Class: RackJwtAegis::MultiTenantValidator

Inherits:

Object

• Object
• RackJwtAegis::MultiTenantValidator

Defined in:

lib/rack_jwt_aegis/multi_tenant_validator.rb

Overview

Multi-tenant validation for subdomain and pathname slug access control

Validates that users can only access resources within their permitted tenant boundaries. Supports two levels of tenant validation:

1. Subdomain-based (Level 1) - Company-Group level isolation

2. Pathname slug-based (Level 2) - Company level isolation within groups

Examples:

Usage

config = Configuration.new(
  jwt_secret: 'secret',
  validate_subdomain: true,
  validate_pathname_slug: true
)
validator = MultiTenantValidator.new(config)
validator.validate(request, jwt_payload)

Author:

• Ken Camajalan Demanawa

Since:

• 0.1.0

Instance Method Summary

• #initialize(config) ⇒ MultiTenantValidator constructor

  Initialize the multi-tenant validator.

• #validate(request, payload) ⇒ Object

  Validate multi-tenant access permissions for the request.

Constructor Details

#initialize(config) ⇒ MultiTenantValidator

Initialize the multi-tenant validator

Parameters:

• config (Configuration) —

  the configuration instance

Since:

• 0.1.0

# File 'lib/rack_jwt_aegis/multi_tenant_validator.rb', line 26

def initialize(config)
  @config = config
end

Instance Method Details

#validate(request, payload) ⇒ Object

Validate multi-tenant access permissions for the request

Parameters:

• request (Rack::Request) —

  the incoming request

• payload (Hash) —

  the JWT payload containing tenant information

Raises:

• (AuthorizationError) —

  if tenant validation fails

Since:

• 0.1.0

# File 'lib/rack_jwt_aegis/multi_tenant_validator.rb', line 35

def validate(request, payload)
  validate_authentication_headers(request, payload)
  validate_subdomain(request, payload)
  validate_pathname_slug(request, payload)
  validate_tenant_id_header(request, payload)
end