Module: Verikloak::Rails::BffConfigurator

Defined in:

lib/verikloak/rails/bff_configurator.rb

Overview

Handles BFF (Backend-for-Frontend) middleware configuration. Extracted from Railtie to maintain class size limits.

Class Method Summary

• .apply_configuration(target, options) ⇒ void

  Apply configuration options to the verikloak-bff namespace.

• .configuration_valid? ⇒ Boolean

  Check if BFF configuration is valid for middleware insertion.

• .configure_bff_guard(stack) ⇒ void

  Insert the optional HeaderGuard middleware when verikloak-bff is present.

• .configure_library ⇒ void

  Configure the verikloak-bff library when options are supplied.

• .insert_header_guard(stack) ⇒ void

  Insert HeaderGuard middleware into the stack.

Class Method Details

.apply_configuration(target, options) ⇒ void

This method returns an undefined value.

Apply configuration options to the verikloak-bff namespace. Supports hash-like and callable inputs.

Parameters:

• target (Module) —

  Verikloak::BFF namespace

• options (Hash, Proc, #to_h)

# File 'lib/verikloak/rails/bff_configurator.rb', line 91

def apply_configuration(target, options)
  if options.respond_to?(:call)
    target.configure(&options)
    return
  end

  hash = options.respond_to?(:to_h) ? options.to_h : options
  return unless hash.respond_to?(:each)

  entries = hash.transform_keys(&:to_sym)
  return if entries.empty?

  target.configure do |config|
    entries.each do |key, value|
      writer = "#{key}="
      # Guard: only call known attr_accessor writers to prevent
      # accidental invocation of arbitrary public methods.
      next unless config.respond_to?(writer)
      next if key.to_s.start_with?('_') || key.to_s.include?('!')

      config.public_send(writer, value)
    end
  end
end

.configuration_valid? ⇒ Boolean

Check if BFF configuration is valid for middleware insertion. Returns true if:

- disabled: true is set (HeaderGuard will be inserted but internally disabled), OR
- trusted_proxies is configured with at least one entry

Returns:

• (Boolean)

# File 'lib/verikloak/rails/bff_configurator.rb', line 50

def configuration_valid?
  return true unless defined?(::Verikloak::BFF)
  return true unless ::Verikloak::BFF.respond_to?(:config)

  bff_config = ::Verikloak::BFF.config

  # If disabled is explicitly set to true, allow insertion
  # (HeaderGuard will be inserted but internally disabled)
  return true if bff_config.respond_to?(:disabled) && bff_config.disabled

  # For legacy versions without trusted_proxies method, allow insertion
  return true unless bff_config.respond_to?(:trusted_proxies)

  # Require trusted_proxies to be a non-empty Array
  proxies = bff_config.trusted_proxies
  proxies.is_a?(Array) && !proxies.empty?
end

.configure_bff_guard(stack) ⇒ void

This method returns an undefined value.

Insert the optional HeaderGuard middleware when verikloak-bff is present. Skips insertion with a warning if trusted_proxies is not configured and disabled is not explicitly set to true.

Parameters:

• stack (ActionDispatch::MiddlewareStackProxy)

# File 'lib/verikloak/rails/bff_configurator.rb', line 16

def configure_bff_guard(stack)
  return unless Verikloak::Rails.config.auto_insert_bff_header_guard
  return unless defined?(::Verikloak::BFF::HeaderGuard)

  unless configuration_valid?
    RailtieLogger.warn(
      '[verikloak] Skipping BFF::HeaderGuard insertion: trusted_proxies not configured. ' \
      'Set trusted_proxies in bff_header_guard_options to enable header validation.'
    )
    return
  end

  insert_header_guard(stack)
end

.configure_library ⇒ void

This method returns an undefined value.

Configure the verikloak-bff library when options are supplied.

# File 'lib/verikloak/rails/bff_configurator.rb', line 34

def configure_library
  options = Verikloak::Rails.config.bff_header_guard_options
  return if options.nil? || (options.respond_to?(:empty?) && options.empty?)
  return unless defined?(::Verikloak::BFF) && ::Verikloak::BFF.respond_to?(:configure)

  apply_configuration(::Verikloak::BFF, options)
rescue StandardError => e
  RailtieLogger.warn("[verikloak] Failed to apply BFF configuration: #{e.message}")
end

.insert_header_guard(stack) ⇒ void

This method returns an undefined value.

Insert HeaderGuard middleware into the stack.

Parameters:

• stack (ActionDispatch::MiddlewareStackProxy)

# File 'lib/verikloak/rails/bff_configurator.rb', line 72

def insert_header_guard(stack)
  guard_before = Verikloak::Rails.config.bff_header_guard_insert_before
  guard_after = Verikloak::Rails.config.bff_header_guard_insert_after

  if guard_before
    stack.insert_before guard_before, ::Verikloak::BFF::HeaderGuard
  elsif guard_after
    stack.insert_after guard_after, ::Verikloak::BFF::HeaderGuard
  else
    stack.insert_before ::Verikloak::Middleware, ::Verikloak::BFF::HeaderGuard
  end
end