Class: AuthMiddleware

Inherits:
Object
  • Object
show all
Defined in:
app/middleware/auth_middleware.rb

Constant Summary collapse

MAX_SESSION_AGE =

Session expires after 8 hours of inactivity

60 * 60 * 8

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ AuthMiddleware

Returns a new instance of AuthMiddleware.



5
6
7
 
# File 'app/middleware/auth_middleware.rb', line 5

def initialize(app)
  @app = app
end

Instance Method Details

#call(env) ⇒ Object 



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'app/middleware/auth_middleware.rb', line 9

def call(env)
  # Debug: Check what session keys are available
  # puts "DEBUG KEYS: #{env.keys.select{|k| k.include?('session')}}"
  
  env['eks_cent.session'] ||= env['rack.session'] || {}
  session = env['eks_cent.session']

  # Check for session expiry
  user_id = session['user_id'] || session[:user_id]
  last_active = session['last_active_at'] || session[:last_active_at]

  if user_id && last_active
    age = Time.now.to_i - last_active.to_i
    if age > MAX_SESSION_AGE
      # Clear session if expired
      ['user_id', :user_id, 'username', :username, 'last_active_at', :last_active_at].each { |k| session.delete(k) }
      
      if requires_auth?(env['PATH_INFO'])
        return [302, { 'Location' => '/login?reason=expired' }, []]
      end
    else
      # Update last active time to extend session (sliding expiration)
      session['last_active_at'] = Time.now.to_i
    end
  elsif user_id
    # If logged in but no last_active_at (legacy session), set it now
    session['last_active_at'] = Time.now.to_i
  end

  # If the route requires authentication and user is not logged in
  logged_in = session['user_id'] || session[:user_id] || session['username'] || session[:username]
  if requires_auth?(env['PATH_INFO']) && !logged_in
    return [302, { 'Location' => '/login' }, []]
  end

  @app.call(env)
end