/
authenticate_jwt.cr.lqd
51 lines (44 loc) · 1.66 KB
/
authenticate_jwt.cr.lqd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
class HTTP::Server::Context
property current_user : User?
end
class AuthenticateJWT < Amber::Pipe::Base
PUBLIC_PATHS = ["/", "/signin", "/session", "/signup", "/registration", "/me"]
# add the regular expressions of paths that have public access
# e.g. add paths to view instances of certain models or all paths
# within the support tree
REGEX_PATHS = [
%r(/categories(/\d+)?$),
%r(/products(/\d+)?$),
%r(/comments(/\d+)?$),
%r(/some_model_name(/\d+)?$),
%r(/support/.*$/),
]
def call(context)
token = context.params["token"]? || context.request.headers["x-jwt-token"]?
if token
payload, header = JWT.decode(token, Amber.settings.secret_key_base, JWT::Algorithm::HS256)
user = User.find_by(email: payload["email"].to_s) unless payload["email"]?.nil?
elsif user_id = context.session["user_id"]?
user = User.find user_id
end
if user
context.current_user = user
call_next(context)
else
return call_next(context) if public_path?(context.request.path, context.session["user_id"]?)
context.flash[:warning] = "Please Sign In"
context.response.headers.add "Location", "/signin"
context.response.status_code = 302
end
end
private def public_path?(path, user_id)
return true if PUBLIC_PATHS.includes?(path)
# Different strategies can be used to determine if a path is public
# Example, if /admin/* paths are the only private paths
# return false if path.starts_with?("/admin")
#
# Example, if only a few private paths exist
# return false if ["/secret", "/super/secret", "/private"].includes?(path)
REGEX_PATHS.count { |r| r.match(path) } > 0
end
end