yiffspace-auth 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/yiffspace/auth/helper.rb +42 -8
- data/lib/yiffspace/auth/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1f5aee7054914b1cde58a8f4c83fc06d965c193afdb25acb1da500898a276e09
|
|
4
|
+
data.tar.gz: 2f61fd4c8f81f28e604fb5ba9c1570b5e5ae689e3d452bf7c11a3ea97ca0e88c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 11e9fdc2a871e7873010e4aba4911909dd49ffb463ce7fe8348fe8f20f0fe740283ad10449126084278d09e8937ff991c02d1a04fc749e9d7418b5749b95cef4
|
|
7
|
+
data.tar.gz: 9e84e8b6df2a18886760cb304fe9762cb8383dcdd2c23a620873bb5c33887eb3097b19a5d53b6207b486651e14fa8c1da58c4108e4d24056c2a243b8280425df
|
|
@@ -1,12 +1,20 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require("active_support/concern")
|
|
4
|
+
require("securerandom")
|
|
4
5
|
|
|
5
6
|
module YiffSpace
|
|
6
7
|
module Auth
|
|
7
8
|
module Helper
|
|
8
9
|
extend(ActiveSupport::Concern)
|
|
9
10
|
|
|
11
|
+
# auth/user session values (raw Discord profile + OIDC token claims) can easily exceed a
|
|
12
|
+
# cookie's ~4KB limit, so the session cookie itself only holds an opaque pointer - the real
|
|
13
|
+
# payload lives in Rails.cache (already a hard dependency of this module, see
|
|
14
|
+
# #sync_auth_if_dirty! below), keyed off that pointer.
|
|
15
|
+
SESSION_CACHE_KEY = "yiffspace:auth:session:%s"
|
|
16
|
+
SESSION_CACHE_TTL = 30.days
|
|
17
|
+
|
|
10
18
|
module ClassMethods
|
|
11
19
|
def set_client_name(name) # rubocop:disable Naming/AccessorMethodName
|
|
12
20
|
before_action do |controller|
|
|
@@ -27,7 +35,7 @@ module YiffSpace
|
|
|
27
35
|
end
|
|
28
36
|
|
|
29
37
|
def auth_raw
|
|
30
|
-
|
|
38
|
+
read_session_cache(auth_client_config.auth_session_key)
|
|
31
39
|
end
|
|
32
40
|
|
|
33
41
|
def auth
|
|
@@ -41,16 +49,16 @@ module YiffSpace
|
|
|
41
49
|
end
|
|
42
50
|
|
|
43
51
|
def auth=(value)
|
|
44
|
-
value
|
|
45
|
-
|
|
52
|
+
value = nil if value.is_a?(AuthInfo::Anonymous)
|
|
53
|
+
write_session_cache(auth_client_config.auth_session_key, value&.to_session)
|
|
46
54
|
end
|
|
47
55
|
|
|
48
56
|
def reset_auth!
|
|
49
|
-
|
|
57
|
+
write_session_cache(auth_client_config.auth_session_key, nil)
|
|
50
58
|
end
|
|
51
59
|
|
|
52
60
|
def user_raw
|
|
53
|
-
|
|
61
|
+
read_session_cache(auth_client_config.user_session_key)
|
|
54
62
|
end
|
|
55
63
|
|
|
56
64
|
def user
|
|
@@ -64,12 +72,12 @@ module YiffSpace
|
|
|
64
72
|
end
|
|
65
73
|
|
|
66
74
|
def user=(value)
|
|
67
|
-
value
|
|
68
|
-
|
|
75
|
+
value = nil if value.is_a?(UserInfo::Anonymous)
|
|
76
|
+
write_session_cache(auth_client_config.user_session_key, value&.to_session)
|
|
69
77
|
end
|
|
70
78
|
|
|
71
79
|
def reset_user!
|
|
72
|
-
|
|
80
|
+
write_session_cache(auth_client_config.user_session_key, nil)
|
|
73
81
|
end
|
|
74
82
|
|
|
75
83
|
def full_reset!
|
|
@@ -148,6 +156,32 @@ module YiffSpace
|
|
|
148
156
|
request.env[CLIENT_NAME_ENV] = value.to_sym
|
|
149
157
|
end
|
|
150
158
|
|
|
159
|
+
private
|
|
160
|
+
|
|
161
|
+
def read_session_cache(session_key)
|
|
162
|
+
token = session[session_key]
|
|
163
|
+
return nil if token.blank?
|
|
164
|
+
|
|
165
|
+
Rails.cache.read(format(SESSION_CACHE_KEY, token))
|
|
166
|
+
end
|
|
167
|
+
|
|
168
|
+
# A fresh token is minted on every write (rather than reusing/refreshing the existing one)
|
|
169
|
+
# so a stale token left over from a previous login can never be replayed to read whatever
|
|
170
|
+
# happens to be written at that cache key next.
|
|
171
|
+
def write_session_cache(session_key, value)
|
|
172
|
+
old_token = session[session_key]
|
|
173
|
+
Rails.cache.delete(format(SESSION_CACHE_KEY, old_token)) if old_token.present?
|
|
174
|
+
|
|
175
|
+
if value.nil?
|
|
176
|
+
session.delete(session_key)
|
|
177
|
+
return
|
|
178
|
+
end
|
|
179
|
+
|
|
180
|
+
token = SecureRandom.hex(32)
|
|
181
|
+
Rails.cache.write(format(SESSION_CACHE_KEY, token), value, expires_in: SESSION_CACHE_TTL)
|
|
182
|
+
session[session_key] = token
|
|
183
|
+
end
|
|
184
|
+
|
|
151
185
|
module Scoped
|
|
152
186
|
extend(ActiveSupport::Concern)
|
|
153
187
|
include(Helper)
|