Class: Otto::CaddyTLS::PermissionHandler
- Inherits:
-
Object
- Object
- Otto::CaddyTLS::PermissionHandler
- Defined in:
- lib/otto/caddy_tls/server.rb
Overview
Class-method route handler for the permission endpoint.
The owning Server is resolved per-request from the Otto instance the dispatcher binds to this class (+Otto::Route::ClassMethods#otto+), NOT a class-level global. That keeps multiple Otto instances in one process isolated: each endpoint consults its own permission block. (This shares the same per-request class-accessor mechanism the rest of Otto uses for class-method handlers.)
Class Method Summary collapse
-
.handle(req, res) ⇒ Otto::Response
Handle a permission request.
-
.respond(req, res, status, body) ⇒ Otto::Response
Class Method Details
.handle(req, res) ⇒ Otto::Response
Handle a permission request. Only +?domain=+ is consulted — no other query parameter reaches the decision. A non-string +domain+ (e.g. +?domain[]=a+) is treated as missing rather than coerced.
122 123 124 125 126 127 128 129 130 131 132 133 |
# File 'lib/otto/caddy_tls/server.rb', line 122 def self.handle(req, res) raw = req.params['domain'] domain = raw.is_a?(String) ? raw.strip : '' return respond(req, res, 400, 'Bad Request - domain parameter required') if domain.empty? server = respond_to?(:otto) ? otto&.caddy_tls_server : nil allowed = server ? server.permit?(domain) : false Otto.structured_log(:info, '[CaddyTLS] permission decision', domain: domain, allowed: allowed) respond(req, res, allowed ? 200 : 403, allowed ? 'OK' : 'Forbidden') end |
.respond(req, res, status, body) ⇒ Otto::Response
140 141 142 143 144 145 146 |
# File 'lib/otto/caddy_tls/server.rb', line 140 def self.respond(req, res, status, body) res.status = status res['content-type'] = 'text/plain' # HEAD must carry no body (Rack SPEC / Rack::Lint); headers still apply. res.body = req.head? ? [] : [body] res end |