Class: Otto::Security::Authentication::RouteAuthWrapper

Inherits:

Object

• Object
• Otto::Security::Authentication::RouteAuthWrapper

Defined in:

lib/otto/security/authentication/route_auth_wrapper.rb

Overview

Wraps route handlers with authentication and authorization

This is the main orchestrator that:

• Sets anonymous StrategyResult for unauthenticated routes

• Enforces authentication for protected routes

• Supports multi-strategy with OR logic (first success wins)

• Performs Layer 1 (route-level) role authorization

Examples:

Basic usage

wrapper = RouteAuthWrapper.new(handler, route_def, auth_config)
response = wrapper.call(env)

See Also:

• for strategy lookup
• for error responses
• for role checking

Instance Attribute Summary

• #auth_config ⇒ Object readonly

  Returns the value of attribute auth_config.

• #route_definition ⇒ Object readonly

  Returns the value of attribute route_definition.

• #security_config ⇒ Object readonly

  Returns the value of attribute security_config.

• #wrapped_handler ⇒ Object readonly

  Returns the value of attribute wrapped_handler.

Instance Method Summary

• #call(env, extra_params = {}) ⇒ Array

  Execute authentication then call wrapped handler.

• #initialize(wrapped_handler, route_definition, auth_config, security_config = nil) ⇒ RouteAuthWrapper constructor

  A new instance of RouteAuthWrapper.

Constructor Details

#initialize(wrapped_handler, route_definition, auth_config, security_config = nil) ⇒ RouteAuthWrapper

Returns a new instance of RouteAuthWrapper.

# File 'lib/otto/security/authentication/route_auth_wrapper.rb', line 29

def initialize(wrapped_handler, route_definition, auth_config, security_config = nil)
  @wrapped_handler  = wrapped_handler
  @route_definition = route_definition
  @auth_config      = auth_config
  @security_config  = security_config

  # Initialize extracted components
  @strategy_resolver = RouteAuthWrapperComponents::StrategyResolver.new(auth_config)
  @response_builder  = RouteAuthWrapperComponents::ResponseBuilder.new(route_definition, auth_config, security_config)
  @role_authorizer   = RouteAuthWrapperComponents::RoleAuthorization.new(route_definition)
end

Instance Attribute Details

#auth_config ⇒ Object (readonly)

Returns the value of attribute auth_config.

# File 'lib/otto/security/authentication/route_auth_wrapper.rb', line 27

def auth_config
  @auth_config
end

#route_definition ⇒ Object (readonly)

Returns the value of attribute route_definition.

# File 'lib/otto/security/authentication/route_auth_wrapper.rb', line 27

def route_definition
  @route_definition
end

#security_config ⇒ Object (readonly)

Returns the value of attribute security_config.

# File 'lib/otto/security/authentication/route_auth_wrapper.rb', line 27

def security_config
  @security_config
end

#wrapped_handler ⇒ Object (readonly)

Returns the value of attribute wrapped_handler.

# File 'lib/otto/security/authentication/route_auth_wrapper.rb', line 27

def wrapped_handler
  @wrapped_handler
end

Instance Method Details

#call(env, extra_params = {}) ⇒ Array

Execute authentication then call wrapped handler

Parameters:

• env (Hash) —

  Rack environment

• extra_params (Hash) (defaults to: {}) —

  Additional parameters

Returns:

• (Array) —

  Rack response array

# File 'lib/otto/security/authentication/route_auth_wrapper.rb', line 46

def call(env, extra_params = {})
  auth_requirements = route_definition.auth_requirements

  # Routes without auth requirement get anonymous StrategyResult
  return handle_anonymous_route(env, extra_params) if auth_requirements.empty?

  # Validate all strategies exist before executing any (fail-fast)
  validation_error = validate_strategies(auth_requirements, env)
  return validation_error if validation_error

  # Try each strategy in order (first success wins)
  authenticate_and_authorize(env, extra_params, auth_requirements)
end