# Class BSV::Auth::AuthMiddleware <a id="class-BSV-Auth-AuthMiddleware"></a>

**Inherits:** `Object`

Rack middleware providing BRC-104 server-side authentication.

Intercepts three categories of request:

1.  +POST /.well-known/auth+ — BRC-31 handshake (initialRequest,
    certificateRequest, etc.). Delegates to an internal {Peer} instance via
    {BridgeTransport}.

2.  Requests carrying <code>x-bsv-auth-*</code> headers — general
    authenticated messages. Verifies the signature, calls the downstream app,
    and signs the response.

3.  Everything else — passed through to the downstream app unchanged.

**@example Mounting in a Rack application**
```ruby
use BSV::Auth::AuthMiddleware, wallet: my_wallet
```

## Constants
### `AUTH_ENDPOINT` <a id="constant-AUTH_ENDPOINT"></a> <a id="AUTH_ENDPOINT-constant"></a>
Well-known path for BRC-31 handshake messages.

### `HTTP_PREFIX` <a id="constant-HTTP_PREFIX"></a> <a id="HTTP_PREFIX-constant"></a>
Rack env prefix for HTTP headers.

### `PATH_INFO` <a id="constant-PATH_INFO"></a> <a id="PATH_INFO-constant"></a>
Rack env key for the URL path.

### `QUERY_STRING` <a id="constant-QUERY_STRING"></a> <a id="QUERY_STRING-constant"></a>
Rack env key for the query string.

### `RACK_INPUT` <a id="constant-RACK_INPUT"></a> <a id="RACK_INPUT-constant"></a>
Rack env key for the request input IO.

### `REQUEST_METHOD` <a id="constant-REQUEST_METHOD"></a> <a id="REQUEST_METHOD-constant"></a>
Rack env key for the HTTP method.

## Public Instance Methods
### `call(env)` <a id="method-i-call"></a> <a id="call-instance_method"></a>
Processes a Rack request.
- **@param** `env` [Hash] Rack environment
- **@return** [Array] Rack response triplet [status, headers, body]

### `initialize(app, wallet:, session_manager: = nil, certificates_to_request: = nil)` <a id="method-i-initialize"></a> <a id="initialize-instance_method"></a>
- **@param** `app` [#call] downstream Rack application
- **@param** `wallet` [BSV::Wallet::Interface] server wallet for signing and verification
- **@param** `session_manager` [SessionManager, nil] optional; defaults to a new SessionManager
- **@param** `certificates_to_request` [Hash, nil] optional certificate requirements
- **@return** [AuthMiddleware] a new instance of AuthMiddleware
