The SslRequirement module contains the entire SSL requirement logic:
module SslRequirement
def self.included(controller)
controller.extend(ClassMethods)
controller.before_filter(:ensure_proper_protocol)
end
module ClassMethods
def ssl_required(*actions)
88 | Chapter 3: Rails Plugins
write_inheritable_array(:ssl_required_actions, actions)
end
def ssl_allowed(*actions)
write_inheritable_array(:ssl_allowed_actions, actions)
end
end
protected
def ssl_required?
(self.class.read_inheritable_attribute(:ssl_required_actions) || []).
include?(action_name.to_sym)
end
def ssl_allowed?
(self.class.read_inheritable_attribute(:ssl_allowed_actions) || []).
include?(action_name.to_sym)
end
private
def ensure_proper_protocol
return true if ssl_allowed?
if ssl_required? && !request.ssl?
redirect_to "https://" + request.host + request.request_uri
return false
elsif request.ssl? && !ssl_required?
redirect_to "http://" + request.host + request.request_uri
return false
end
end
end
Again, the SslRequirement.included method is triggered when SslRequirement is
included in a controller class. The included method does two things here. First, it
extends the controller with the SslRequirement::ClassMethods module, to include the
ssl_required and ssl_allowed class methods. This is a common Ruby idiom for adding
class methods, and it is required because module methods of an included module do
not become class methods of the including class.
Pages:
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141