Class: Verikloak::BFF::Configuration
- Inherits:
-
Object
- Object
- Verikloak::BFF::Configuration
- Defined in:
- lib/verikloak/bff/configuration.rb
Overview
Configuration for Verikloak::BFF middleware (trusted proxies, header policies, logging, etc.).
Instance Attribute Summary collapse
-
#auth_request_headers ⇒ Object
Returns the value of attribute auth_request_headers.
-
#claims_consistency_mode ⇒ Object
Returns the value of attribute claims_consistency_mode.
-
#clock_skew_leeway ⇒ Object
Returns the value of attribute clock_skew_leeway.
-
#disabled ⇒ Object
Returns the value of attribute disabled.
-
#enforce_claims_consistency ⇒ Object
Returns the value of attribute enforce_claims_consistency.
-
#enforce_header_consistency ⇒ Object
Returns the value of attribute enforce_header_consistency.
-
#forwarded_header_name ⇒ Object
Returns the value of attribute forwarded_header_name.
-
#log_with ⇒ Object
Returns the value of attribute log_with.
-
#logger ⇒ Object
Returns the value of attribute logger.
-
#peer_preference ⇒ Object
Returns the value of attribute peer_preference.
-
#prefer_forwarded ⇒ Object
Returns the value of attribute prefer_forwarded.
-
#require_forwarded_header ⇒ Object
Returns the value of attribute require_forwarded_header.
-
#strip_suspicious_headers ⇒ Object
Returns the value of attribute strip_suspicious_headers.
-
#token_header_priority ⇒ Object
Returns the value of attribute token_header_priority.
-
#trusted_proxies ⇒ Object
Returns the value of attribute trusted_proxies.
-
#xff_strategy ⇒ Object
Returns the value of attribute xff_strategy.
Instance Method Summary collapse
-
#initialize ⇒ void
constructor
enforce_claims_consistency example: { email: :email, user: :sub, groups: :realm_roles }.
Constructor Details
#initialize ⇒ void
enforce_claims_consistency example: { email: :email, user: :sub, groups: :realm_roles }
Initialize configuration with secure defaults for proxy trust, token handling, and logging behavior.
48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
# File 'lib/verikloak/bff/configuration.rb', line 48 def initialize @disabled = false @trusted_proxies = [] @prefer_forwarded = true @require_forwarded_header = false @enforce_header_consistency = true @enforce_claims_consistency = {} @claims_consistency_mode = :enforce @strip_suspicious_headers = true @xff_strategy = :rightmost @peer_preference = :remote_then_xff @clock_skew_leeway = 30 @logger = nil @log_with = nil self.forwarded_header_name = Verikloak::HeaderSources::DEFAULT_FORWARDED_HEADER @auth_request_headers = Constants::DEFAULT_AUTH_REQUEST_HEADERS.dup # When Authorization is empty and no chosen token exists, try these env headers (in order) # to seed Authorization, similar to verikloak-rails behavior. HTTP_AUTHORIZATION is always ignored as a source. self.token_header_priority = Verikloak::HeaderSources.default_priority(forwarded_header: @forwarded_header_name) end |
Instance Attribute Details
#auth_request_headers ⇒ Object
Returns the value of attribute auth_request_headers.
34 35 36 |
# File 'lib/verikloak/bff/configuration.rb', line 34 def auth_request_headers @auth_request_headers end |
#claims_consistency_mode ⇒ Object
Returns the value of attribute claims_consistency_mode.
34 35 36 |
# File 'lib/verikloak/bff/configuration.rb', line 34 def claims_consistency_mode @claims_consistency_mode end |
#clock_skew_leeway ⇒ Object
Returns the value of attribute clock_skew_leeway.
34 35 36 |
# File 'lib/verikloak/bff/configuration.rb', line 34 def clock_skew_leeway @clock_skew_leeway end |
#disabled ⇒ Object
Returns the value of attribute disabled.
34 35 36 |
# File 'lib/verikloak/bff/configuration.rb', line 34 def disabled @disabled end |
#enforce_claims_consistency ⇒ Object
Returns the value of attribute enforce_claims_consistency.
34 35 36 |
# File 'lib/verikloak/bff/configuration.rb', line 34 def enforce_claims_consistency @enforce_claims_consistency end |
#enforce_header_consistency ⇒ Object
Returns the value of attribute enforce_header_consistency.
34 35 36 |
# File 'lib/verikloak/bff/configuration.rb', line 34 def enforce_header_consistency @enforce_header_consistency end |
#forwarded_header_name ⇒ Object
Returns the value of attribute forwarded_header_name.
39 40 41 |
# File 'lib/verikloak/bff/configuration.rb', line 39 def forwarded_header_name @forwarded_header_name end |
#log_with ⇒ Object
Returns the value of attribute log_with.
34 35 36 |
# File 'lib/verikloak/bff/configuration.rb', line 34 def log_with @log_with end |
#logger ⇒ Object
Returns the value of attribute logger.
34 35 36 |
# File 'lib/verikloak/bff/configuration.rb', line 34 def logger @logger end |
#peer_preference ⇒ Object
Returns the value of attribute peer_preference.
34 35 36 |
# File 'lib/verikloak/bff/configuration.rb', line 34 def peer_preference @peer_preference end |
#prefer_forwarded ⇒ Object
Returns the value of attribute prefer_forwarded.
34 35 36 |
# File 'lib/verikloak/bff/configuration.rb', line 34 def prefer_forwarded @prefer_forwarded end |
#require_forwarded_header ⇒ Object
Returns the value of attribute require_forwarded_header.
34 35 36 |
# File 'lib/verikloak/bff/configuration.rb', line 34 def require_forwarded_header @require_forwarded_header end |
#strip_suspicious_headers ⇒ Object
Returns the value of attribute strip_suspicious_headers.
34 35 36 |
# File 'lib/verikloak/bff/configuration.rb', line 34 def strip_suspicious_headers @strip_suspicious_headers end |
#token_header_priority ⇒ Object
Returns the value of attribute token_header_priority.
39 40 41 |
# File 'lib/verikloak/bff/configuration.rb', line 39 def token_header_priority @token_header_priority end |
#trusted_proxies ⇒ Object
Returns the value of attribute trusted_proxies.
34 35 36 |
# File 'lib/verikloak/bff/configuration.rb', line 34 def trusted_proxies @trusted_proxies end |
#xff_strategy ⇒ Object
Returns the value of attribute xff_strategy.
34 35 36 |
# File 'lib/verikloak/bff/configuration.rb', line 34 def xff_strategy @xff_strategy end |