Module: Fridge::RailsHelpers

Extended by:

ActiveSupport::Concern

Defined in:

lib/fridge/rails_helpers.rb

Instance Method Summary

• #auth_domain ⇒ Object
• #bearer_token ⇒ Object
• #clear_session_cookie ⇒ Object
• #current_token ⇒ Object
• #delete_shared_cookie(name) ⇒ Object
• #fetch_shared_cookie(name) ⇒ Object
• #fridge_cookie_name ⇒ Object
• #fridge_cookie_options ⇒ Object
• #read_shared_cookie(name) ⇒ Object
• #session_actor ⇒ Object
• #session_cookie ⇒ Object
• #session_cookie=(cookie) ⇒ Object
• #session_subject ⇒ Object
• #session_token ⇒ Object
• #sessionize_token(access_token) ⇒ Object
• #token_actor ⇒ Object
• #token_scope ⇒ Object
• #token_subject ⇒ Object
• #validate_token(access_token) ⇒ Object

  Validates token, and returns the token, or nil.

• #validate_token!(access_token) ⇒ Object

  Validates token, and raises an exception if invalid.

• #write_shared_cookie(name, value, options = {}) ⇒ Object

Instance Method Details

#auth_domain ⇒ Object

# File 'lib/fridge/rails_helpers.rb', line 128

def auth_domain
  Aptible::Auth.configuration.root_url.sub(%r{^https?://}, '')
rescue StandardError
  'auth.aptible.com'
end

#bearer_token ⇒ Object

# File 'lib/fridge/rails_helpers.rb', line 30

def bearer_token
  header = request.env['HTTP_AUTHORIZATION']
  header.gsub(/^Bearer /, '') unless header.nil?
end

#clear_session_cookie ⇒ Object

# File 'lib/fridge/rails_helpers.rb', line 90

def clear_session_cookie
  cookies.delete fridge_cookie_name, domain: auth_domain
  nil
end

#current_token ⇒ Object

# File 'lib/fridge/rails_helpers.rb', line 22

def current_token
  return unless bearer_token

  @current_token ||= AccessToken.new(bearer_token).tap do |token|
    validate_token!(token)
  end
end

#delete_shared_cookie(name) ⇒ Object

# File 'lib/fridge/rails_helpers.rb', line 114

def delete_shared_cookie(name)
  cookies.delete name, fridge_cookie_options.slice(:domain)
end

#fetch_shared_cookie(name) ⇒ Object

# File 'lib/fridge/rails_helpers.rb', line 108

def fetch_shared_cookie(name)
  return read_shared_cookie(name) if read_shared_cookie(name)

  write_shared_cookie(yield)
end

#fridge_cookie_name ⇒ Object

# File 'lib/fridge/rails_helpers.rb', line 118

def fridge_cookie_name
  Fridge.configuration.cookie_name
end

#fridge_cookie_options ⇒ Object

# File 'lib/fridge/rails_helpers.rb', line 122

def fridge_cookie_options
  secure = !Rails.env.development?
  options = { domain: auth_domain, secure: secure, httponly: true }
  options.merge(Fridge.configuration.cookie_options)
end

#read_shared_cookie(name) ⇒ Object

# File 'lib/fridge/rails_helpers.rb', line 104

def read_shared_cookie(name)
  cookies[name]
end

#session_actor ⇒ Object

# File 'lib/fridge/rails_helpers.rb', line 39

def session_actor
  session_token.actor if session_token
end

#session_cookie ⇒ Object

# File 'lib/fridge/rails_helpers.rb', line 82

def session_cookie
  cookies[fridge_cookie_name]
end

#session_cookie=(cookie) ⇒ Object

# File 'lib/fridge/rails_helpers.rb', line 86

def session_cookie=(cookie)
  cookies[fridge_cookie_name] = cookie
end

#session_subject ⇒ Object

# File 'lib/fridge/rails_helpers.rb', line 35

def session_subject
  session_token.subject if session_token
end

#session_token ⇒ Object

# File 'lib/fridge/rails_helpers.rb', line 43

def session_token
  return unless session_cookie

  @session_token ||= AccessToken.new(session_cookie).tap do |token|
    validate_token!(token).downgrade
  end
rescue StandardError
  clear_session_cookie
end

#sessionize_token(access_token) ⇒ Object

# File 'lib/fridge/rails_helpers.rb', line 71

def sessionize_token(access_token)
  # Ensure that any cookie-persisted tokens are read-only
  access_token.scope = 'read'

  jwt = access_token.serialize
  self.session_cookie = {
    value: jwt,
    expires: access_token.expires_at
  }.merge(fridge_cookie_options)
end

#token_actor ⇒ Object

# File 'lib/fridge/rails_helpers.rb', line 18

def token_actor
  current_token.actor if current_token
end

#token_scope ⇒ Object

# File 'lib/fridge/rails_helpers.rb', line 10

def token_scope
  current_token.scope if current_token
end

#token_subject ⇒ Object

# File 'lib/fridge/rails_helpers.rb', line 14

def token_subject
  current_token.subject if current_token
end

#validate_token(access_token) ⇒ Object

Validates token, and returns the token, or nil

# File 'lib/fridge/rails_helpers.rb', line 54

def validate_token(access_token)
  validator = Fridge.configuration.validator
  validator.call(access_token) && access_token
rescue StandardError
  false
end

#validate_token!(access_token) ⇒ Object

Validates token, and raises an exception if invalid

# File 'lib/fridge/rails_helpers.rb', line 62

def validate_token!(access_token)
  validator = Fridge.configuration.validator
  if validator.call(access_token)
    access_token
  else
    raise InvalidToken, 'Rejected by validator'
  end
end

#write_shared_cookie(name, value, options = {}) ⇒ Object

# File 'lib/fridge/rails_helpers.rb', line 95

def write_shared_cookie(name, value, options = {})
  raise 'Can only write string cookie values' unless value.is_a?(String)

  cookies[name] = {
    value: value,
    expires: options[:expires] || 1.year.from_now
  }.merge(fridge_cookie_options)
end