Class: Mpp::Server::Middleware

Inherits:

Object

Object
Mpp::Server::Middleware

show all

Extended by:: T::Sig

Defined in:: lib/mpp/server/middleware.rb

Overview

Rack middleware that gates endpoints behind payment verification.

The pricing proc determines which requests require payment and at what price. It receives the Rack env and must return a charge options hash (with at least :amount) or nil for free endpoints. The pricing proc MUST NOT produce side effects.

Payment is verified BEFORE the downstream app runs — if verification fails, the app never executes and a 402 challenge is returned.

Example:

use Mpp::Server::Middleware,
  handler: my_handler,
  pricing: ->(env) { {amount: "1.00"} if env["PATH_INFO"] == "/paid" }

Defined Under Namespace

Classes: RackInputCapture

Class Method Summary collapse

.mark_authorization_bound_response(headers) ⇒ Object

Instance Method Summary collapse

#call(env) ⇒ Object
#initialize(app, handler:, pricing:) ⇒ Middleware constructor
A new instance of Middleware.

Constructor Details

#initialize(app, handler:, pricing:) ⇒ `Middleware`

Returns a new instance of Middleware.

# File 'lib/mpp/server/middleware.rb', line 26

def initialize(app, handler:, pricing:)
  @app = T.let(app, T.untyped)
  @handler = T.let(handler, Mpp::Server::MppHandler)
  @pricing = T.let(pricing, T.untyped)
end

Class Method Details

.mark_authorization_bound_response(headers) ⇒ `Object`

# File 'lib/mpp/server/middleware.rb', line 63

def self.mark_authorization_bound_response(headers)
  headers["Cache-Control"] = "no-store"

  vary_values = headers["Vary"].to_s.split(",").map do |value|
    value.strip.downcase
  end
  return if vary_values.include?("*") || vary_values.include?("authorization")

  headers["Vary"] = [headers["Vary"], "Authorization"]
    .compact
    .reject(&:empty?)
    .join(", ")
end

Instance Method Details

#call(env) ⇒ `Object`

# File 'lib/mpp/server/middleware.rb', line 33

def call(env)
  charge_opts = @pricing.call(env)
  return @app.call(env) unless charge_opts

  authorization = env["HTTP_AUTHORIZATION"]
  body_capture = capture_request_body(env)

  request_body = body_capture&.materialize
  env["rack.input"] = StringIO.new(request_body || "") if body_capture

  amount = charge_opts[:amount]
  opts = charge_opts.except(:amount, :body)
  opts[:mppx_scope] ||= mppx_scope(env)

  result = @handler.charge(authorization, amount, **opts, body: request_body)

  if result.is_a?(Mpp::Challenge)
    resp = Mpp::Server::Decorator.make_challenge_response(result, @handler.realm)
    return [resp["status"], resp["headers"], [resp["body"]]]
  end

  _credential, receipt = result
  status, headers, body = @app.call(env)
  headers["Payment-Receipt"] = receipt.to_payment_receipt
  self.class.mark_authorization_bound_response(headers)

  [status, headers, body]
end