Class: Verikloak::Rails::Configuration
- Inherits:
-
Object
- Object
- Verikloak::Rails::Configuration
- Defined in:
- lib/verikloak/rails/configuration.rb
Overview
Configuration for verikloak-rails.
Controls how the Rack middleware is initialized (discovery, audience, issuer, leeway, skip paths) and Rails-specific behavior such as controller inclusion, logging tags, and error rendering.
Constant Summary collapse
- DEFAULT_TOKEN_ENV_KEY =
Default Rack env keys. These mirror the defaults used by the core
Verikloak::Middlewareand are the fallback whentoken_env_key/user_env_keyare left unset. 'verikloak.token'- DEFAULT_USER_ENV_KEY =
'verikloak.user'
Instance Attribute Summary collapse
-
#allow_http ⇒ Object
Returns the value of attribute allow_http.
-
#audience ⇒ String, ...
Expected audience (
aud) claim. -
#auto_include_controller ⇒ Boolean
Auto-include the controller concern into ActionController::Base.
-
#auto_insert_bff_header_guard ⇒ Boolean
Auto-insert
Verikloak::Bff::HeaderGuardwhen available. -
#bff_header_guard_insert_after ⇒ Object, ...
Rack middleware to insert the header guard after.
-
#bff_header_guard_insert_before ⇒ Object, ...
Rack middleware to insert the header guard before.
-
#bff_header_guard_options ⇒ Object
Returns the value of attribute bff_header_guard_options.
-
#decoder_cache_limit ⇒ Object
Returns the value of attribute decoder_cache_limit.
-
#discovery_url ⇒ String?
OIDC discovery document URL.
-
#error_renderer ⇒ Object
Custom error renderer object responding to
render(controller, error). -
#issuer ⇒ String?
Expected issuer (
iss) claim. -
#jwks_refresh_interval ⇒ Object
Returns the value of attribute jwks_refresh_interval.
-
#leeway ⇒ Integer
Clock skew allowance in seconds.
-
#logger_tags ⇒ Array<Symbol>
Log tags to include (supports :request_id, :sub).
-
#middleware_insert_after ⇒ Object, ...
Rack middleware to insert
Verikloak::Middlewareafter. -
#middleware_insert_before ⇒ Object, ...
Rack middleware to insert
Verikloak::Middlewarebefore. -
#render_500_json ⇒ Boolean
Rescue StandardError and render a JSON 500 response.
-
#rescue_pundit ⇒ Boolean
Rescue
Pundit::NotAuthorizedErrorand render JSON 403 responses. -
#skip_paths ⇒ Array<String>
Paths to skip verification.
-
#token_env_key ⇒ Object
Returns the value of attribute token_env_key.
-
#token_verify_options ⇒ Object
Returns the value of attribute token_verify_options.
-
#user_env_key ⇒ Object
Returns the value of attribute user_env_key.
Instance Method Summary collapse
-
#effective_token_env_key ⇒ String
Rack env key actually used for the bearer token: the configured
token_env_key, or the core middleware default when unset/blank. -
#effective_user_env_key ⇒ String
Rack env key actually used for decoded claims: the configured
user_env_key, or the core middleware default when unset/blank. -
#initialize ⇒ void
constructor
Initialize configuration with sensible defaults for Rails apps.
-
#middleware_options ⇒ Hash
Options forwarded to the base Verikloak Rack middleware.
-
#skip_path_matcher ⇒ Verikloak::Rails::SkipPathChecker
Pre-compiled skip-path matcher shared with the controller layer.
Constructor Details
#initialize ⇒ void
Initialize configuration with sensible defaults for Rails apps.
79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
# File 'lib/verikloak/rails/configuration.rb', line 79 def initialize @discovery_url = nil @audience = 'rails-api' @issuer = nil @leeway = 60 @skip_paths = ['/up', '/health', '/rails/health'].freeze @logger_tags = %i[request_id sub] @error_renderer = Verikloak::Rails::ErrorRenderer.new @auto_include_controller = true @render_500_json = false @rescue_pundit = true @middleware_insert_before = nil @middleware_insert_after = nil @auto_insert_bff_header_guard = true @bff_header_guard_insert_before = nil @bff_header_guard_insert_after = nil @token_verify_options = {} @decoder_cache_limit = nil @token_env_key = nil @user_env_key = nil @bff_header_guard_options = {} @allow_http = false @jwks_refresh_interval = nil @skip_path_matcher = nil end |
Instance Attribute Details
#allow_http ⇒ Object
Returns the value of attribute allow_http.
65 66 67 |
# File 'lib/verikloak/rails/configuration.rb', line 65 def allow_http @allow_http end |
#audience ⇒ String, ...
Expected audience (aud) claim. Accepts String or Array.
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/verikloak/rails/configuration.rb', line 58 class Configuration # Default Rack env keys. These mirror the defaults used by the core # `Verikloak::Middleware` and are the fallback when `token_env_key` / # `user_env_key` are left unset. DEFAULT_TOKEN_ENV_KEY = 'verikloak.token' DEFAULT_USER_ENV_KEY = 'verikloak.user' attr_accessor :discovery_url, :audience, :issuer, :leeway, :logger_tags, :error_renderer, :auto_include_controller, :render_500_json, :rescue_pundit, :middleware_insert_before, :middleware_insert_after, :auto_insert_bff_header_guard, :bff_header_guard_insert_before, :bff_header_guard_insert_after, :token_verify_options, :decoder_cache_limit, :token_env_key, :user_env_key, :bff_header_guard_options, :allow_http, :jwks_refresh_interval attr_reader :skip_paths # Initialize configuration with sensible defaults for Rails apps. # @return [void] def initialize @discovery_url = nil @audience = 'rails-api' @issuer = nil @leeway = 60 @skip_paths = ['/up', '/health', '/rails/health'].freeze @logger_tags = %i[request_id sub] @error_renderer = Verikloak::Rails::ErrorRenderer.new @auto_include_controller = true @render_500_json = false @rescue_pundit = true @middleware_insert_before = nil @middleware_insert_after = nil @auto_insert_bff_header_guard = true @bff_header_guard_insert_before = nil @bff_header_guard_insert_after = nil @token_verify_options = {} @decoder_cache_limit = nil @token_env_key = nil @user_env_key = nil @bff_header_guard_options = {} @allow_http = false @jwks_refresh_interval = nil @skip_path_matcher = nil end # @param value [Array<String, Regexp>] def skip_paths=(value) @skip_paths = Array(value).freeze @skip_path_matcher = nil end # Pre-compiled skip-path matcher shared with the controller layer. # @return [Verikloak::Rails::SkipPathChecker] def skip_path_matcher @skip_path_matcher ||= SkipPathChecker.new(skip_paths) end # Rack env key actually used for the bearer token: the configured # `token_env_key`, or the core middleware default when unset/blank. # The value is whitespace-stripped to match the normalization the core # middleware applies before writing to the env, so readers and writer # always agree on the key. Shared by the controller helpers, # RequestStore mirroring, and the testing middleware stub so all # layers stay in sync. # @return [String] def effective_token_env_key presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY) end # Rack env key actually used for decoded claims: the configured # `user_env_key`, or the core middleware default when unset/blank. # Whitespace-stripped like {#effective_token_env_key}. # @return [String] def effective_user_env_key presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY) end # Options forwarded to the base Verikloak Rack middleware. # @return [Hash] # @example # Verikloak::Rails.config.middleware_options # #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... } def { discovery_url: discovery_url, audience: audience, issuer: issuer, leeway: leeway, skip_paths: skip_paths, token_verify_options: , decoder_cache_limit: decoder_cache_limit, token_env_key: token_env_key, user_env_key: user_env_key, allow_http: allow_http, jwks_refresh_interval: jwks_refresh_interval }.compact end private # @param value [String, nil] # @param default [String] # @return [String] the stripped value, or the default when blank. # Stripping mirrors the core middleware's env-key normalization # (`value.to_s.strip`); without it a padded key would make the # middleware write one env key while the helpers read another. def presence_or_default(value, default) str = value.to_s.strip str.empty? ? default : str end end |
#auto_include_controller ⇒ Boolean
Auto-include the controller concern into ActionController::Base.
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/verikloak/rails/configuration.rb', line 58 class Configuration # Default Rack env keys. These mirror the defaults used by the core # `Verikloak::Middleware` and are the fallback when `token_env_key` / # `user_env_key` are left unset. DEFAULT_TOKEN_ENV_KEY = 'verikloak.token' DEFAULT_USER_ENV_KEY = 'verikloak.user' attr_accessor :discovery_url, :audience, :issuer, :leeway, :logger_tags, :error_renderer, :auto_include_controller, :render_500_json, :rescue_pundit, :middleware_insert_before, :middleware_insert_after, :auto_insert_bff_header_guard, :bff_header_guard_insert_before, :bff_header_guard_insert_after, :token_verify_options, :decoder_cache_limit, :token_env_key, :user_env_key, :bff_header_guard_options, :allow_http, :jwks_refresh_interval attr_reader :skip_paths # Initialize configuration with sensible defaults for Rails apps. # @return [void] def initialize @discovery_url = nil @audience = 'rails-api' @issuer = nil @leeway = 60 @skip_paths = ['/up', '/health', '/rails/health'].freeze @logger_tags = %i[request_id sub] @error_renderer = Verikloak::Rails::ErrorRenderer.new @auto_include_controller = true @render_500_json = false @rescue_pundit = true @middleware_insert_before = nil @middleware_insert_after = nil @auto_insert_bff_header_guard = true @bff_header_guard_insert_before = nil @bff_header_guard_insert_after = nil @token_verify_options = {} @decoder_cache_limit = nil @token_env_key = nil @user_env_key = nil @bff_header_guard_options = {} @allow_http = false @jwks_refresh_interval = nil @skip_path_matcher = nil end # @param value [Array<String, Regexp>] def skip_paths=(value) @skip_paths = Array(value).freeze @skip_path_matcher = nil end # Pre-compiled skip-path matcher shared with the controller layer. # @return [Verikloak::Rails::SkipPathChecker] def skip_path_matcher @skip_path_matcher ||= SkipPathChecker.new(skip_paths) end # Rack env key actually used for the bearer token: the configured # `token_env_key`, or the core middleware default when unset/blank. # The value is whitespace-stripped to match the normalization the core # middleware applies before writing to the env, so readers and writer # always agree on the key. Shared by the controller helpers, # RequestStore mirroring, and the testing middleware stub so all # layers stay in sync. # @return [String] def effective_token_env_key presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY) end # Rack env key actually used for decoded claims: the configured # `user_env_key`, or the core middleware default when unset/blank. # Whitespace-stripped like {#effective_token_env_key}. # @return [String] def effective_user_env_key presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY) end # Options forwarded to the base Verikloak Rack middleware. # @return [Hash] # @example # Verikloak::Rails.config.middleware_options # #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... } def { discovery_url: discovery_url, audience: audience, issuer: issuer, leeway: leeway, skip_paths: skip_paths, token_verify_options: , decoder_cache_limit: decoder_cache_limit, token_env_key: token_env_key, user_env_key: user_env_key, allow_http: allow_http, jwks_refresh_interval: jwks_refresh_interval }.compact end private # @param value [String, nil] # @param default [String] # @return [String] the stripped value, or the default when blank. # Stripping mirrors the core middleware's env-key normalization # (`value.to_s.strip`); without it a padded key would make the # middleware write one env key while the helpers read another. def presence_or_default(value, default) str = value.to_s.strip str.empty? ? default : str end end |
#auto_insert_bff_header_guard ⇒ Boolean
Auto-insert Verikloak::Bff::HeaderGuard when available.
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/verikloak/rails/configuration.rb', line 58 class Configuration # Default Rack env keys. These mirror the defaults used by the core # `Verikloak::Middleware` and are the fallback when `token_env_key` / # `user_env_key` are left unset. DEFAULT_TOKEN_ENV_KEY = 'verikloak.token' DEFAULT_USER_ENV_KEY = 'verikloak.user' attr_accessor :discovery_url, :audience, :issuer, :leeway, :logger_tags, :error_renderer, :auto_include_controller, :render_500_json, :rescue_pundit, :middleware_insert_before, :middleware_insert_after, :auto_insert_bff_header_guard, :bff_header_guard_insert_before, :bff_header_guard_insert_after, :token_verify_options, :decoder_cache_limit, :token_env_key, :user_env_key, :bff_header_guard_options, :allow_http, :jwks_refresh_interval attr_reader :skip_paths # Initialize configuration with sensible defaults for Rails apps. # @return [void] def initialize @discovery_url = nil @audience = 'rails-api' @issuer = nil @leeway = 60 @skip_paths = ['/up', '/health', '/rails/health'].freeze @logger_tags = %i[request_id sub] @error_renderer = Verikloak::Rails::ErrorRenderer.new @auto_include_controller = true @render_500_json = false @rescue_pundit = true @middleware_insert_before = nil @middleware_insert_after = nil @auto_insert_bff_header_guard = true @bff_header_guard_insert_before = nil @bff_header_guard_insert_after = nil @token_verify_options = {} @decoder_cache_limit = nil @token_env_key = nil @user_env_key = nil @bff_header_guard_options = {} @allow_http = false @jwks_refresh_interval = nil @skip_path_matcher = nil end # @param value [Array<String, Regexp>] def skip_paths=(value) @skip_paths = Array(value).freeze @skip_path_matcher = nil end # Pre-compiled skip-path matcher shared with the controller layer. # @return [Verikloak::Rails::SkipPathChecker] def skip_path_matcher @skip_path_matcher ||= SkipPathChecker.new(skip_paths) end # Rack env key actually used for the bearer token: the configured # `token_env_key`, or the core middleware default when unset/blank. # The value is whitespace-stripped to match the normalization the core # middleware applies before writing to the env, so readers and writer # always agree on the key. Shared by the controller helpers, # RequestStore mirroring, and the testing middleware stub so all # layers stay in sync. # @return [String] def effective_token_env_key presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY) end # Rack env key actually used for decoded claims: the configured # `user_env_key`, or the core middleware default when unset/blank. # Whitespace-stripped like {#effective_token_env_key}. # @return [String] def effective_user_env_key presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY) end # Options forwarded to the base Verikloak Rack middleware. # @return [Hash] # @example # Verikloak::Rails.config.middleware_options # #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... } def { discovery_url: discovery_url, audience: audience, issuer: issuer, leeway: leeway, skip_paths: skip_paths, token_verify_options: , decoder_cache_limit: decoder_cache_limit, token_env_key: token_env_key, user_env_key: user_env_key, allow_http: allow_http, jwks_refresh_interval: jwks_refresh_interval }.compact end private # @param value [String, nil] # @param default [String] # @return [String] the stripped value, or the default when blank. # Stripping mirrors the core middleware's env-key normalization # (`value.to_s.strip`); without it a padded key would make the # middleware write one env key while the helpers read another. def presence_or_default(value, default) str = value.to_s.strip str.empty? ? default : str end end |
#bff_header_guard_insert_after ⇒ Object, ...
Rack middleware to insert the header guard after.
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/verikloak/rails/configuration.rb', line 58 class Configuration # Default Rack env keys. These mirror the defaults used by the core # `Verikloak::Middleware` and are the fallback when `token_env_key` / # `user_env_key` are left unset. DEFAULT_TOKEN_ENV_KEY = 'verikloak.token' DEFAULT_USER_ENV_KEY = 'verikloak.user' attr_accessor :discovery_url, :audience, :issuer, :leeway, :logger_tags, :error_renderer, :auto_include_controller, :render_500_json, :rescue_pundit, :middleware_insert_before, :middleware_insert_after, :auto_insert_bff_header_guard, :bff_header_guard_insert_before, :bff_header_guard_insert_after, :token_verify_options, :decoder_cache_limit, :token_env_key, :user_env_key, :bff_header_guard_options, :allow_http, :jwks_refresh_interval attr_reader :skip_paths # Initialize configuration with sensible defaults for Rails apps. # @return [void] def initialize @discovery_url = nil @audience = 'rails-api' @issuer = nil @leeway = 60 @skip_paths = ['/up', '/health', '/rails/health'].freeze @logger_tags = %i[request_id sub] @error_renderer = Verikloak::Rails::ErrorRenderer.new @auto_include_controller = true @render_500_json = false @rescue_pundit = true @middleware_insert_before = nil @middleware_insert_after = nil @auto_insert_bff_header_guard = true @bff_header_guard_insert_before = nil @bff_header_guard_insert_after = nil @token_verify_options = {} @decoder_cache_limit = nil @token_env_key = nil @user_env_key = nil @bff_header_guard_options = {} @allow_http = false @jwks_refresh_interval = nil @skip_path_matcher = nil end # @param value [Array<String, Regexp>] def skip_paths=(value) @skip_paths = Array(value).freeze @skip_path_matcher = nil end # Pre-compiled skip-path matcher shared with the controller layer. # @return [Verikloak::Rails::SkipPathChecker] def skip_path_matcher @skip_path_matcher ||= SkipPathChecker.new(skip_paths) end # Rack env key actually used for the bearer token: the configured # `token_env_key`, or the core middleware default when unset/blank. # The value is whitespace-stripped to match the normalization the core # middleware applies before writing to the env, so readers and writer # always agree on the key. Shared by the controller helpers, # RequestStore mirroring, and the testing middleware stub so all # layers stay in sync. # @return [String] def effective_token_env_key presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY) end # Rack env key actually used for decoded claims: the configured # `user_env_key`, or the core middleware default when unset/blank. # Whitespace-stripped like {#effective_token_env_key}. # @return [String] def effective_user_env_key presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY) end # Options forwarded to the base Verikloak Rack middleware. # @return [Hash] # @example # Verikloak::Rails.config.middleware_options # #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... } def { discovery_url: discovery_url, audience: audience, issuer: issuer, leeway: leeway, skip_paths: skip_paths, token_verify_options: , decoder_cache_limit: decoder_cache_limit, token_env_key: token_env_key, user_env_key: user_env_key, allow_http: allow_http, jwks_refresh_interval: jwks_refresh_interval }.compact end private # @param value [String, nil] # @param default [String] # @return [String] the stripped value, or the default when blank. # Stripping mirrors the core middleware's env-key normalization # (`value.to_s.strip`); without it a padded key would make the # middleware write one env key while the helpers read another. def presence_or_default(value, default) str = value.to_s.strip str.empty? ? default : str end end |
#bff_header_guard_insert_before ⇒ Object, ...
Rack middleware to insert the header guard before.
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/verikloak/rails/configuration.rb', line 58 class Configuration # Default Rack env keys. These mirror the defaults used by the core # `Verikloak::Middleware` and are the fallback when `token_env_key` / # `user_env_key` are left unset. DEFAULT_TOKEN_ENV_KEY = 'verikloak.token' DEFAULT_USER_ENV_KEY = 'verikloak.user' attr_accessor :discovery_url, :audience, :issuer, :leeway, :logger_tags, :error_renderer, :auto_include_controller, :render_500_json, :rescue_pundit, :middleware_insert_before, :middleware_insert_after, :auto_insert_bff_header_guard, :bff_header_guard_insert_before, :bff_header_guard_insert_after, :token_verify_options, :decoder_cache_limit, :token_env_key, :user_env_key, :bff_header_guard_options, :allow_http, :jwks_refresh_interval attr_reader :skip_paths # Initialize configuration with sensible defaults for Rails apps. # @return [void] def initialize @discovery_url = nil @audience = 'rails-api' @issuer = nil @leeway = 60 @skip_paths = ['/up', '/health', '/rails/health'].freeze @logger_tags = %i[request_id sub] @error_renderer = Verikloak::Rails::ErrorRenderer.new @auto_include_controller = true @render_500_json = false @rescue_pundit = true @middleware_insert_before = nil @middleware_insert_after = nil @auto_insert_bff_header_guard = true @bff_header_guard_insert_before = nil @bff_header_guard_insert_after = nil @token_verify_options = {} @decoder_cache_limit = nil @token_env_key = nil @user_env_key = nil @bff_header_guard_options = {} @allow_http = false @jwks_refresh_interval = nil @skip_path_matcher = nil end # @param value [Array<String, Regexp>] def skip_paths=(value) @skip_paths = Array(value).freeze @skip_path_matcher = nil end # Pre-compiled skip-path matcher shared with the controller layer. # @return [Verikloak::Rails::SkipPathChecker] def skip_path_matcher @skip_path_matcher ||= SkipPathChecker.new(skip_paths) end # Rack env key actually used for the bearer token: the configured # `token_env_key`, or the core middleware default when unset/blank. # The value is whitespace-stripped to match the normalization the core # middleware applies before writing to the env, so readers and writer # always agree on the key. Shared by the controller helpers, # RequestStore mirroring, and the testing middleware stub so all # layers stay in sync. # @return [String] def effective_token_env_key presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY) end # Rack env key actually used for decoded claims: the configured # `user_env_key`, or the core middleware default when unset/blank. # Whitespace-stripped like {#effective_token_env_key}. # @return [String] def effective_user_env_key presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY) end # Options forwarded to the base Verikloak Rack middleware. # @return [Hash] # @example # Verikloak::Rails.config.middleware_options # #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... } def { discovery_url: discovery_url, audience: audience, issuer: issuer, leeway: leeway, skip_paths: skip_paths, token_verify_options: , decoder_cache_limit: decoder_cache_limit, token_env_key: token_env_key, user_env_key: user_env_key, allow_http: allow_http, jwks_refresh_interval: jwks_refresh_interval }.compact end private # @param value [String, nil] # @param default [String] # @return [String] the stripped value, or the default when blank. # Stripping mirrors the core middleware's env-key normalization # (`value.to_s.strip`); without it a padded key would make the # middleware write one env key while the helpers read another. def presence_or_default(value, default) str = value.to_s.strip str.empty? ? default : str end end |
#bff_header_guard_options ⇒ Object
Returns the value of attribute bff_header_guard_options.
65 66 67 |
# File 'lib/verikloak/rails/configuration.rb', line 65 def @bff_header_guard_options end |
#decoder_cache_limit ⇒ Object
Returns the value of attribute decoder_cache_limit.
65 66 67 |
# File 'lib/verikloak/rails/configuration.rb', line 65 def decoder_cache_limit @decoder_cache_limit end |
#discovery_url ⇒ String?
OIDC discovery document URL.
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/verikloak/rails/configuration.rb', line 58 class Configuration # Default Rack env keys. These mirror the defaults used by the core # `Verikloak::Middleware` and are the fallback when `token_env_key` / # `user_env_key` are left unset. DEFAULT_TOKEN_ENV_KEY = 'verikloak.token' DEFAULT_USER_ENV_KEY = 'verikloak.user' attr_accessor :discovery_url, :audience, :issuer, :leeway, :logger_tags, :error_renderer, :auto_include_controller, :render_500_json, :rescue_pundit, :middleware_insert_before, :middleware_insert_after, :auto_insert_bff_header_guard, :bff_header_guard_insert_before, :bff_header_guard_insert_after, :token_verify_options, :decoder_cache_limit, :token_env_key, :user_env_key, :bff_header_guard_options, :allow_http, :jwks_refresh_interval attr_reader :skip_paths # Initialize configuration with sensible defaults for Rails apps. # @return [void] def initialize @discovery_url = nil @audience = 'rails-api' @issuer = nil @leeway = 60 @skip_paths = ['/up', '/health', '/rails/health'].freeze @logger_tags = %i[request_id sub] @error_renderer = Verikloak::Rails::ErrorRenderer.new @auto_include_controller = true @render_500_json = false @rescue_pundit = true @middleware_insert_before = nil @middleware_insert_after = nil @auto_insert_bff_header_guard = true @bff_header_guard_insert_before = nil @bff_header_guard_insert_after = nil @token_verify_options = {} @decoder_cache_limit = nil @token_env_key = nil @user_env_key = nil @bff_header_guard_options = {} @allow_http = false @jwks_refresh_interval = nil @skip_path_matcher = nil end # @param value [Array<String, Regexp>] def skip_paths=(value) @skip_paths = Array(value).freeze @skip_path_matcher = nil end # Pre-compiled skip-path matcher shared with the controller layer. # @return [Verikloak::Rails::SkipPathChecker] def skip_path_matcher @skip_path_matcher ||= SkipPathChecker.new(skip_paths) end # Rack env key actually used for the bearer token: the configured # `token_env_key`, or the core middleware default when unset/blank. # The value is whitespace-stripped to match the normalization the core # middleware applies before writing to the env, so readers and writer # always agree on the key. Shared by the controller helpers, # RequestStore mirroring, and the testing middleware stub so all # layers stay in sync. # @return [String] def effective_token_env_key presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY) end # Rack env key actually used for decoded claims: the configured # `user_env_key`, or the core middleware default when unset/blank. # Whitespace-stripped like {#effective_token_env_key}. # @return [String] def effective_user_env_key presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY) end # Options forwarded to the base Verikloak Rack middleware. # @return [Hash] # @example # Verikloak::Rails.config.middleware_options # #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... } def { discovery_url: discovery_url, audience: audience, issuer: issuer, leeway: leeway, skip_paths: skip_paths, token_verify_options: , decoder_cache_limit: decoder_cache_limit, token_env_key: token_env_key, user_env_key: user_env_key, allow_http: allow_http, jwks_refresh_interval: jwks_refresh_interval }.compact end private # @param value [String, nil] # @param default [String] # @return [String] the stripped value, or the default when blank. # Stripping mirrors the core middleware's env-key normalization # (`value.to_s.strip`); without it a padded key would make the # middleware write one env key while the helpers read another. def presence_or_default(value, default) str = value.to_s.strip str.empty? ? default : str end end |
#error_renderer ⇒ Object
Custom error renderer object responding to render(controller, error).
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/verikloak/rails/configuration.rb', line 58 class Configuration # Default Rack env keys. These mirror the defaults used by the core # `Verikloak::Middleware` and are the fallback when `token_env_key` / # `user_env_key` are left unset. DEFAULT_TOKEN_ENV_KEY = 'verikloak.token' DEFAULT_USER_ENV_KEY = 'verikloak.user' attr_accessor :discovery_url, :audience, :issuer, :leeway, :logger_tags, :error_renderer, :auto_include_controller, :render_500_json, :rescue_pundit, :middleware_insert_before, :middleware_insert_after, :auto_insert_bff_header_guard, :bff_header_guard_insert_before, :bff_header_guard_insert_after, :token_verify_options, :decoder_cache_limit, :token_env_key, :user_env_key, :bff_header_guard_options, :allow_http, :jwks_refresh_interval attr_reader :skip_paths # Initialize configuration with sensible defaults for Rails apps. # @return [void] def initialize @discovery_url = nil @audience = 'rails-api' @issuer = nil @leeway = 60 @skip_paths = ['/up', '/health', '/rails/health'].freeze @logger_tags = %i[request_id sub] @error_renderer = Verikloak::Rails::ErrorRenderer.new @auto_include_controller = true @render_500_json = false @rescue_pundit = true @middleware_insert_before = nil @middleware_insert_after = nil @auto_insert_bff_header_guard = true @bff_header_guard_insert_before = nil @bff_header_guard_insert_after = nil @token_verify_options = {} @decoder_cache_limit = nil @token_env_key = nil @user_env_key = nil @bff_header_guard_options = {} @allow_http = false @jwks_refresh_interval = nil @skip_path_matcher = nil end # @param value [Array<String, Regexp>] def skip_paths=(value) @skip_paths = Array(value).freeze @skip_path_matcher = nil end # Pre-compiled skip-path matcher shared with the controller layer. # @return [Verikloak::Rails::SkipPathChecker] def skip_path_matcher @skip_path_matcher ||= SkipPathChecker.new(skip_paths) end # Rack env key actually used for the bearer token: the configured # `token_env_key`, or the core middleware default when unset/blank. # The value is whitespace-stripped to match the normalization the core # middleware applies before writing to the env, so readers and writer # always agree on the key. Shared by the controller helpers, # RequestStore mirroring, and the testing middleware stub so all # layers stay in sync. # @return [String] def effective_token_env_key presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY) end # Rack env key actually used for decoded claims: the configured # `user_env_key`, or the core middleware default when unset/blank. # Whitespace-stripped like {#effective_token_env_key}. # @return [String] def effective_user_env_key presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY) end # Options forwarded to the base Verikloak Rack middleware. # @return [Hash] # @example # Verikloak::Rails.config.middleware_options # #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... } def { discovery_url: discovery_url, audience: audience, issuer: issuer, leeway: leeway, skip_paths: skip_paths, token_verify_options: , decoder_cache_limit: decoder_cache_limit, token_env_key: token_env_key, user_env_key: user_env_key, allow_http: allow_http, jwks_refresh_interval: jwks_refresh_interval }.compact end private # @param value [String, nil] # @param default [String] # @return [String] the stripped value, or the default when blank. # Stripping mirrors the core middleware's env-key normalization # (`value.to_s.strip`); without it a padded key would make the # middleware write one env key while the helpers read another. def presence_or_default(value, default) str = value.to_s.strip str.empty? ? default : str end end |
#issuer ⇒ String?
Expected issuer (iss) claim.
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/verikloak/rails/configuration.rb', line 58 class Configuration # Default Rack env keys. These mirror the defaults used by the core # `Verikloak::Middleware` and are the fallback when `token_env_key` / # `user_env_key` are left unset. DEFAULT_TOKEN_ENV_KEY = 'verikloak.token' DEFAULT_USER_ENV_KEY = 'verikloak.user' attr_accessor :discovery_url, :audience, :issuer, :leeway, :logger_tags, :error_renderer, :auto_include_controller, :render_500_json, :rescue_pundit, :middleware_insert_before, :middleware_insert_after, :auto_insert_bff_header_guard, :bff_header_guard_insert_before, :bff_header_guard_insert_after, :token_verify_options, :decoder_cache_limit, :token_env_key, :user_env_key, :bff_header_guard_options, :allow_http, :jwks_refresh_interval attr_reader :skip_paths # Initialize configuration with sensible defaults for Rails apps. # @return [void] def initialize @discovery_url = nil @audience = 'rails-api' @issuer = nil @leeway = 60 @skip_paths = ['/up', '/health', '/rails/health'].freeze @logger_tags = %i[request_id sub] @error_renderer = Verikloak::Rails::ErrorRenderer.new @auto_include_controller = true @render_500_json = false @rescue_pundit = true @middleware_insert_before = nil @middleware_insert_after = nil @auto_insert_bff_header_guard = true @bff_header_guard_insert_before = nil @bff_header_guard_insert_after = nil @token_verify_options = {} @decoder_cache_limit = nil @token_env_key = nil @user_env_key = nil @bff_header_guard_options = {} @allow_http = false @jwks_refresh_interval = nil @skip_path_matcher = nil end # @param value [Array<String, Regexp>] def skip_paths=(value) @skip_paths = Array(value).freeze @skip_path_matcher = nil end # Pre-compiled skip-path matcher shared with the controller layer. # @return [Verikloak::Rails::SkipPathChecker] def skip_path_matcher @skip_path_matcher ||= SkipPathChecker.new(skip_paths) end # Rack env key actually used for the bearer token: the configured # `token_env_key`, or the core middleware default when unset/blank. # The value is whitespace-stripped to match the normalization the core # middleware applies before writing to the env, so readers and writer # always agree on the key. Shared by the controller helpers, # RequestStore mirroring, and the testing middleware stub so all # layers stay in sync. # @return [String] def effective_token_env_key presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY) end # Rack env key actually used for decoded claims: the configured # `user_env_key`, or the core middleware default when unset/blank. # Whitespace-stripped like {#effective_token_env_key}. # @return [String] def effective_user_env_key presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY) end # Options forwarded to the base Verikloak Rack middleware. # @return [Hash] # @example # Verikloak::Rails.config.middleware_options # #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... } def { discovery_url: discovery_url, audience: audience, issuer: issuer, leeway: leeway, skip_paths: skip_paths, token_verify_options: , decoder_cache_limit: decoder_cache_limit, token_env_key: token_env_key, user_env_key: user_env_key, allow_http: allow_http, jwks_refresh_interval: jwks_refresh_interval }.compact end private # @param value [String, nil] # @param default [String] # @return [String] the stripped value, or the default when blank. # Stripping mirrors the core middleware's env-key normalization # (`value.to_s.strip`); without it a padded key would make the # middleware write one env key while the helpers read another. def presence_or_default(value, default) str = value.to_s.strip str.empty? ? default : str end end |
#jwks_refresh_interval ⇒ Object
Returns the value of attribute jwks_refresh_interval.
65 66 67 |
# File 'lib/verikloak/rails/configuration.rb', line 65 def jwks_refresh_interval @jwks_refresh_interval end |
#leeway ⇒ Integer
Clock skew allowance in seconds.
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/verikloak/rails/configuration.rb', line 58 class Configuration # Default Rack env keys. These mirror the defaults used by the core # `Verikloak::Middleware` and are the fallback when `token_env_key` / # `user_env_key` are left unset. DEFAULT_TOKEN_ENV_KEY = 'verikloak.token' DEFAULT_USER_ENV_KEY = 'verikloak.user' attr_accessor :discovery_url, :audience, :issuer, :leeway, :logger_tags, :error_renderer, :auto_include_controller, :render_500_json, :rescue_pundit, :middleware_insert_before, :middleware_insert_after, :auto_insert_bff_header_guard, :bff_header_guard_insert_before, :bff_header_guard_insert_after, :token_verify_options, :decoder_cache_limit, :token_env_key, :user_env_key, :bff_header_guard_options, :allow_http, :jwks_refresh_interval attr_reader :skip_paths # Initialize configuration with sensible defaults for Rails apps. # @return [void] def initialize @discovery_url = nil @audience = 'rails-api' @issuer = nil @leeway = 60 @skip_paths = ['/up', '/health', '/rails/health'].freeze @logger_tags = %i[request_id sub] @error_renderer = Verikloak::Rails::ErrorRenderer.new @auto_include_controller = true @render_500_json = false @rescue_pundit = true @middleware_insert_before = nil @middleware_insert_after = nil @auto_insert_bff_header_guard = true @bff_header_guard_insert_before = nil @bff_header_guard_insert_after = nil @token_verify_options = {} @decoder_cache_limit = nil @token_env_key = nil @user_env_key = nil @bff_header_guard_options = {} @allow_http = false @jwks_refresh_interval = nil @skip_path_matcher = nil end # @param value [Array<String, Regexp>] def skip_paths=(value) @skip_paths = Array(value).freeze @skip_path_matcher = nil end # Pre-compiled skip-path matcher shared with the controller layer. # @return [Verikloak::Rails::SkipPathChecker] def skip_path_matcher @skip_path_matcher ||= SkipPathChecker.new(skip_paths) end # Rack env key actually used for the bearer token: the configured # `token_env_key`, or the core middleware default when unset/blank. # The value is whitespace-stripped to match the normalization the core # middleware applies before writing to the env, so readers and writer # always agree on the key. Shared by the controller helpers, # RequestStore mirroring, and the testing middleware stub so all # layers stay in sync. # @return [String] def effective_token_env_key presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY) end # Rack env key actually used for decoded claims: the configured # `user_env_key`, or the core middleware default when unset/blank. # Whitespace-stripped like {#effective_token_env_key}. # @return [String] def effective_user_env_key presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY) end # Options forwarded to the base Verikloak Rack middleware. # @return [Hash] # @example # Verikloak::Rails.config.middleware_options # #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... } def { discovery_url: discovery_url, audience: audience, issuer: issuer, leeway: leeway, skip_paths: skip_paths, token_verify_options: , decoder_cache_limit: decoder_cache_limit, token_env_key: token_env_key, user_env_key: user_env_key, allow_http: allow_http, jwks_refresh_interval: jwks_refresh_interval }.compact end private # @param value [String, nil] # @param default [String] # @return [String] the stripped value, or the default when blank. # Stripping mirrors the core middleware's env-key normalization # (`value.to_s.strip`); without it a padded key would make the # middleware write one env key while the helpers read another. def presence_or_default(value, default) str = value.to_s.strip str.empty? ? default : str end end |
#logger_tags ⇒ Array<Symbol>
Log tags to include (supports :request_id, :sub).
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/verikloak/rails/configuration.rb', line 58 class Configuration # Default Rack env keys. These mirror the defaults used by the core # `Verikloak::Middleware` and are the fallback when `token_env_key` / # `user_env_key` are left unset. DEFAULT_TOKEN_ENV_KEY = 'verikloak.token' DEFAULT_USER_ENV_KEY = 'verikloak.user' attr_accessor :discovery_url, :audience, :issuer, :leeway, :logger_tags, :error_renderer, :auto_include_controller, :render_500_json, :rescue_pundit, :middleware_insert_before, :middleware_insert_after, :auto_insert_bff_header_guard, :bff_header_guard_insert_before, :bff_header_guard_insert_after, :token_verify_options, :decoder_cache_limit, :token_env_key, :user_env_key, :bff_header_guard_options, :allow_http, :jwks_refresh_interval attr_reader :skip_paths # Initialize configuration with sensible defaults for Rails apps. # @return [void] def initialize @discovery_url = nil @audience = 'rails-api' @issuer = nil @leeway = 60 @skip_paths = ['/up', '/health', '/rails/health'].freeze @logger_tags = %i[request_id sub] @error_renderer = Verikloak::Rails::ErrorRenderer.new @auto_include_controller = true @render_500_json = false @rescue_pundit = true @middleware_insert_before = nil @middleware_insert_after = nil @auto_insert_bff_header_guard = true @bff_header_guard_insert_before = nil @bff_header_guard_insert_after = nil @token_verify_options = {} @decoder_cache_limit = nil @token_env_key = nil @user_env_key = nil @bff_header_guard_options = {} @allow_http = false @jwks_refresh_interval = nil @skip_path_matcher = nil end # @param value [Array<String, Regexp>] def skip_paths=(value) @skip_paths = Array(value).freeze @skip_path_matcher = nil end # Pre-compiled skip-path matcher shared with the controller layer. # @return [Verikloak::Rails::SkipPathChecker] def skip_path_matcher @skip_path_matcher ||= SkipPathChecker.new(skip_paths) end # Rack env key actually used for the bearer token: the configured # `token_env_key`, or the core middleware default when unset/blank. # The value is whitespace-stripped to match the normalization the core # middleware applies before writing to the env, so readers and writer # always agree on the key. Shared by the controller helpers, # RequestStore mirroring, and the testing middleware stub so all # layers stay in sync. # @return [String] def effective_token_env_key presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY) end # Rack env key actually used for decoded claims: the configured # `user_env_key`, or the core middleware default when unset/blank. # Whitespace-stripped like {#effective_token_env_key}. # @return [String] def effective_user_env_key presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY) end # Options forwarded to the base Verikloak Rack middleware. # @return [Hash] # @example # Verikloak::Rails.config.middleware_options # #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... } def { discovery_url: discovery_url, audience: audience, issuer: issuer, leeway: leeway, skip_paths: skip_paths, token_verify_options: , decoder_cache_limit: decoder_cache_limit, token_env_key: token_env_key, user_env_key: user_env_key, allow_http: allow_http, jwks_refresh_interval: jwks_refresh_interval }.compact end private # @param value [String, nil] # @param default [String] # @return [String] the stripped value, or the default when blank. # Stripping mirrors the core middleware's env-key normalization # (`value.to_s.strip`); without it a padded key would make the # middleware write one env key while the helpers read another. def presence_or_default(value, default) str = value.to_s.strip str.empty? ? default : str end end |
#middleware_insert_after ⇒ Object, ...
Rack middleware to insert Verikloak::Middleware after.
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/verikloak/rails/configuration.rb', line 58 class Configuration # Default Rack env keys. These mirror the defaults used by the core # `Verikloak::Middleware` and are the fallback when `token_env_key` / # `user_env_key` are left unset. DEFAULT_TOKEN_ENV_KEY = 'verikloak.token' DEFAULT_USER_ENV_KEY = 'verikloak.user' attr_accessor :discovery_url, :audience, :issuer, :leeway, :logger_tags, :error_renderer, :auto_include_controller, :render_500_json, :rescue_pundit, :middleware_insert_before, :middleware_insert_after, :auto_insert_bff_header_guard, :bff_header_guard_insert_before, :bff_header_guard_insert_after, :token_verify_options, :decoder_cache_limit, :token_env_key, :user_env_key, :bff_header_guard_options, :allow_http, :jwks_refresh_interval attr_reader :skip_paths # Initialize configuration with sensible defaults for Rails apps. # @return [void] def initialize @discovery_url = nil @audience = 'rails-api' @issuer = nil @leeway = 60 @skip_paths = ['/up', '/health', '/rails/health'].freeze @logger_tags = %i[request_id sub] @error_renderer = Verikloak::Rails::ErrorRenderer.new @auto_include_controller = true @render_500_json = false @rescue_pundit = true @middleware_insert_before = nil @middleware_insert_after = nil @auto_insert_bff_header_guard = true @bff_header_guard_insert_before = nil @bff_header_guard_insert_after = nil @token_verify_options = {} @decoder_cache_limit = nil @token_env_key = nil @user_env_key = nil @bff_header_guard_options = {} @allow_http = false @jwks_refresh_interval = nil @skip_path_matcher = nil end # @param value [Array<String, Regexp>] def skip_paths=(value) @skip_paths = Array(value).freeze @skip_path_matcher = nil end # Pre-compiled skip-path matcher shared with the controller layer. # @return [Verikloak::Rails::SkipPathChecker] def skip_path_matcher @skip_path_matcher ||= SkipPathChecker.new(skip_paths) end # Rack env key actually used for the bearer token: the configured # `token_env_key`, or the core middleware default when unset/blank. # The value is whitespace-stripped to match the normalization the core # middleware applies before writing to the env, so readers and writer # always agree on the key. Shared by the controller helpers, # RequestStore mirroring, and the testing middleware stub so all # layers stay in sync. # @return [String] def effective_token_env_key presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY) end # Rack env key actually used for decoded claims: the configured # `user_env_key`, or the core middleware default when unset/blank. # Whitespace-stripped like {#effective_token_env_key}. # @return [String] def effective_user_env_key presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY) end # Options forwarded to the base Verikloak Rack middleware. # @return [Hash] # @example # Verikloak::Rails.config.middleware_options # #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... } def { discovery_url: discovery_url, audience: audience, issuer: issuer, leeway: leeway, skip_paths: skip_paths, token_verify_options: , decoder_cache_limit: decoder_cache_limit, token_env_key: token_env_key, user_env_key: user_env_key, allow_http: allow_http, jwks_refresh_interval: jwks_refresh_interval }.compact end private # @param value [String, nil] # @param default [String] # @return [String] the stripped value, or the default when blank. # Stripping mirrors the core middleware's env-key normalization # (`value.to_s.strip`); without it a padded key would make the # middleware write one env key while the helpers read another. def presence_or_default(value, default) str = value.to_s.strip str.empty? ? default : str end end |
#middleware_insert_before ⇒ Object, ...
Rack middleware to insert Verikloak::Middleware before.
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/verikloak/rails/configuration.rb', line 58 class Configuration # Default Rack env keys. These mirror the defaults used by the core # `Verikloak::Middleware` and are the fallback when `token_env_key` / # `user_env_key` are left unset. DEFAULT_TOKEN_ENV_KEY = 'verikloak.token' DEFAULT_USER_ENV_KEY = 'verikloak.user' attr_accessor :discovery_url, :audience, :issuer, :leeway, :logger_tags, :error_renderer, :auto_include_controller, :render_500_json, :rescue_pundit, :middleware_insert_before, :middleware_insert_after, :auto_insert_bff_header_guard, :bff_header_guard_insert_before, :bff_header_guard_insert_after, :token_verify_options, :decoder_cache_limit, :token_env_key, :user_env_key, :bff_header_guard_options, :allow_http, :jwks_refresh_interval attr_reader :skip_paths # Initialize configuration with sensible defaults for Rails apps. # @return [void] def initialize @discovery_url = nil @audience = 'rails-api' @issuer = nil @leeway = 60 @skip_paths = ['/up', '/health', '/rails/health'].freeze @logger_tags = %i[request_id sub] @error_renderer = Verikloak::Rails::ErrorRenderer.new @auto_include_controller = true @render_500_json = false @rescue_pundit = true @middleware_insert_before = nil @middleware_insert_after = nil @auto_insert_bff_header_guard = true @bff_header_guard_insert_before = nil @bff_header_guard_insert_after = nil @token_verify_options = {} @decoder_cache_limit = nil @token_env_key = nil @user_env_key = nil @bff_header_guard_options = {} @allow_http = false @jwks_refresh_interval = nil @skip_path_matcher = nil end # @param value [Array<String, Regexp>] def skip_paths=(value) @skip_paths = Array(value).freeze @skip_path_matcher = nil end # Pre-compiled skip-path matcher shared with the controller layer. # @return [Verikloak::Rails::SkipPathChecker] def skip_path_matcher @skip_path_matcher ||= SkipPathChecker.new(skip_paths) end # Rack env key actually used for the bearer token: the configured # `token_env_key`, or the core middleware default when unset/blank. # The value is whitespace-stripped to match the normalization the core # middleware applies before writing to the env, so readers and writer # always agree on the key. Shared by the controller helpers, # RequestStore mirroring, and the testing middleware stub so all # layers stay in sync. # @return [String] def effective_token_env_key presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY) end # Rack env key actually used for decoded claims: the configured # `user_env_key`, or the core middleware default when unset/blank. # Whitespace-stripped like {#effective_token_env_key}. # @return [String] def effective_user_env_key presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY) end # Options forwarded to the base Verikloak Rack middleware. # @return [Hash] # @example # Verikloak::Rails.config.middleware_options # #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... } def { discovery_url: discovery_url, audience: audience, issuer: issuer, leeway: leeway, skip_paths: skip_paths, token_verify_options: , decoder_cache_limit: decoder_cache_limit, token_env_key: token_env_key, user_env_key: user_env_key, allow_http: allow_http, jwks_refresh_interval: jwks_refresh_interval }.compact end private # @param value [String, nil] # @param default [String] # @return [String] the stripped value, or the default when blank. # Stripping mirrors the core middleware's env-key normalization # (`value.to_s.strip`); without it a padded key would make the # middleware write one env key while the helpers read another. def presence_or_default(value, default) str = value.to_s.strip str.empty? ? default : str end end |
#render_500_json ⇒ Boolean
Rescue StandardError and render a JSON 500 response.
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/verikloak/rails/configuration.rb', line 58 class Configuration # Default Rack env keys. These mirror the defaults used by the core # `Verikloak::Middleware` and are the fallback when `token_env_key` / # `user_env_key` are left unset. DEFAULT_TOKEN_ENV_KEY = 'verikloak.token' DEFAULT_USER_ENV_KEY = 'verikloak.user' attr_accessor :discovery_url, :audience, :issuer, :leeway, :logger_tags, :error_renderer, :auto_include_controller, :render_500_json, :rescue_pundit, :middleware_insert_before, :middleware_insert_after, :auto_insert_bff_header_guard, :bff_header_guard_insert_before, :bff_header_guard_insert_after, :token_verify_options, :decoder_cache_limit, :token_env_key, :user_env_key, :bff_header_guard_options, :allow_http, :jwks_refresh_interval attr_reader :skip_paths # Initialize configuration with sensible defaults for Rails apps. # @return [void] def initialize @discovery_url = nil @audience = 'rails-api' @issuer = nil @leeway = 60 @skip_paths = ['/up', '/health', '/rails/health'].freeze @logger_tags = %i[request_id sub] @error_renderer = Verikloak::Rails::ErrorRenderer.new @auto_include_controller = true @render_500_json = false @rescue_pundit = true @middleware_insert_before = nil @middleware_insert_after = nil @auto_insert_bff_header_guard = true @bff_header_guard_insert_before = nil @bff_header_guard_insert_after = nil @token_verify_options = {} @decoder_cache_limit = nil @token_env_key = nil @user_env_key = nil @bff_header_guard_options = {} @allow_http = false @jwks_refresh_interval = nil @skip_path_matcher = nil end # @param value [Array<String, Regexp>] def skip_paths=(value) @skip_paths = Array(value).freeze @skip_path_matcher = nil end # Pre-compiled skip-path matcher shared with the controller layer. # @return [Verikloak::Rails::SkipPathChecker] def skip_path_matcher @skip_path_matcher ||= SkipPathChecker.new(skip_paths) end # Rack env key actually used for the bearer token: the configured # `token_env_key`, or the core middleware default when unset/blank. # The value is whitespace-stripped to match the normalization the core # middleware applies before writing to the env, so readers and writer # always agree on the key. Shared by the controller helpers, # RequestStore mirroring, and the testing middleware stub so all # layers stay in sync. # @return [String] def effective_token_env_key presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY) end # Rack env key actually used for decoded claims: the configured # `user_env_key`, or the core middleware default when unset/blank. # Whitespace-stripped like {#effective_token_env_key}. # @return [String] def effective_user_env_key presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY) end # Options forwarded to the base Verikloak Rack middleware. # @return [Hash] # @example # Verikloak::Rails.config.middleware_options # #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... } def { discovery_url: discovery_url, audience: audience, issuer: issuer, leeway: leeway, skip_paths: skip_paths, token_verify_options: , decoder_cache_limit: decoder_cache_limit, token_env_key: token_env_key, user_env_key: user_env_key, allow_http: allow_http, jwks_refresh_interval: jwks_refresh_interval }.compact end private # @param value [String, nil] # @param default [String] # @return [String] the stripped value, or the default when blank. # Stripping mirrors the core middleware's env-key normalization # (`value.to_s.strip`); without it a padded key would make the # middleware write one env key while the helpers read another. def presence_or_default(value, default) str = value.to_s.strip str.empty? ? default : str end end |
#rescue_pundit ⇒ Boolean
Rescue Pundit::NotAuthorizedError and render JSON 403 responses.
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/verikloak/rails/configuration.rb', line 58 class Configuration # Default Rack env keys. These mirror the defaults used by the core # `Verikloak::Middleware` and are the fallback when `token_env_key` / # `user_env_key` are left unset. DEFAULT_TOKEN_ENV_KEY = 'verikloak.token' DEFAULT_USER_ENV_KEY = 'verikloak.user' attr_accessor :discovery_url, :audience, :issuer, :leeway, :logger_tags, :error_renderer, :auto_include_controller, :render_500_json, :rescue_pundit, :middleware_insert_before, :middleware_insert_after, :auto_insert_bff_header_guard, :bff_header_guard_insert_before, :bff_header_guard_insert_after, :token_verify_options, :decoder_cache_limit, :token_env_key, :user_env_key, :bff_header_guard_options, :allow_http, :jwks_refresh_interval attr_reader :skip_paths # Initialize configuration with sensible defaults for Rails apps. # @return [void] def initialize @discovery_url = nil @audience = 'rails-api' @issuer = nil @leeway = 60 @skip_paths = ['/up', '/health', '/rails/health'].freeze @logger_tags = %i[request_id sub] @error_renderer = Verikloak::Rails::ErrorRenderer.new @auto_include_controller = true @render_500_json = false @rescue_pundit = true @middleware_insert_before = nil @middleware_insert_after = nil @auto_insert_bff_header_guard = true @bff_header_guard_insert_before = nil @bff_header_guard_insert_after = nil @token_verify_options = {} @decoder_cache_limit = nil @token_env_key = nil @user_env_key = nil @bff_header_guard_options = {} @allow_http = false @jwks_refresh_interval = nil @skip_path_matcher = nil end # @param value [Array<String, Regexp>] def skip_paths=(value) @skip_paths = Array(value).freeze @skip_path_matcher = nil end # Pre-compiled skip-path matcher shared with the controller layer. # @return [Verikloak::Rails::SkipPathChecker] def skip_path_matcher @skip_path_matcher ||= SkipPathChecker.new(skip_paths) end # Rack env key actually used for the bearer token: the configured # `token_env_key`, or the core middleware default when unset/blank. # The value is whitespace-stripped to match the normalization the core # middleware applies before writing to the env, so readers and writer # always agree on the key. Shared by the controller helpers, # RequestStore mirroring, and the testing middleware stub so all # layers stay in sync. # @return [String] def effective_token_env_key presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY) end # Rack env key actually used for decoded claims: the configured # `user_env_key`, or the core middleware default when unset/blank. # Whitespace-stripped like {#effective_token_env_key}. # @return [String] def effective_user_env_key presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY) end # Options forwarded to the base Verikloak Rack middleware. # @return [Hash] # @example # Verikloak::Rails.config.middleware_options # #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... } def { discovery_url: discovery_url, audience: audience, issuer: issuer, leeway: leeway, skip_paths: skip_paths, token_verify_options: , decoder_cache_limit: decoder_cache_limit, token_env_key: token_env_key, user_env_key: user_env_key, allow_http: allow_http, jwks_refresh_interval: jwks_refresh_interval }.compact end private # @param value [String, nil] # @param default [String] # @return [String] the stripped value, or the default when blank. # Stripping mirrors the core middleware's env-key normalization # (`value.to_s.strip`); without it a padded key would make the # middleware write one env key while the helpers read another. def presence_or_default(value, default) str = value.to_s.strip str.empty? ? default : str end end |
#skip_paths ⇒ Array<String>
Paths to skip verification.
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/verikloak/rails/configuration.rb', line 58 class Configuration # Default Rack env keys. These mirror the defaults used by the core # `Verikloak::Middleware` and are the fallback when `token_env_key` / # `user_env_key` are left unset. DEFAULT_TOKEN_ENV_KEY = 'verikloak.token' DEFAULT_USER_ENV_KEY = 'verikloak.user' attr_accessor :discovery_url, :audience, :issuer, :leeway, :logger_tags, :error_renderer, :auto_include_controller, :render_500_json, :rescue_pundit, :middleware_insert_before, :middleware_insert_after, :auto_insert_bff_header_guard, :bff_header_guard_insert_before, :bff_header_guard_insert_after, :token_verify_options, :decoder_cache_limit, :token_env_key, :user_env_key, :bff_header_guard_options, :allow_http, :jwks_refresh_interval attr_reader :skip_paths # Initialize configuration with sensible defaults for Rails apps. # @return [void] def initialize @discovery_url = nil @audience = 'rails-api' @issuer = nil @leeway = 60 @skip_paths = ['/up', '/health', '/rails/health'].freeze @logger_tags = %i[request_id sub] @error_renderer = Verikloak::Rails::ErrorRenderer.new @auto_include_controller = true @render_500_json = false @rescue_pundit = true @middleware_insert_before = nil @middleware_insert_after = nil @auto_insert_bff_header_guard = true @bff_header_guard_insert_before = nil @bff_header_guard_insert_after = nil @token_verify_options = {} @decoder_cache_limit = nil @token_env_key = nil @user_env_key = nil @bff_header_guard_options = {} @allow_http = false @jwks_refresh_interval = nil @skip_path_matcher = nil end # @param value [Array<String, Regexp>] def skip_paths=(value) @skip_paths = Array(value).freeze @skip_path_matcher = nil end # Pre-compiled skip-path matcher shared with the controller layer. # @return [Verikloak::Rails::SkipPathChecker] def skip_path_matcher @skip_path_matcher ||= SkipPathChecker.new(skip_paths) end # Rack env key actually used for the bearer token: the configured # `token_env_key`, or the core middleware default when unset/blank. # The value is whitespace-stripped to match the normalization the core # middleware applies before writing to the env, so readers and writer # always agree on the key. Shared by the controller helpers, # RequestStore mirroring, and the testing middleware stub so all # layers stay in sync. # @return [String] def effective_token_env_key presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY) end # Rack env key actually used for decoded claims: the configured # `user_env_key`, or the core middleware default when unset/blank. # Whitespace-stripped like {#effective_token_env_key}. # @return [String] def effective_user_env_key presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY) end # Options forwarded to the base Verikloak Rack middleware. # @return [Hash] # @example # Verikloak::Rails.config.middleware_options # #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... } def { discovery_url: discovery_url, audience: audience, issuer: issuer, leeway: leeway, skip_paths: skip_paths, token_verify_options: , decoder_cache_limit: decoder_cache_limit, token_env_key: token_env_key, user_env_key: user_env_key, allow_http: allow_http, jwks_refresh_interval: jwks_refresh_interval }.compact end private # @param value [String, nil] # @param default [String] # @return [String] the stripped value, or the default when blank. # Stripping mirrors the core middleware's env-key normalization # (`value.to_s.strip`); without it a padded key would make the # middleware write one env key while the helpers read another. def presence_or_default(value, default) str = value.to_s.strip str.empty? ? default : str end end |
#token_env_key ⇒ Object
Returns the value of attribute token_env_key.
65 66 67 |
# File 'lib/verikloak/rails/configuration.rb', line 65 def token_env_key @token_env_key end |
#token_verify_options ⇒ Object
Returns the value of attribute token_verify_options.
65 66 67 |
# File 'lib/verikloak/rails/configuration.rb', line 65 def @token_verify_options end |
#user_env_key ⇒ Object
Returns the value of attribute user_env_key.
65 66 67 |
# File 'lib/verikloak/rails/configuration.rb', line 65 def user_env_key @user_env_key end |
Instance Method Details
#effective_token_env_key ⇒ String
Rack env key actually used for the bearer token: the configured
token_env_key, or the core middleware default when unset/blank.
The value is whitespace-stripped to match the normalization the core
middleware applies before writing to the env, so readers and writer
always agree on the key. Shared by the controller helpers,
RequestStore mirroring, and the testing middleware stub so all
layers stay in sync.
125 126 127 |
# File 'lib/verikloak/rails/configuration.rb', line 125 def effective_token_env_key presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY) end |
#effective_user_env_key ⇒ String
Rack env key actually used for decoded claims: the configured
user_env_key, or the core middleware default when unset/blank.
Whitespace-stripped like #effective_token_env_key.
133 134 135 |
# File 'lib/verikloak/rails/configuration.rb', line 133 def effective_user_env_key presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY) end |
#middleware_options ⇒ Hash
Options forwarded to the base Verikloak Rack middleware.
142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 |
# File 'lib/verikloak/rails/configuration.rb', line 142 def { discovery_url: discovery_url, audience: audience, issuer: issuer, leeway: leeway, skip_paths: skip_paths, token_verify_options: , decoder_cache_limit: decoder_cache_limit, token_env_key: token_env_key, user_env_key: user_env_key, allow_http: allow_http, jwks_refresh_interval: jwks_refresh_interval }.compact end |
#skip_path_matcher ⇒ Verikloak::Rails::SkipPathChecker
Pre-compiled skip-path matcher shared with the controller layer.
113 114 115 |
# File 'lib/verikloak/rails/configuration.rb', line 113 def skip_path_matcher @skip_path_matcher ||= SkipPathChecker.new(skip_paths) end |