Class: Otto::Security::APIKeyStrategy

Inherits:
AuthStrategy show all
Defined in:
lib/otto/security/authentication.rb

Overview

API key authentication strategy

Instance Method Summary collapse

Methods inherited from AuthStrategy

#user_context

Constructor Details

#initialize(api_keys: [], header_name: 'X-API-Key', param_name: 'api_key') ⇒ APIKeyStrategy

Returns a new instance of APIKeyStrategy.



144
145
146
147
148
 
# File 'lib/otto/security/authentication.rb', line 144

def initialize(api_keys: [], header_name: 'X-API-Key', param_name: 'api_key')
  @api_keys = Array(api_keys)
  @header_name = header_name
  @param_name = param_name
end

Instance Method Details

#authenticate(env, requirement) ⇒ Object 



150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
 
# File 'lib/otto/security/authentication.rb', line 150

def authenticate(env, requirement)
  # Try header first, then query parameter
  api_key = env["HTTP_#{@header_name.upcase.tr('-', '_')}"]

  if api_key.nil?
    request = Rack::Request.new(env)
    api_key = request.params[@param_name]
  end

  return failure('No API key provided') unless api_key

  if @api_keys.empty? || @api_keys.include?(api_key)
    success(api_key: api_key)
  else
    failure('Invalid API key')
  end
end