Class: ShopifyClient::Cookieless::Middleware

Inherits:

Object

• Object
• ShopifyClient::Cookieless::Middleware

Defined in:

lib/shopify-client/cookieless/middleware.rb

Overview

Rack middleware implementing cookieless authentication with App Bridge session tokens.

Returns a 401 response if a request is unauthorised.

Instance Method Summary

• #call(env) ⇒ Object
• #initialize(app, is_authenticated: ->(env) { true }) ⇒ Middleware constructor

  A new instance of Middleware.

Constructor Details

#initialize(app, is_authenticated: ->(env) { true }) ⇒ Middleware

Returns a new instance of Middleware.

Parameters:

• app (#call)
• is_authenticated (#call) (defaults to: ->(env) { true }) —

  predicate for deciding when the request should be checked

# File 'lib/shopify-client/cookieless/middleware.rb', line 15

def initialize(app, is_authenticated: ->(env) { true })
  @app = app

  @is_authenticated = is_authenticated
end

Instance Method Details

#call(env) ⇒ Object

Parameters:

• env (Hash)
• Array<Integer, (Array<Integer, Hash{String => String}, Array<String>]) —

  Hash=> String, Array<String>]

# File 'lib/shopify-client/cookieless/middleware.rb', line 24

def call(env)
  CheckHeader.new.(env) if @is_authenticated.(env)

  @app.call(env)
rescue UnauthorisedError
  Rack::Response.new do |response|
    response.status = 401
    response.set_header('Content-Type', 'application/json')
    response.write({
      error: 'Invalid session token',
    }.to_json)
  end.to_a
end