Sha256: ca2f87f46d01a842f12c7a1e0e75ee99e16f1258de31b0e5fb6c6c158c827ede
Contents?: true
Size: 1.96 KB
Versions: 1
Compression:
Stored size: 1.96 KB
Contents
module Grape::Middleware::Auth
# OAuth 2.0 authorization for Grape APIs.
class OAuth2 < Grape::Middleware::Base
def default_options
{
token_class: 'AccessToken',
realm: 'OAuth API',
parameter: %w(bearer_token oauth_token access_token),
accepted_headers: %w(HTTP_AUTHORIZATION X_HTTP_AUTHORIZATION X-HTTP_AUTHORIZATION REDIRECT_X_HTTP_AUTHORIZATION),
header: [/Bearer (.*)/i, /OAuth (.*)/i],
required: true
}
end
def before
verify_token(token_parameter || token_header)
end
def request
@request ||= Grape::Request.new(env)
end
def params
@params ||= request.params
end
def token_parameter
Array(options[:parameter]).each do |p|
return params[p] if params[p]
end
nil
end
def token_header
return false unless authorization_header
Array(options[:header]).each do |regexp|
return $1 if authorization_header =~ regexp
end
nil
end
def authorization_header
options[:accepted_headers].each do |head|
return env[head] if env[head]
end
nil
end
def token_class
@klass ||= eval(options[:token_class]) # rubocop:disable Eval
end
def verify_token(token)
token = token_class.verify(token)
if token
if token.respond_to?(:expired?) && token.expired?
error_out(401, 'invalid_grant')
else
if !token.respond_to?(:permission_for?) || token.permission_for?(env)
env['api.token'] = token
else
error_out(403, 'insufficient_scope')
end
end
elsif !!options[:required]
error_out(401, 'invalid_grant')
end
end
def error_out(status, error)
throw :error,
message: error,
status: status,
headers: {
'WWW-Authenticate' => "OAuth realm='#{options[:realm]}', error='#{error}'"
}
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| grape-0.7.0 | lib/grape/middleware/auth/oauth2.rb |