Class: Fluence::Gateway::Auth::Configuration

Inherits:
Object
  • Object
show all
Defined in:
lib/fluence/gateway/auth/configuration.rb

Overview

Process-wide configuration for fluence-gateway-auth. Access the singleton through configuration, or mutate it with configure. All settings have sane defaults except hmac_secret, which must be provided either explicitly or via the GATEWAY_HMAC_SECRET environment variable.

Examples:

Minimal initializer

Fluence::Gateway::Auth.configure do |config|
  config.hmac_secret = ENV.fetch('GATEWAY_HMAC_SECRET')
end

Custom user model and just-in-time provisioning

Fluence::Gateway::Auth.configure do |config|
  config.user_model      = 'Account'
  config.scope_name      = :member
  config.subject_column  = :gateway_subject
  config.on_missing_user = ->(subject:, email:, **) do
    Account.create!(gateway_subject: subject, email: email)
  end
end

Constant Summary collapse

SCOPE_NAME_PATTERN =

Regex every configuration-derived Ruby identifier must match: lowercase letters, digits and underscores, never starting with a digit. Applied to #scope_name and #subject_column to keep generated method names safe.

/\A[a-z_][a-z0-9_]*\z/

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializevoid

Initialises with the gem's baseline defaults. Called once per process by Fluence::Gateway::Auth.configuration.

Instance Attribute Details

#hmac_secretString

Resolves the HMAC secret used to verify gateway signatures. Reads from the explicit value set via #hmac_secret=, falling back to ENV['GATEWAY_HMAC_SECRET'].

Returns:

  • (String)

    the non-empty secret.

Raises:

#on_missing_user#call?

Just-in-time user provisioning hook.

Returns:

  • (#call, nil)

    optional callable invoked when the subject lookup returns nothing. Called with keyword arguments subject:, email:, first_name:, last_name:, scopes:, client_id:; must return the provisioned record or nil to fall back to a 401 response.

#skip_middlewareBoolean

Bypass for HMAC verification in tests.

When true, Middleware#call short-circuits and forwards requests unchecked. TestHelpers flips this to true at load time — never enable it in production.

Returns:

  • (Boolean)

    default: false.

#subject_columnSymbol

Column on #user_model used to look up the current user.

Returns:

  • (Symbol)

    column on #user_model matched against the X-User-Id header (default: :gateway_subject).

#user_modelString

Class name of the model used to resolve the current user.

Returns:

  • (String)

    fully qualified class name of the model used to resolve the current user (default: 'User').

Instance Method Details

#scope_nameSymbol

Scope name used to derive the controller helper names current_<scope>, authenticate_<scope>! and <scope>_signed_in?.

If no explicit override was set via #scope_name=, the value is derived once from user_model.demodulize.underscore.

Returns:

  • (Symbol)

    the resolved scope name.

Raises:

#scope_name=(value) ⇒ Symbol

Overrides the scope name. Useful when the value derived from #user_model is not the helper name you want.

Parameters:

Returns:

  • (Symbol)

    the stored value.

Raises: