Class: Supabase::Rails::Web::RequestScopedStorage

Inherits:

Auth::SupportedStorage

• Object
• Auth::SupportedStorage
• Supabase::Rails::Web::RequestScopedStorage

Defined in:

lib/supabase/rails/web/request_scoped_storage.rb

Overview

Per-request Supabase Auth storage.

Implements the ‘Supabase::Auth::SupportedStorage` duck type (`get_item` / `set_item` / `remove_item`). The backing Hash lives in `request.env` and is allocated lazily on first access — concurrent requests in the same worker each get their own slot, so PKCE verifiers and session state never leak across threads or users.

PKCE verifiers must survive the OAuth round-trip (the verifier is written during ‘sign_in_with_oauth` on one request and consumed at `/callback` on another). When `#oauth_state` is set, writes to any key whose name ends with `code-verifier` are mirrored into a signed cookie `sb-oauth-state-<state>` with a 10-minute expiry; reads fall back to that cookie when the per-request hash misses. Keying the cookie by the OAuth `state` param binds the verifier to the specific round-trip and prevents mix-ups across concurrent OAuth attempts.

Constant Summary

ENV_KEY =

"supabase.rails.auth_storage"

COOKIE_NAME_PREFIX =

"sb-oauth-state-"

COOKIE_TTL_SECONDS =

600

PKCE_KEY_SUFFIX =

"code-verifier"

Instance Attribute Summary

• #oauth_state ⇒ Object

  Returns the value of attribute oauth_state.

• #request ⇒ Object readonly

  Returns the value of attribute request.

Instance Method Summary

• #backing_hash ⇒ Object

  The backing per-request hash, lazily allocated in ‘request.env`.

• #get_item(key) ⇒ Object
• #initialize(request, oauth_state: nil) ⇒ RequestScopedStorage constructor

  A new instance of RequestScopedStorage.

• #remove_item(key) ⇒ Object
• #set_item(key, value) ⇒ Object

Constructor Details

#initialize(request, oauth_state: nil) ⇒ RequestScopedStorage

Returns a new instance of RequestScopedStorage.

# File 'lib/supabase/rails/web/request_scoped_storage.rb', line 34

def initialize(request, oauth_state: nil)
  super()
  @request = request
  @oauth_state = oauth_state
end

Instance Attribute Details

#oauth_state ⇒ Object

Returns the value of attribute oauth_state.

# File 'lib/supabase/rails/web/request_scoped_storage.rb', line 31

def oauth_state
  @oauth_state
end

#request ⇒ Object (readonly)

Returns the value of attribute request.

# File 'lib/supabase/rails/web/request_scoped_storage.rb', line 32

def request
  @request
end

Instance Method Details

#backing_hash ⇒ Object

The backing per-request hash, lazily allocated in ‘request.env`. Subsequent `RequestScopedStorage.new(request)` calls for the same request observe the same hash (memoized by env key).

# File 'lib/supabase/rails/web/request_scoped_storage.rb', line 63

def backing_hash
  env[ENV_KEY] ||= {}
end

#get_item(key) ⇒ Object

# File 'lib/supabase/rails/web/request_scoped_storage.rb', line 40

def get_item(key)
  value = backing_hash[key]
  return value unless value.nil?

  read_pkce_cookie(key)
end

#remove_item(key) ⇒ Object

# File 'lib/supabase/rails/web/request_scoped_storage.rb', line 53

def remove_item(key)
  existed = backing_hash.key?(key)
  value = backing_hash.delete(key)
  clear_pkce_cookie if pkce_key?(key) && oauth_state_present?
  existed ? value : nil
end

#set_item(key, value) ⇒ Object

# File 'lib/supabase/rails/web/request_scoped_storage.rb', line 47

def set_item(key, value)
  backing_hash[key] = value
  write_pkce_cookie(value) if pkce_key?(key) && oauth_state_present?
  value
end