Class: SpreeCmCommissioner::Orders::JwtToken::Verify

Inherits:
Object
  • Object
show all
Includes:
Spree::ServiceModule::Base
Defined in:
app/services/spree_cm_commissioner/orders/jwt_token/verify.rb

Instance Method Summary collapse

Instance Method Details

#call(token:) ⇒ Object 



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'app/services/spree_cm_commissioner/orders/jwt_token/verify.rb', line 6

def call(token:)
  # split token into nonce and jwt_token
  nonce, jwt_token = token.split('-', 2)

  # Decode WITHOUT verification
  unverified_payload, = JWT.decode(jwt_token, nil, false)

  # Validate nonce FIRST (no DB hit)
  validate_nonce!(unverified_payload['nonce'], nonce)

  # Find order
  order = Spree::Order.find_by!(number: unverified_payload['order_number'])

  # Verify JWT using per-order secret
  payload, = JWT.decode(
    jwt_token,
    order.token,
    true,
    algorithm: 'HS256'
  )

  success(payload: payload, order: order)
rescue JWT::ExpiredSignature, JWT::DecodeError, JWT::VerificationError, ActiveRecord::RecordNotFound => _e
  failure(error: 'Invalid or expired token', status: :forbidden)
end