Class: Goliath::Rack::AuthBarrier

Inherits:

Object

• Object
• Goliath::Rack::AuthBarrier

Includes:

BarrierAroundware, Validation

Defined in:

lib/grass/goliath/rack/auth_barrier.rb

Defined Under Namespace

Classes: InvalidApikeyError, MissingApikeyError

Instance Attribute Summary

• #access_token ⇒ Object

  Returns the value of attribute access_token.

• #db ⇒ Object readonly

  Memcache Client.

Instance Method Summary

• #accept_response(handle, *args) ⇒ Object
• #account_belongs_to_host? ⇒ Boolean
• #account_valid? ⇒ Boolean
• #apikey ⇒ Object
• #apikey_path ⇒ Object
• #check_authorization! ⇒ Object
• #get_access_token ⇒ Object
• #initialize(env, db_name) ⇒ AuthBarrier constructor

  A new instance of AuthBarrier.

• #lazy_authorization? ⇒ Boolean
• #post_process ⇒ Object
• #pre_process ⇒ Object
• #renew_token ⇒ Object
• #validate_apikey! ⇒ Object

  .

Constructor Details

#initialize(env, db_name) ⇒ AuthBarrier

Returns a new instance of AuthBarrier.

# File 'lib/grass/goliath/rack/auth_barrier.rb', line 14

def initialize(env, db_name)
  @db = env.config[db_name]
  super(env)
end

Instance Attribute Details

#access_token ⇒ Object

Returns the value of attribute access_token.

# File 'lib/grass/goliath/rack/auth_barrier.rb', line 9

def access_token
  @access_token
end

#db ⇒ Object (readonly)

Memcache Client

# File 'lib/grass/goliath/rack/auth_barrier.rb', line 8

def db
  @db
end

Instance Method Details

#accept_response(handle, *args) ⇒ Object

# File 'lib/grass/goliath/rack/auth_barrier.rb', line 61

def accept_response(handle, *args)
  env.trace("received_#{handle}")
  super(handle, *args)
end

#account_belongs_to_host? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/grass/goliath/rack/auth_barrier.rb', line 102

def account_belongs_to_host?
  return true if access_token[:mode] == Arms::Auth::ADMIN
  [access_token[:hosts]].flatten.join(",") =~ /#{env['HTTP_ORIGIN'] || env['SERVER_NAME']}/
end

#account_valid? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/grass/goliath/rack/auth_barrier.rb', line 88

def account_valid?
  # puts "VALID? #{Digest::MD5.hexdigest(apikey) == access_token[:token]},#{account_belongs_to_host?},#{Arms::Auth.can?(access_token[:mode],env['REQUEST_METHOD'])}"
  # is token or key altered?
  Digest::MD5.hexdigest(apikey) == access_token[:token] && 
  # is on right host?
  account_belongs_to_host? &&
  # mode is able to do HTTP VERB?
  Arms::Auth.can?(access_token[:mode],env['REQUEST_METHOD'])
end

#apikey ⇒ Object

# File 'lib/grass/goliath/rack/auth_barrier.rb', line 80

def apikey
  env.params['apikey']
end

#apikey_path ⇒ Object

# File 'lib/grass/goliath/rack/auth_barrier.rb', line 84

def apikey_path
  Arms::Auth.keypath(apikey)
end

#check_authorization! ⇒ Object

# File 'lib/grass/goliath/rack/auth_barrier.rb', line 72

def check_authorization!
  unless access_token && account_valid?
    raise InvalidApikeyError.new("Invalid Api Key")
  else
    renew_token
  end
end

#get_access_token ⇒ Object

# File 'lib/grass/goliath/rack/auth_barrier.rb', line 55

def get_access_token 
  @access_token = db.get(apikey_path) rescue nil
  # puts "GET KEY #{apikey_path.inspect} -> #{@access_token.inspect}"
  @access_token
end

#lazy_authorization? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/grass/goliath/rack/auth_barrier.rb', line 51

def lazy_authorization?
  (env['REQUEST_METHOD'] == 'GET') || (env['REQUEST_METHOD'] == 'HEAD')
end

#post_process ⇒ Object

# File 'lib/grass/goliath/rack/auth_barrier.rb', line 36

def post_process
  env.trace('post_process_beg')
  # [:access_token, :status, :headers, :body].each{|attr| env.logger.info(("%23s\t%s" % [attr, self.send(attr).inspect[0..200]])) }

  # inject_headers

  # We have to check auth now, we skipped it before
  if lazy_authorization?
    check_authorization!
  end

  env.trace('post_process_end')
  [status, headers, body]
end

#pre_process ⇒ Object

# File 'lib/grass/goliath/rack/auth_barrier.rb', line 19

def pre_process
  env.trace('pre_process_beg')
  validate_apikey!

  # the results of the afirst deferrable will be set right into access_token (and the request into successes)
  get_access_token

  # On non-GET non-HEAD requests, we have to check auth now.
  unless lazy_authorization?
    perform     # yield execution until user_info has arrived
    check_authorization!
  end

  env.trace('pre_process_end')
  return Goliath::Connection::AsyncResponse
end

#renew_token ⇒ Object

# File 'lib/grass/goliath/rack/auth_barrier.rb', line 98

def renew_token
  db.touch apikey_path, Arms::Auth::TTLS[access_token[:mode]] unless access_token[:ttl].nil?
end

#validate_apikey! ⇒ Object

Raises:

• (MissingApikeyError)

# File 'lib/grass/goliath/rack/auth_barrier.rb', line 68

def validate_apikey!
  raise MissingApikeyError.new("Missing Api Key") if apikey.to_s.empty?
end