lib/faye/authentication.rb in faye-authentication-0.4.0 vs lib/faye/authentication.rb in faye-authentication-1.6.0

@@ -1,14 +1,18 @@
 require 'jwt'
+require 'faye/mixins/logging'
 require 'faye/authentication/version'
 require 'faye/authentication/server_extension'
 require 'faye/authentication/client_extension'
 require 'faye/authentication/http_client'
 require 'faye/authentication/engine'
 
 module Faye
   module Authentication
+
+    extend Faye::Logging
+
     class AuthError < StandardError; end
     class ExpiredError < AuthError; end
     class PayloadError < AuthError; end
 
     # Return jwt signature, pass hash of payload including channel and client_id
@@ -17,29 +21,37 @@
       JWT.encode(payload.merge(exp: options[:expires_at].to_i), secret, options[:algorithm])
     end
 
     # Return signed payload or raise
     def self.decode(signature, secret)
-      payload, _ = JWT.decode(signature, secret) rescue raise(AuthError)
-      raise ExpiredError if Time.at(payload['exp'].to_i) < Time.now
+      payload, _ = JWT.decode(signature, secret)
       payload
+    rescue JWT::ExpiredSignature
+      raise ExpiredError
+    rescue
+      raise AuthError
     end
 
     # Return true if signature is valid and correspond to channel and clientId or raise
     def self.validate(signature, channel, clientId, secret)
       payload = self.decode(signature, secret)
       raise PayloadError if channel.to_s.empty? || clientId.to_s.empty?
       raise PayloadError unless channel == payload['channel'] && clientId == payload['clientId']
       true
     end
 
-    def self.authentication_required?(message)
+    def self.authentication_required?(message, options = {})
       subscription_or_channel = message['subscription'] || message['channel']
-      !public_channel?(subscription_or_channel) && (message['channel'] == '/meta/subscribe' || (!(message['channel'].start_with?('/meta/'))))
-    end
-
-    def self.public_channel?(channel)
-      channel.start_with?('/public/') and not channel.include?('*')
+      return false unless (message['channel'] == '/meta/subscribe' || (!(message['channel'].start_with?('/meta/'))))
+      whitelist_proc = options[:whitelist]
+      if whitelist_proc
+        begin
+          return !whitelist_proc.call(subscription_or_channel)
+        rescue => e
+          error("Error caught when evaluating whitelist lambda : #{e.message}")
+        end
+      end
+      true
     end
 
   end
 end