Class: Usps::Support::SidekiqAuth

Inherits:

Object

Object
Usps::Support::SidekiqAuth

show all

Defined in:: lib/usps/support/sidekiq_auth.rb

Overview

Rack middleware that gates Sidekiq::Web (or any inner Rack app) behind the same JWT/admin authentication used by the host app’s controllers.

Routes-level constraints can only return true/false, so an expired session at /sidekiq used to silently 404 — the controller refresh flow never ran. Running this as middleware lets us issue a 302 to the login refresh URL the same way ‘Usps::JwtAuth::Concern#redirect_to_login` does.

Usage in an engine route file:

if defined?(::Sidekiq::Web)
  ::Sidekiq::Web.use(Usps::Support::SidekiqAuth)
  mount ::Sidekiq::Web => '/sidekiq'
end

Constant Summary collapse

LOGIN_URL =

'https://www.usps.org/jwt/'

Instance Method Summary collapse

#call(env) ⇒ Object
#initialize(app) ⇒ SidekiqAuth constructor

A new instance of SidekiqAuth.

Constructor Details

#initialize(app) ⇒ `SidekiqAuth`

Returns a new instance of SidekiqAuth.



24
25
26

# File 'lib/usps/support/sidekiq_auth.rb', line 24

def initialize(app)
  @app = app
end

Instance Method Details

#call(env) ⇒ `Object`

# File 'lib/usps/support/sidekiq_auth.rb', line 28

def call(env)
  request = ActionDispatch::Request.new(env)
  member = decode_member(request)
  return forbidden unless member && Usps::JwtAuth.config.is_admin.call(member)

  @app.call(env)
rescue JWT::DecodeError
  clear_jwt(request)
  redirect_to_login(request)
end