Class: Pakyow::Security::Base

Inherits:

Object

• Object
• Pakyow::Security::Base

Includes:

Support::Hookable

Defined in:

lib/pakyow/security/base.rb

Direct Known Subclasses

CSRF::VerifyAuthenticityToken, CSRF::VerifySameOrigin

Constant Summary

SAFE_HTTP_METHODS =

%i(get head options trace).freeze

Instance Method Summary

• #allowed?(_) ⇒ Boolean
• #call(connection) ⇒ Object
• #initialize(config) ⇒ Base constructor

  A new instance of Base.

• #reject(connection) ⇒ Object
• #safe?(connection) ⇒ Boolean

Constructor Details

#initialize(config) ⇒ Base

Returns a new instance of Base.

# File 'lib/pakyow/security/base.rb', line 15

def initialize(config)
  @config = config
end

Instance Method Details

#allowed?(_) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/pakyow/security/base.rb', line 42

def allowed?(_)
  false
end

#call(connection) ⇒ Object

# File 'lib/pakyow/security/base.rb', line 19

def call(connection)
  unless safe?(connection) || allowed?(connection)
    reject(connection)
  end

  connection
end

#reject(connection) ⇒ Object

# File 'lib/pakyow/security/base.rb', line 27

def reject(connection)
  performing :reject do
    connection.logger.warn "Request rejected by #{self.class}; connection: #{connection.inspect}"

    connection.status = 403
    connection.body = StringIO.new("Forbidden")

    raise InsecureRequest
  end
end

#safe?(connection) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/pakyow/security/base.rb', line 38

def safe?(connection)
  SAFE_HTTP_METHODS.include? connection.method
end