Class: RailsKeycloakAuthorization::Middleware

Inherits:

Object

• Object
• RailsKeycloakAuthorization::Middleware

Defined in:

lib/rails_keycloak_authorization.rb

Instance Method Summary

• #authorize!(request_uri, http_authorization) ⇒ Object
• #call(env) ⇒ Object
• #grant_type ⇒ Object
• #http_client(uri) ⇒ Object
• #http_request(uri, http_authorization, route) ⇒ Object
• #initialize(app) ⇒ Middleware constructor

  A new instance of Middleware.

• #should_process?(request_uri) ⇒ Boolean
• #uri(keycloak_server_url, keycloak_realm) ⇒ Object

Constructor Details

#initialize(app) ⇒ Middleware

Returns a new instance of Middleware.

# File 'lib/rails_keycloak_authorization.rb', line 15

def initialize(app)
  @app = app
end

Instance Method Details

#authorize!(request_uri, http_authorization) ⇒ Object

# File 'lib/rails_keycloak_authorization.rb', line 39

def authorize!(request_uri, http_authorization)
  route = Rails.application.routes.recognize_path(request_uri)
  uri = uri(RailsKeycloakAuthorization.keycloak_server_url, RailsKeycloakAuthorization.keycloak_auth_client_realm_name)
  request = http_request(uri, http_authorization, route)
  response = http_client(uri).request(request)
  response.is_a?(Net::HTTPSuccess)
end

#call(env) ⇒ Object

# File 'lib/rails_keycloak_authorization.rb', line 19

def call(env)
  if should_process?(env["REQUEST_URI"],)
    if !env["HTTP_AUTHORIZATION"]
      [403, {}, ["Authentication Failed"]]
    elsif authorize!(env['REQUEST_URI'], env['HTTP_AUTHORIZATION'])
      @app.call(env)
    else
      [403, {}, ["Authorization Failed"]]
    end
  else
    @app.call(env)
  end
end

#grant_type ⇒ Object

# File 'lib/rails_keycloak_authorization.rb', line 64

def grant_type
  "urn:ietf:params:oauth:grant-type:uma-ticket"
end

#http_client(uri) ⇒ Object

# File 'lib/rails_keycloak_authorization.rb', line 72

def http_client(uri)
  http = Net::HTTP.new(uri.host, uri.port)
  http.use_ssl = Rails.env.production?
  http.read_timeout = ENV.fetch("KEYCLOAK_AUTHORIZATION_TIMEOUT", 1).to_i
  http
end

#http_request(uri, http_authorization, route) ⇒ Object

# File 'lib/rails_keycloak_authorization.rb', line 47

def http_request(uri, http_authorization, route)
  request = Net::HTTP::Post.new(uri, {
    'Content-Type' => 'application/x-www-form-urlencoded',
    'Authorization' => http_authorization,
  })
  permission = "#{route[:controller]}_controller##{route[:action]}"
  request.body = URI.encode_www_form({
                                       audience: "#{RailsKeycloakAuthorization.keycloak_auth_client_id}",
                                       grant_type: grant_type,
                                       permission: permission,
                                       response_mode: "permissions",
                                       permission_resource_format: "id",
                                       permission_resource_matching_uri: false
                                     })
  request
end

#should_process?(request_uri) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rails_keycloak_authorization.rb', line 33

def should_process?(request_uri)
  RailsKeycloakAuthorization.match_patterns.detect do |r|
    r.match(request_uri)
  end
end

#uri(keycloak_server_url, keycloak_realm) ⇒ Object

# File 'lib/rails_keycloak_authorization.rb', line 68

def uri(keycloak_server_url, keycloak_realm)
  URI("#{keycloak_server_url}/realms/#{keycloak_realm}/protocol/openid-connect/token")
end