Class: Verikloak::Rails::Configuration

Inherits:

Object

Object
Verikloak::Rails::Configuration

show all

Defined in:: lib/verikloak/rails/configuration.rb

Overview

Configuration for verikloak-rails.

Controls how the Rack middleware is initialized (discovery, audience, issuer, leeway, skip paths) and Rails-specific behavior such as controller inclusion, logging tags, and error rendering.

Instance Attribute Summary collapse

#allow_http ⇒ Object

Returns the value of attribute allow_http.
#audience ⇒ String, ...

Expected audience (‘aud`) claim.
#auto_include_controller ⇒ Boolean

Auto-include the controller concern into ActionController::Base.
#auto_insert_bff_header_guard ⇒ Boolean

Auto-insert ‘Verikloak::Bff::HeaderGuard` when available.
#bff_header_guard_insert_after ⇒ Object, ...

Rack middleware to insert the header guard after.
#bff_header_guard_insert_before ⇒ Object, ...

Rack middleware to insert the header guard before.
#bff_header_guard_options ⇒ Object

Returns the value of attribute bff_header_guard_options.
#decoder_cache_limit ⇒ Object

Returns the value of attribute decoder_cache_limit.
#discovery_url ⇒ String^?

OIDC discovery document URL.
#error_renderer ⇒ Object

Custom error renderer object responding to ‘render(controller, error)`.
#issuer ⇒ String^?

Expected issuer (‘iss`) claim.
#leeway ⇒ Integer

Clock skew allowance in seconds.
#logger_tags ⇒ Array<Symbol>

Log tags to include (supports :request_id, :sub).
#middleware_insert_after ⇒ Object, ...

Rack middleware to insert ‘Verikloak::Middleware` after.
#middleware_insert_before ⇒ Object, ...

Rack middleware to insert ‘Verikloak::Middleware` before.
#render_500_json ⇒ Boolean

Rescue StandardError and render a JSON 500 response.
#rescue_pundit ⇒ Boolean

Rescue ‘Pundit::NotAuthorizedError` and render JSON 403 responses.
#skip_paths ⇒ Array<String>

Paths to skip verification.
#token_env_key ⇒ Object

Returns the value of attribute token_env_key.
#token_verify_options ⇒ Object

Returns the value of attribute token_verify_options.
#user_env_key ⇒ Object

Returns the value of attribute user_env_key.

Instance Method Summary collapse

#initialize ⇒ void constructor

Initialize configuration with sensible defaults for Rails apps.
#middleware_options ⇒ Hash

Options forwarded to the base Verikloak Rack middleware.
#skip_path_matcher ⇒ Verikloak::Rails::SkipPathChecker

Pre-compiled skip-path matcher shared with the controller layer.

Constructor Details

#initialize ⇒ `void`

Initialize configuration with sensible defaults for Rails apps.

# File 'lib/verikloak/rails/configuration.rb', line 73

def initialize
  @discovery_url = nil
  @audience      = 'rails-api'
  @issuer        = nil
  @leeway        = 60
  @skip_paths    = ['/up', '/health', '/rails/health'].freeze
  @logger_tags    = %i[request_id sub]
  @error_renderer = Verikloak::Rails::ErrorRenderer.new
  @auto_include_controller = true
  @render_500_json = false
  @rescue_pundit = true
  @middleware_insert_before = nil
  @middleware_insert_after = nil
  @auto_insert_bff_header_guard = true
  @bff_header_guard_insert_before = nil
  @bff_header_guard_insert_after = nil
  @token_verify_options = {}
  @decoder_cache_limit = nil
  @token_env_key = nil
  @user_env_key = nil
  @bff_header_guard_options = {}
  @allow_http = false
  @skip_path_matcher = nil
end

Instance Attribute Details

#allow_http ⇒ `Object`

Returns the value of attribute allow_http.



59
60
61

# File 'lib/verikloak/rails/configuration.rb', line 59

def allow_http
  @allow_http
end

#audience ⇒ `String`, ...

Expected audience (‘aud`) claim. Accepts String or Array.

Returns:

(String, Array<String>, nil)

# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http
    }.compact
  end
end

#auto_include_controller ⇒ `Boolean`

Auto-include the controller concern into ActionController::Base.

Returns:

(Boolean)

# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http
    }.compact
  end
end

#auto_insert_bff_header_guard ⇒ `Boolean`

Auto-insert ‘Verikloak::Bff::HeaderGuard` when available.

Returns:

(Boolean)

# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http
    }.compact
  end
end

#bff_header_guard_insert_after ⇒ `Object`, ...

Rack middleware to insert the header guard after.

Returns:

(Object, String, Symbol, nil)

# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http
    }.compact
  end
end

#bff_header_guard_insert_before ⇒ `Object`, ...

Rack middleware to insert the header guard before.

Returns:

(Object, String, Symbol, nil)

# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http
    }.compact
  end
end

#bff_header_guard_options ⇒ `Object`

Returns the value of attribute bff_header_guard_options.



59
60
61

# File 'lib/verikloak/rails/configuration.rb', line 59

def bff_header_guard_options
  @bff_header_guard_options
end

#decoder_cache_limit ⇒ `Object`

Returns the value of attribute decoder_cache_limit.



59
60
61

# File 'lib/verikloak/rails/configuration.rb', line 59

def decoder_cache_limit
  @decoder_cache_limit
end

#discovery_url ⇒ `String`^?

OIDC discovery document URL.

Returns:

(String, nil)

# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http
    }.compact
  end
end

#error_renderer ⇒ `Object`

Custom error renderer object responding to ‘render(controller, error)`.

Returns:

(Object)

# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http
    }.compact
  end
end

#issuer ⇒ `String`^?

Expected issuer (‘iss`) claim.

Returns:

(String, nil)

# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http
    }.compact
  end
end

#leeway ⇒ `Integer`

Clock skew allowance in seconds.

Returns:

(Integer)

# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http
    }.compact
  end
end

#logger_tags ⇒ `Array<Symbol>`

Log tags to include (supports :request_id, :sub).

Returns:

(Array<Symbol>)

# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http
    }.compact
  end
end

#middleware_insert_after ⇒ `Object`, ...

Rack middleware to insert ‘Verikloak::Middleware` after.

Returns:

(Object, String, Symbol, nil)

# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http
    }.compact
  end
end

#middleware_insert_before ⇒ `Object`, ...

Rack middleware to insert ‘Verikloak::Middleware` before.

Returns:

(Object, String, Symbol, nil)

# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http
    }.compact
  end
end

#render_500_json ⇒ `Boolean`

Rescue StandardError and render a JSON 500 response.

Returns:

(Boolean)

# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http
    }.compact
  end
end

#rescue_pundit ⇒ `Boolean`

Rescue ‘Pundit::NotAuthorizedError` and render JSON 403 responses.

Returns:

(Boolean)

# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http
    }.compact
  end
end

#skip_paths ⇒ `Array<String>`

Paths to skip verification.

Returns:

(Array<String>)

# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http
    }.compact
  end
end

#token_env_key ⇒ `Object`

Returns the value of attribute token_env_key.



59
60
61

# File 'lib/verikloak/rails/configuration.rb', line 59

def token_env_key
  @token_env_key
end

#token_verify_options ⇒ `Object`

Returns the value of attribute token_verify_options.



59
60
61

# File 'lib/verikloak/rails/configuration.rb', line 59

def token_verify_options
  @token_verify_options
end

#user_env_key ⇒ `Object`

Returns the value of attribute user_env_key.



59
60
61

# File 'lib/verikloak/rails/configuration.rb', line 59

def user_env_key
  @user_env_key
end

Instance Method Details

#middleware_options ⇒ `Hash`

Options forwarded to the base Verikloak Rack middleware.

Examples:

Verikloak::Rails.config.middleware_options
#=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }

Returns:

(Hash)

# File 'lib/verikloak/rails/configuration.rb', line 115

def middleware_options
  {
    discovery_url: discovery_url,
    audience: audience,
    issuer: issuer,
    leeway: leeway,
    skip_paths: skip_paths,
    token_verify_options: token_verify_options,
    decoder_cache_limit: decoder_cache_limit,
    token_env_key: token_env_key,
    user_env_key: user_env_key,
    allow_http: allow_http
  }.compact
end

#skip_path_matcher ⇒ `Verikloak::Rails::SkipPathChecker`

Pre-compiled skip-path matcher shared with the controller layer.

Returns:

(Verikloak::Rails::SkipPathChecker)



106
107
108

# File 'lib/verikloak/rails/configuration.rb', line 106

def skip_path_matcher
  @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
end

Class: Verikloak::Rails::Configuration

Overview

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize ⇒ void

Instance Attribute Details

#allow_http ⇒ Object

#audience ⇒ String, ...

#auto_include_controller ⇒ Boolean

#auto_insert_bff_header_guard ⇒ Boolean

#bff_header_guard_insert_after ⇒ Object, ...

#bff_header_guard_insert_before ⇒ Object, ...

#bff_header_guard_options ⇒ Object

#decoder_cache_limit ⇒ Object

#discovery_url ⇒ String?

#error_renderer ⇒ Object

#issuer ⇒ String?

#leeway ⇒ Integer

#logger_tags ⇒ Array<Symbol>

#middleware_insert_after ⇒ Object, ...

#middleware_insert_before ⇒ Object, ...

#render_500_json ⇒ Boolean

#rescue_pundit ⇒ Boolean

#skip_paths ⇒ Array<String>

#token_env_key ⇒ Object

#token_verify_options ⇒ Object

#user_env_key ⇒ Object

Instance Method Details

#middleware_options ⇒ Hash

Examples:

#skip_path_matcher ⇒ Verikloak::Rails::SkipPathChecker

#initialize ⇒ `void`

#allow_http ⇒ `Object`

#audience ⇒ `String`, ...

#auto_include_controller ⇒ `Boolean`

#auto_insert_bff_header_guard ⇒ `Boolean`

#bff_header_guard_insert_after ⇒ `Object`, ...

#bff_header_guard_insert_before ⇒ `Object`, ...

#bff_header_guard_options ⇒ `Object`

#decoder_cache_limit ⇒ `Object`

#discovery_url ⇒ `String`^?

#error_renderer ⇒ `Object`

#issuer ⇒ `String`^?

#leeway ⇒ `Integer`

#logger_tags ⇒ `Array<Symbol>`

#middleware_insert_after ⇒ `Object`, ...

#middleware_insert_before ⇒ `Object`, ...

#render_500_json ⇒ `Boolean`

#rescue_pundit ⇒ `Boolean`

#skip_paths ⇒ `Array<String>`

#token_env_key ⇒ `Object`

#token_verify_options ⇒ `Object`

#user_env_key ⇒ `Object`

#middleware_options ⇒ `Hash`

#skip_path_matcher ⇒ `Verikloak::Rails::SkipPathChecker`