Module: YiffSpace::Auth::Helper

Extended by:
ActiveSupport::Concern
Included in:
Scoped
Defined in:
lib/yiffspace/auth/helper.rb

Defined Under Namespace

Modules: ClassMethods, Scoped

Constant Summary collapse

DIRTY_FLAG_KEY = 
"yiffspace:auth:dirty:%s"

Instance Method Summary collapse

Instance Method Details

#authObject 



33
34
35
36
37
 
# File 'lib/yiffspace/auth/helper.rb', line 33

def auth
  return AuthInfo::Anonymous.instance if auth_raw.blank?

  AuthInfo.from_session(auth_raw)
end

#auth=(value) ⇒ Object 



43
44
45
46
 
# File 'lib/yiffspace/auth/helper.rb', line 43

def auth=(value)
  value                                        = nil if value.is_a?(AuthInfo::Anonymous)
  session[auth_client_config.auth_session_key] = value&.to_session
end

#auth?Boolean

Returns:

  • (Boolean) 


39
40
41
 
# File 'lib/yiffspace/auth/helper.rb', line 39

def auth?
  auth_raw.present? && !auth.anonymous?
end

#auth_client_configObject

Returns the Auth::Client for the current request. In auth engine controllers this is resolved from the routing default set by Engine.for; in host app controllers it falls back to the default registered client. Override in your controller to choose a specific client when multiple are registered.



138
139
140
141
 
# File 'lib/yiffspace/auth/helper.rb', line 138

def auth_client_config
  client_name = self.client_name
  client_name.present? ? YiffSpace::Auth[client_name.to_sym] : YiffSpace::Auth.default
end

#auth_rawObject 



29
30
31
 
# File 'lib/yiffspace/auth/helper.rb', line 29

def auth_raw
  session[auth_client_config.auth_session_key]
end

#client_nameObject 



143
144
145
 
# File 'lib/yiffspace/auth/helper.rb', line 143

def client_name
  respond_to?(:request, true) && request.env[CLIENT_NAME_ENV]
end

#client_name=(value) ⇒ Object 



147
148
149
 
# File 'lib/yiffspace/auth/helper.rb', line 147

def client_name=(value)
  request.env[CLIENT_NAME_ENV] = value.to_sym
end

#full_reset!Object 



75
76
77
78
 
# File 'lib/yiffspace/auth/helper.rb', line 75

def full_reset!
  reset_auth!
  reset_user!
end

#has_permission?(name) ⇒ Boolean

Returns:

  • (Boolean) 


88
89
90
91
92
 
# File 'lib/yiffspace/auth/helper.rb', line 88

def has_permission?(name)
  return false unless logged_in?

  auth.permissions.has?(name)
end

#logged_in?Boolean

Returns:

  • (Boolean) 


84
85
86
 
# File 'lib/yiffspace/auth/helper.rb', line 84

def logged_in?
  auth? && user?
end

#require_auth(path) ⇒ Object 



80
81
82
 
# File 'lib/yiffspace/auth/helper.rb', line 80

def require_auth(path)
  redirect_to(path) unless logged_in?
end

#reset_auth!Object 



48
49
50
 
# File 'lib/yiffspace/auth/helper.rb', line 48

def reset_auth!
  session.delete(auth_client_config.auth_session_key)
end

#reset_user!Object 



71
72
73
 
# File 'lib/yiffspace/auth/helper.rb', line 71

def reset_user!
  session.delete(auth_client_config.user_session_key)
end

#sync_auth_if_dirty!Object

Checks the dirty flag written by the Logto webhook handler. If set, re-fetches the user’s current roles and permissions from the Logto Management API and rewrites the session — without waiting for the access token to expire. Call this as a before_action in any controller that needs instant revocation.



100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
 
# File 'lib/yiffspace/auth/helper.rb', line 100

def sync_auth_if_dirty!
  return unless auth?

  flag_key = format(DIRTY_FLAG_KEY, auth.id)
  return unless Rails.cache.exist?(flag_key)

  Rails.cache.delete(flag_key)

  management = auth_client_config.logto_management
  api_user   = management.get_user_by_id(auth.id)

  if api_user.nil? || api_user.data["isSuspended"]
    full_reset!
    return
  end

  roles       = management.get_user_roles(auth.id)
  permissions = roles.flat_map { |role| management.get_role_scopes(role["id"]) }
                     .pluck("name")
                     .uniq

  self.auth = AuthInfo.new(
    id:          auth.id,
    token:       auth.token,
    roles:       roles.pluck("name"),
    permissions: permissions,
    client_id:   auth.client_id,
  )
end

#url_helpersObject 



130
131
132
 
# File 'lib/yiffspace/auth/helper.rb', line 130

def url_helpers
  YiffSpace::Auth::Engine.for(client_name).routes.url_helpers
end

#userObject 



56
57
58
59
60
 
# File 'lib/yiffspace/auth/helper.rb', line 56

def user
  return UserInfo::Anonymous.instance if user_raw.blank?

  UserInfo.from_session(user_raw)
end

#user=(value) ⇒ Object 



66
67
68
69
 
# File 'lib/yiffspace/auth/helper.rb', line 66

def user=(value)
  value                                        = nil if value.is_a?(UserInfo::Anonymous)
  session[auth_client_config.user_session_key] = value&.to_session
end

#user?Boolean

Returns:

  • (Boolean) 


62
63
64
 
# File 'lib/yiffspace/auth/helper.rb', line 62

def user?
  user_raw.present? && !user.anonymous?
end

#user_rawObject 



52
53
54
 
# File 'lib/yiffspace/auth/helper.rb', line 52

def user_raw
  session[auth_client_config.user_session_key]
end