Class: CohesiveMarketplaceMiddleware::CookieAuthMiddleware

Inherits:
Object
  • Object
show all
Defined in:
lib/cohesive_marketplace_middleware.rb

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ void

Initializes a new instance of the middleware.

Parameters:

  • app (Object)

    The application object.



67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
 
# File 'lib/cohesive_marketplace_middleware.rb', line 67

def initialize(app)
  @app = app
  @ignore_paths = CohesiveMarketplaceMiddleware.collect_ignore_paths

  # Get the login redirect URI from an environment variable.
  @redirect_uri = ENV[COHESIVE_MIDDLEWARE_LOGIN_PATH]
  # Set a default URI if the environment variable is not set.
  if !@redirect_uri || @redirect_uri == ""
    @redirect_uri = COHESIVE_MIDDLEWARE_LOGIN_PATH_DEFAULT
  end

  # Add the login redirect URI to the list of ignored paths.
  @ignore_paths = @ignore_paths.append(@redirect_uri)

  # Output some information for debugging.
  puts("Cohesive middleware login redirect: ", @redirect_uri)
end

Instance Method Details

#call(env) ⇒ Array

Processes a request and authenticates the user if necessary.

Parameters:

  • env (Hash)

    The Rack environment hash.

Returns:

  • (Array)

    A Rack-compatible response triplet.



90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
 
# File 'lib/cohesive_marketplace_middleware.rb', line 90

def call(env)
  # Check if the current path should be ignored.
  if !(@ignore_paths.any? { |prefix| env["REQUEST_PATH"] && prefix && env["REQUEST_PATH"].start_with?(prefix) })
    # Create a new request object.
    request = ActionDispatch::Request.new(env)
    # Get the authentication token from the cookie.
    token = request.cookie_jar[:chAppToken]
    if token
      begin
        # Validate the JWT token and store the result in the environment hash.
        env[AUTH_DETAILS_ENV_KEY] = CohesiveMarketplaceSDK.validate_jwt token
      rescue => exception
        # Return a 401 Unauthorized response if the token is invalid.
        puts exception
        return [401, {"Content-Type" => "text/plain"}, [exception.message]]
      end
    else
      # Redirect the user to the login page if the token is missing.
      return [301, {"Location" => COHESIVE_MIDDLEWARE_LOGIN_PATH_DEFAULT, "Content-Type" => "text/plain"}, ["token not in cookie"]]
    end
  end
  # Call the next middleware or application in the chain.
  @app.call(env)
end