Sha256: 255da21ac00d4096ccd2659e360cdef0f0196bf40e93bdc0e4b087f9504bb4a3

Contents?: true

Size: 914 Bytes

Versions: 4

Compression:

Stored size: 914 Bytes

Contents

module ElocalApiSupport::Authorization
  extend ActiveSupport::Concern

  included do
    before_filter :authorize!
  end

  protected

  def authorized?
    find_authorizer.authorize(authorize_request_token)
  end

  def find_authorizer
    if respond_to?(:authorizer, true)
      send(:authorizer)
    else
      DefaultAuthorizer.new(self)
    end
  end

  def error_response_hash
    { error: 'You are not an authorized user!' }.to_json
  end

  def authorize!
    return if authorized?

    Rails.logger.warn(
      format(
        'Somebody else tried to access our internal API!  Value: %s Params: %s, Headers: %s',
        authorize_request_token,
        params,
        request.headers.map { |k, _v| k }
      )
    )
    render json: error_response_hash, status: 401
  end

  def authorize_request_token
    [params[:request_token], request.headers['HTTP_X_REQUEST_TOKEN']].detect(&:present?)
  end
end

Version data entries

4 entries across 4 versions & 1 rubygems

Version Path
elocal_api_support-0.1.7 lib/elocal_api_support/authorization.rb
elocal_api_support-0.1.5 lib/elocal_api_support/authorization.rb
elocal_api_support-0.1.4 lib/elocal_api_support/authorization.rb
elocal_api_support-0.1.3 lib/elocal_api_support/authorization.rb