Class: ApiAuth::RequestDrivers::ActionControllerRequest

Inherits:
Object
  • Object
show all
Includes:
Helpers
Defined in:
lib/api_auth/request_drivers/action_controller.rb

Overview

:nodoc:

Direct Known Subclasses

ActionDispatchRequest

Instance Method Summary collapse

Methods included from Helpers

#b64_encode, #capitalize_keys, #md5_base64digest, #sha256_base64digest

Constructor Details

#initialize(request, authorize_md5: false) ⇒ ActionControllerRequest

Returns a new instance of ActionControllerRequest.



6
7
8
9
10
11
 
# File 'lib/api_auth/request_drivers/action_controller.rb', line 6

def initialize(request, authorize_md5: false)
  @request = request
  @authorize_md5 = authorize_md5
  fetch_headers
  true
end

Instance Method Details

#authorization_headerObject 



76
77
78
 
# File 'lib/api_auth/request_drivers/action_controller.rb', line 76

def authorization_header
  find_header %w[Authorization AUTHORIZATION HTTP_AUTHORIZATION]
end

#calculated_hashObject 



19
20
21
22
23
24
 
# File 'lib/api_auth/request_drivers/action_controller.rb', line 19

def calculated_hash
  body = @request.raw_post
  hashes = [sha256_base64digest(body)]
  hashes << md5_base64digest(body) if @authorize_md5
  hashes
end

#content_hashObject 



53
54
55
56
57
 
# File 'lib/api_auth/request_drivers/action_controller.rb', line 53

def content_hash
  headers = %w[X-AUTHORIZATION-CONTENT-SHA256 X_AUTHORIZATION_CONTENT_SHA256 HTTP_X_AUTHORIZATION_CONTENT_SHA256]
  headers += %w[CONTENT-MD5 CONTENT_MD5 HTTP_CONTENT_MD5] if @authorize_md5
  find_header(headers)
end

#content_hash_mismatch?Boolean

Returns:

  • (Boolean) 


33
34
35
36
37
38
39
 
# File 'lib/api_auth/request_drivers/action_controller.rb', line 33

def content_hash_mismatch?
  if @request.put? || @request.post?
    !calculated_hash.include?(content_hash)
  else
    false
  end
end

#content_typeObject 



49
50
51
 
# File 'lib/api_auth/request_drivers/action_controller.rb', line 49

def content_type
  find_header(%w[CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE])
end

#fetch_headersObject 



41
42
43
 
# File 'lib/api_auth/request_drivers/action_controller.rb', line 41

def fetch_headers
  @headers = capitalize_keys @request.env
end

#http_methodObject 



45
46
47
 
# File 'lib/api_auth/request_drivers/action_controller.rb', line 45

def http_method
  @request.request_method.to_s.upcase
end

#original_uriObject 



59
60
61
 
# File 'lib/api_auth/request_drivers/action_controller.rb', line 59

def original_uri
  find_header(%w[X-ORIGINAL-URI X_ORIGINAL_URI HTTP_X_ORIGINAL_URI])
end

#populate_content_hashObject 



26
27
28
29
30
31
 
# File 'lib/api_auth/request_drivers/action_controller.rb', line 26

def populate_content_hash
  return unless @request.put? || @request.post?

  @request.env['X-AUTHORIZATION-CONTENT-SHA256'] = calculated_hash
  fetch_headers
end

#request_uriObject 



63
64
65
 
# File 'lib/api_auth/request_drivers/action_controller.rb', line 63

def request_uri
  @request.request_uri
end

#set_auth_header(header) ⇒ Object 



13
14
15
16
17
 
# File 'lib/api_auth/request_drivers/action_controller.rb', line 13

def set_auth_header(header)
  @request.env['Authorization'] = header
  fetch_headers
  @request
end

#set_dateObject 



67
68
69
70
 
# File 'lib/api_auth/request_drivers/action_controller.rb', line 67

def set_date
  @request.env['HTTP_DATE'] = Time.now.utc.httpdate
  fetch_headers
end

#timestampObject 



72
73
74
 
# File 'lib/api_auth/request_drivers/action_controller.rb', line 72

def timestamp
  find_header(%w[DATE HTTP_DATE])
end