Class: Modern::Descriptor::Security::Http

Inherits:

Base

• Object
• Dry::Struct
• Struct
• Base
• Modern::Descriptor::Security::Http

Defined in:

lib/modern/descriptor/security.rb

Constant Summary

SPLITTER =

aside: some people think that the Authorization field can support multiple sets of credentials, as RFC 7230 suggests that headers can be sent “multiple” times by using a comma to split them. however, this is for headers like Accept-Encoding. We don’t need to split Authorization.

%r,([^\s]+?)\s+(.*+),

Instance Method Summary

• #do_credential_fetch(request) ⇒ Object
• #to_openapi3 ⇒ Object

Methods inherited from Base

#validate

Methods included from Struct::Copy

#copy

Instance Method Details

#do_credential_fetch(request) ⇒ Object

# File 'lib/modern/descriptor/security.rb', line 82

def do_credential_fetch(request)
  header = request.env["HTTP_AUTHORIZATION"]

  if header.nil?
    nil
  else
    match = SPLITTER.match(header)
    # yields #<MatchData "Bearer foo" 1:"Bearer" 2:"foo">

    match[2].strip if !match.nil? && match[1].casecmp(scheme).zero?
  end
end

#to_openapi3 ⇒ Object

# File 'lib/modern/descriptor/security.rb', line 95

def to_openapi3
  super.merge(
    type: "http",
    scheme: scheme
  )
end