1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
5 # Perform api_token checking very early in the request process. We want to do
6 # this in the Rack stack instead of in ApplicationController because
7 # websockets needs access to authentication but doesn't use any of the rails
8 # active dispatch infrastructure.
11 # Create a new ArvadosApiToken handler
12 # +app+ The next layer of the Rack stack.
13 def initialize(app = nil, options = nil)
14 @app = app.respond_to?(:call) ? app : nil
18 request = Rack::Request.new(env)
19 params = request.params
20 remote_ip = env["action_dispatch.remote_ip"]
22 Thread.current[:request_starttime] = Time.now
23 Thread.current[:supplied_token] =
24 params["api_token"] ||
25 params["oauth_token"] ||
26 env["HTTP_AUTHORIZATION"].andand.
27 match(/(OAuth2|Bearer) ([-\/a-zA-Z0-9]+)/).andand[2]
29 auth = ApiClientAuthorization.
30 validate(token: Thread.current[:supplied_token], remote: false)
32 auth.last_used_at = Time.now
33 auth.last_used_by_ip_address = remote_ip.to_s
34 auth.save validate: false
37 Thread.current[:api_client_ip_address] = remote_ip
38 Thread.current[:api_client_authorization] = auth
39 Thread.current[:api_client_uuid] = auth.andand.api_client.andand.uuid
40 Thread.current[:api_client] = auth.andand.api_client
41 Thread.current[:user] = auth.andand.user