Module: Verikloak::Rails::Controller

Extended by:
ActiveSupport::Concern
Includes:
ErrorHandling
Defined in:
lib/verikloak/rails/controller.rb,
lib/verikloak/rails/controller/error_handling.rb

Overview

Controller concern providing Verikloak helpers and JSON error handling.

Includes before_action :authenticate_user!, helpers such as current_user_claims, and consistent 401/403 responses. Optionally wraps requests with tagged logging and a 500 JSON renderer.

Defined Under Namespace

Modules: ErrorHandling

Instance Method Summary collapse

Instance Method Details

#authenticate_user!void

This method returns an undefined value.

Ensures a user is authenticated, otherwise renders a JSON 401 response.

Examples:

In a controller

class ApiController < ApplicationController
  before_action :authenticate_user!
end


48
49
50
51
52
53
54
# File 'lib/verikloak/rails/controller.rb', line 48

def authenticate_user!
  return if Verikloak::Rails.config.skip_path_matcher.skip?(request.path_info)
  return if authenticated?

  e = ::Verikloak::Error.new('Unauthorized', code: 'unauthorized')
  Verikloak::Rails.config.error_renderer.render(self, e)
end

#authenticated?Boolean

Whether the request has verified user claims.

Returns:

  • (Boolean)


58
# File 'lib/verikloak/rails/controller.rb', line 58

def authenticated? = current_user_claims.present?

#current_subjectString?

The sub (subject) claim from the current user claims.

Returns:

  • (String, nil)


78
# File 'lib/verikloak/rails/controller.rb', line 78

def current_subject = current_user_claims && current_user_claims['sub']

#current_tokenString?

The raw bearer token used for the current request. Prefer Rack env (honoring a custom token_env_key); fall back to RequestStore when available.

Returns:

  • (String, nil)


72
73
74
# File 'lib/verikloak/rails/controller.rb', line 72

def current_token
  _verikloak_fetch_request_context(Verikloak::Rails.config.effective_token_env_key, :verikloak_token)
end

#current_user_claimsHash?

The verified JWT claims for the current user. Prefer Rack env (honoring a custom user_env_key); fall back to RequestStore when available.

Returns:

  • (Hash, nil)


64
65
66
# File 'lib/verikloak/rails/controller.rb', line 64

def current_user_claims
  _verikloak_fetch_request_context(Verikloak::Rails.config.effective_user_env_key, :verikloak_user)
end

#with_required_audience!(*required) ⇒ void

This method returns an undefined value.

Enforces that the current user has all required audiences.

Examples:

with_required_audience!('my-api', 'payments')

Parameters:

  • required (Array<String>)

    one or more audiences to require

Raises:

  • (Verikloak::Error)

    when the required audience is missing



87
88
89
90
91
92
# File 'lib/verikloak/rails/controller.rb', line 87

def with_required_audience!(*required)
  aud = Array(current_user_claims&.dig('aud'))
  return if required.flatten.all? { |r| aud.include?(r) }

  raise ::Verikloak::Error.new('Required audience not satisfied', code: 'forbidden')
end