler)
    else
      # For other types of yields, just pass them to the handler if provided
      response = auth_handler ? auth_handler.call(result) : nil
      result = task_fiber.resume(response)
    end
  end

  # If the result is an error hash, raise it
  raise result[:error] if result.is_a?(Hash) && result[:error]

  result
end