Class: Stitches::ApiKey

Inherits:

AllowlistMiddleware

• Object
• AllowlistMiddleware
• Stitches::ApiKey

Defined in:

lib/stitches/api_key.rb

Overview

A middleware that requires an API key for certain transactions, and makes its id available in the enviornment for controllers.

This follows www.ietf.org/rfc/rfc2617.txt for use of custom authorization methods, namely the specification of an API key.

Apps are expected to set the Authorization header (available to Rack apps as the environment variable HTTP_AUTHORIZATION) to

MyInternalRealm key=<<api key>>

where MyInternalRealm is the value returned by Stitches.configuration.custom_http_auth_scheme and <<api key>> is the UUID provided to the caller. It’s expected that there is an entry in the API_CLIENTS table with this value for “key”.

If that is the case, env will be the primary key of the ApiClient that it maps to.

Method Summary

Methods inherited from AllowlistMiddleware

#call, #initialize

Constructor Details

This class inherits a constructor from Stitches::AllowlistMiddleware