Sha256: c414ddaf6a13936f76f1fcb14927b19f65d1147aaa19e74d19fd58b0f07da370

Contents?: true

Size: 1.13 KB

Versions: 3

Compression:

Stored size: 1.13 KB

Contents

require 'active_support/concern'

module CableConnectionConcern
  extend ActiveSupport::Concern
  included do
    identified_by :current_user

    def connect
      self.current_user = find_verified_user
    end

    protected

    def find_verified_user 
      # this checks whether a user is authenticated with devise
      # It looks for a token in the query parameters, or in the headers
      m = request.query_parameters["token"].presence || request.headers["Authorization"].split(" ").second.strip rescue nil

      # check for m2m token
      user = User.where.not(encrypted_access_token: nil).find { |u| BCrypt::Password.new(u.encrypted_access_token) == m } rescue false
      return user if user

      # check for JWT token
      body = (::HashWithIndifferentAccess.new(::JWT.decode(m, ::Rails.application.credentials.dig(:secret_key_base).presence||ENV["SECRET_KEY_BASE"], false)[0]) rescue nil)
      verified_user = env['warden'].user.presence || User.find_by(id: body[:user_id]) rescue false
      return verified_user if verified_user

      # The Token is not m2m nor JWT, fail
      return reject_unauthorized_connection
    end
  end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version Path
thecore_backend_commons-3.2.6 config/initializers/concern_cable_connection.rb
thecore_backend_commons-3.2.5 config/initializers/concern_cable_connection.rb
thecore_backend_commons-3.2.4 config/initializers/concern_cable_connection.rb