Contents

# frozen_string_literal: true

module Rails
  module Auth
    module ErrorPage
      # Render an error page in the event Rails::Auth::NotAuthorizedError is raised
      class Middleware
        def initialize(app, page_body: nil, json_body: { message: "Access denied" })
          raise TypeError, "page_body must be a String" unless page_body.is_a?(String)

          @app       = app
          @page_body = page_body.freeze
          @json_body = json_body.to_json
        end

        def call(env)
          @app.call(env)
        rescue Rails::Auth::NotAuthorizedError
          access_denied(env)
        end

        private

        def access_denied(env)
          case response_format(env)
          when :json
            [403, { "X-Powered-By" => "rails-auth", "Content-Type" => "application/json" }, [@json_body]]
          else
            [403, { "X-Powered-By" => "rails-auth", "Content-Type" => "text/html" }, [@page_body]]
          end
        end

        def response_format(env)
          accept_format = env["HTTP_ACCEPT"]
          return :json if accept_format && accept_format.downcase.start_with?("application/json")
          return :json if env["PATH_INFO"] && env["PATH_INFO"].end_with?(".json")

          nil
        end
      end
    end
  end
end

Version data entries

6 entries across 6 versions & 1 rubygems

Version	Path
rails-auth-3.2.0	lib/rails/auth/error_page/middleware.rb
rails-auth-3.1.0	lib/rails/auth/error_page/middleware.rb
rails-auth-3.0.0	lib/rails/auth/error_page/middleware.rb
rails-auth-2.2.2	lib/rails/auth/error_page/middleware.rb
rails-auth-2.2.1	lib/rails/auth/error_page/middleware.rb
rails-auth-2.2.0	lib/rails/auth/error_page/middleware.rb