Module: Webhookdb::API::ConnstrAuth
- Defined in:
- lib/webhookdb/api/connstr_auth.rb
Overview
Some routes allow the SHA256 hash hexdigest connection string to be used in place of normal authentication (for example, queries to the database, which are not tied to a user). Do NOT extract this automatically (like org_identifier) since we want endpoints to specify that they use the param explicitly.
Constant Summary collapse
- ALGOS =
["Sha256"].freeze
Class Method Summary collapse
Class Method Details
.find_authed(orgs, request) ⇒ Object
25 26 27 28 29 30 31 32 33 34 35 |
# File 'lib/webhookdb/api/connstr_auth.rb', line 25 def self.find_authed(orgs, request) orgs.find do |o| self.headers_desc.each do |header_name, desc| header_value = request.headers[header_name] next if header_value.blank? org_value = Digest.const_get(desc.fetch(:algo).upcase.to_sym).send(:hexdigest, o.readonly_connection_url) return o if header_value == org_value end end return nil end |
.headers_desc ⇒ Object
12 13 14 15 16 17 18 19 20 21 22 23 |
# File 'lib/webhookdb/api/connstr_auth.rb', line 12 def self.headers_desc return ALGOS.to_h do |algo| h = { required: false, algo:, description: "Hex digest of the #{algo} hash of the organization connection string, " \ "like Ruby's Digest::#{algo.upcase}.hexdigest(conn_str). " \ "Can be used in place of normal auth.", } ["Whdb-#{algo}-Conn", h] end end |