class TokenHash def self.encode(auth_token_hash,user_id) obj = {} obj["auth_token"] = auth_token_hash obj["user_id"] = user_id #Lasts a 4th of the time as the db tokens obj["exp"] = ::Time.now.to_i() + ::Settings.expire_time*15 return ::JWT.encode(obj,::Rails.application.secrets.secret_key_base) end def self.decode(params,request,response) instance_hash = nil auth_token_obj = ::Arcadex::Header.grab_param_header(params,request,::Settings.token_header,false) begin # Try JWT token jwt = ::JWT.decode(auth_token_obj,::Rails.application.secrets.secret_key_base) token = jwt[0] return make_hash(token["user_id"],token["auth_token"]) rescue ::JWT::ExpiredSignature return handle_expired(auth_token_obj,params,request,response) rescue ::JWT::DecodeError return handle_abnormal(auth_token_obj,params,request,response) end end def self.handle_expired(auth_token_obj,params,request,response) # Token expired, destroy arcadex token jwt = ::JWT.decode(auth_token_obj,::Rails.application.secrets.secret_key_base,true,{verify_expiration: false}) token = jwt[0] # This is nil if the db_token is expired db_token = ::Arcadex::Find.find_token_by_auth_token(token["auth_token"]) if db_token.nil? return nil else if ::Settings.revalidate_tokens == "true" # Send a new JWT back to the user since the db_token is still valid new_token = encode(db_token.auth_token,token["user_id"]) response.headers[::Settings.token_header] = new_token return make_hash(token["user_id"],token["auth_token"]) else db_token.destroy return nil end end end def self.handle_abnormal(auth_token_obj,params,request,response) # Try Arcadex token instance_hash = ::Arcadex::Authentication.get_instance(params,request,::Settings.token_header) if !instance_hash.nil? instance_hash["auth_token"] = nil end return instance_hash end def self.make_hash(user_id,auth_token) instance_hash = {} instance_hash["current_owner"] = nil instance_hash["current_token"] = nil instance_hash["user_id"] = user_id instance_hash["auth_token"] = auth_token return instance_hash end end