Class: Modern::Descriptor::Security::Base

Inherits:

Struct

• Object
• Dry::Struct
• Struct
• Modern::Descriptor::Security::Base

Defined in:

lib/modern/descriptor/security.rb

Overview

Securities in Modern allow for specifying the “plumbing” bits of the security in a predictable, unsurprising way. If you specify that you use HTTP authorization with the ‘Foobar` scheme–great. Modern finds the authorization header, checks to see if it’s Foobar type, and retrieves the value that signifies its authentication. This value will be passed to the validator, which can determine whether or not its a valid bit of authentication.

The idea is that, given that the validation gets access to a ‘PartialRequestContainer` that includes both the request and the application service set, it can connect to the auth server/user database/whatever and make sure it’s atually a legitimate user. Since Request has a mutable store in Request#local_store, the validator can then store a User object (or whatever) into it for use in the actual application.

Direct Known Subclasses

ApiKey, Http

Instance Method Summary

• #do_credential_fetch(_request) ⇒ Object
• #to_openapi3 ⇒ Object
• #validate(container) ⇒ Object

Methods included from Struct::Copy

#copy

Instance Method Details

#do_credential_fetch(_request) ⇒ Object

# File 'lib/modern/descriptor/security.rb', line 43

def do_credential_fetch(_request)
  raise "#{self.class.name}#do_credential_fetch(request) must be implemented."
end

#to_openapi3 ⇒ Object

# File 'lib/modern/descriptor/security.rb', line 47

def to_openapi3
  {
    description: description
  }
end

#validate(container) ⇒ Object

# File 'lib/modern/descriptor/security.rb', line 33

def validate(container)
  value = do_credential_fetch(container.request)

  if value.nil?
    false
  else
    !!container.instance_exec(value, &validation)
  end
end