Class: Otto::CaddyTLS::PermissionHandler

Inherits:
Object
  • Object
show all
Defined in:
lib/otto/caddy_tls/server.rb

Overview

Class-method route handler for the permission endpoint.

The owning Server is resolved per-request from the Otto instance the dispatcher binds to this class (+Otto::Route::ClassMethods#otto+), NOT a class-level global. That keeps multiple Otto instances in one process isolated: each endpoint consults its own permission block. (This shares the same per-request class-accessor mechanism the rest of Otto uses for class-method handlers.)

Class Method Summary collapse

Class Method Details

.handle(req, res) ⇒ Otto::Response

Handle a permission request. Only +?domain=+ is consulted — no other query parameter reaches the decision. A non-string +domain+ (e.g. +?domain[]=a+) is treated as missing rather than coerced.

Parameters:

Returns:



122
123
124
125
126
127
128
129
130
131
132
133
# File 'lib/otto/caddy_tls/server.rb', line 122

def self.handle(req, res)
  raw    = req.params['domain']
  domain = raw.is_a?(String) ? raw.strip : ''

  return respond(req, res, 400, 'Bad Request - domain parameter required') if domain.empty?

  server  = respond_to?(:otto) ? otto&.caddy_tls_server : nil
  allowed = server ? server.permit?(domain) : false
  Otto.structured_log(:info, '[CaddyTLS] permission decision', domain: domain, allowed: allowed)

  respond(req, res, allowed ? 200 : 403, allowed ? 'OK' : 'Forbidden')
end

.respond(req, res, status, body) ⇒ Otto::Response

Parameters:

Returns:



140
141
142
143
144
145
146
# File 'lib/otto/caddy_tls/server.rb', line 140

def self.respond(req, res, status, body)
  res.status          = status
  res['content-type'] = 'text/plain'
  # HEAD must carry no body (Rack SPEC / Rack::Lint); headers still apply.
  res.body            = req.head? ? [] : [body]
  res
end