Class: Otto::Security::AuthenticationMiddleware

Inherits:
Object
  • Object
show all
Defined in:
lib/otto/security/authentication.rb

Overview

Authentication middleware that enforces route-level auth requirements

Instance Method Summary collapse

Constructor Details

#initialize(app, config = {}) ⇒ AuthenticationMiddleware

Returns a new instance of AuthenticationMiddleware.



204
205
206
207
208
209
210
211
212
 
# File 'lib/otto/security/authentication.rb', line 204

def initialize(app, config = {})
  @app = app
  @config = config
  @strategies = config[:auth_strategies] || {}
  @default_strategy = config[:default_auth_strategy] || 'publically'

  # Add default public strategy if not provided
  @strategies['publically'] ||= PublicStrategy.new
end

Instance Method Details

#call(env) ⇒ Object 



214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
 
# File 'lib/otto/security/authentication.rb', line 214

def call(env)
  # Check if this route has auth requirements
  route_definition = env['otto.route_definition']
  return @app.call(env) unless route_definition

  auth_requirement = route_definition.auth_requirement
  return @app.call(env) unless auth_requirement

  # Find appropriate strategy
  strategy = find_strategy(auth_requirement)
  unless strategy
    return auth_error_response("Unknown authentication strategy: #{auth_requirement}")
  end

  # Perform authentication
  auth_result = strategy.authenticate(env, auth_requirement)

  if auth_result.success?
    # Add user context to environment for handlers to use
    env['otto.user_context'] = auth_result.user_context
    env['otto.auth_result'] = auth_result
    @app.call(env)
  else
    auth_error_response(auth_result.failure_reason)
  end
end