Class: Wurk::Web::Authorization

Inherits:

Object

Object
Wurk::Web::Authorization

show all

Defined in:: lib/wurk/web/config.rb

Overview

Rack middleware inserted into the engine. Resolves PATH_INFO + REQUEST_METHOD from ‘env` and delegates to `Wurk::Web.config`. The engine’s mount path is stripped via ‘SCRIPT_NAME` so the callback sees engine-relative paths.

Constant Summary collapse

FORBIDDEN_BODY =

'Forbidden'

READ_ONLY_BODY =

'Read-only mode'

FORBIDDEN_HEADERS =

{ 'Content-Type' => 'text/plain' }.freeze

SAFE_METHODS = Methods allowed while read-only. Anything else is a mutation and 403s.

%w[GET HEAD OPTIONS].freeze

Instance Method Summary collapse

#call(env) ⇒ Object
#initialize(app) ⇒ Authorization constructor

A new instance of Authorization.

Constructor Details

#initialize(app) ⇒ `Authorization`

Returns a new instance of Authorization.



143
144
145

# File 'lib/wurk/web/config.rb', line 143

def initialize(app)
  @app = app
end

Instance Method Details

#call(env) ⇒ `Object`

# File 'lib/wurk/web/config.rb', line 147

def call(env)
  method = env['REQUEST_METHOD']
  path = env['PATH_INFO'].to_s
  config = Wurk::Web.config
  return forbidden(FORBIDDEN_BODY) unless config.authorized?(env, method, path)
  return forbidden(READ_ONLY_BODY) if config.read_only? && !SAFE_METHODS.include?(method)

  @app.call(env)
end