2018-08-17 17:59:47 +08:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-08-30 00:49:07 +08:00
|
|
|
module Api
|
2018-01-26 20:34:38 +08:00
|
|
|
class ApiController < ActionController::API
|
2017-08-30 00:49:07 +08:00
|
|
|
attr_reader :iss
|
|
|
|
attr_reader :token
|
|
|
|
attr_reader :current_user
|
|
|
|
|
2018-08-17 17:59:47 +08:00
|
|
|
before_action :authenticate_request!, except: %i(status health)
|
2017-08-30 00:49:07 +08:00
|
|
|
|
2017-09-01 22:36:45 +08:00
|
|
|
rescue_from StandardError do |e|
|
|
|
|
logger.error e.message
|
2018-07-24 20:21:33 +08:00
|
|
|
logger.error e.backtrace.join("\n")
|
2017-08-30 00:49:07 +08:00
|
|
|
render json: {}, status: :bad_request
|
|
|
|
end
|
|
|
|
|
2018-07-24 20:21:33 +08:00
|
|
|
rescue_from JWT::DecodeError,
|
|
|
|
JWT::InvalidPayload,
|
|
|
|
JWT::VerificationError do |e|
|
2017-09-01 22:36:45 +08:00
|
|
|
logger.error e.message
|
2017-08-30 00:49:07 +08:00
|
|
|
render json: { message: I18n.t('api.core.invalid_token') },
|
|
|
|
status: :unauthorized
|
|
|
|
end
|
|
|
|
|
2018-07-24 20:21:33 +08:00
|
|
|
rescue_from JWT::ExpiredSignature do |e|
|
|
|
|
logger.error e.message
|
|
|
|
render json: { message: I18n.t('api.core.expired_token') },
|
|
|
|
status: :unauthorized
|
|
|
|
end
|
|
|
|
|
2017-08-30 00:49:07 +08:00
|
|
|
def initialize
|
|
|
|
super
|
|
|
|
@iss = nil
|
|
|
|
end
|
|
|
|
|
2018-01-22 23:52:48 +08:00
|
|
|
def health
|
2018-08-17 22:13:21 +08:00
|
|
|
User.new && Team.new && Project.new
|
|
|
|
User.first if params[:db]
|
2019-05-31 21:52:47 +08:00
|
|
|
if Rails.application.secrets.system_notifications_uri.present? &&
|
|
|
|
Rails.application.secrets.system_notifications_channel.present? &&
|
|
|
|
!Notifications::SyncSystemNotificationsService.available?
|
|
|
|
return render plain: 'SYSTEM NOTIFICATIONS SERVICE CHECK FAILED', status: :error
|
|
|
|
end
|
2018-01-22 23:52:48 +08:00
|
|
|
render plain: 'RUNNING'
|
|
|
|
end
|
|
|
|
|
2017-08-30 00:49:07 +08:00
|
|
|
def status
|
|
|
|
response = {}
|
|
|
|
response[:message] = I18n.t('api.core.status_ok')
|
|
|
|
response[:versions] = []
|
|
|
|
Extends::API_VERSIONS.each do |ver|
|
|
|
|
response[:versions] << { version: ver, baseUrl: "/api/#{ver}/" }
|
|
|
|
end
|
|
|
|
render json: response, status: :ok
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
2018-07-24 20:21:33 +08:00
|
|
|
def azure_jwt_auth
|
|
|
|
return unless iss =~ %r{windows.net/|microsoftonline.com/}
|
|
|
|
token_payload, = Api::AzureJwt.decode(token)
|
|
|
|
@current_user = User.from_azure_jwt_token(token_payload)
|
|
|
|
unless current_user
|
2018-11-28 21:14:45 +08:00
|
|
|
raise JWT::InvalidPayload, I18n.t('api.core.no_azure_user_mapping')
|
2018-07-24 20:21:33 +08:00
|
|
|
end
|
2017-08-30 00:49:07 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
def authenticate_request!
|
2018-08-17 17:59:47 +08:00
|
|
|
@token = request.headers['Authorization']&.sub('Bearer ', '')
|
2018-11-28 21:14:45 +08:00
|
|
|
unless @token
|
|
|
|
raise JWT::VerificationError, I18n.t('api.core.missing_token')
|
|
|
|
end
|
2018-08-17 17:59:47 +08:00
|
|
|
|
|
|
|
@iss = CoreJwt.read_iss(token)
|
2018-11-28 21:14:45 +08:00
|
|
|
raise JWT::InvalidPayload, I18n.t('api.core.no_iss') unless @iss
|
2018-08-17 17:59:47 +08:00
|
|
|
|
2017-08-30 00:49:07 +08:00
|
|
|
Extends::API_PLUGABLE_AUTH_METHODS.each do |auth_method|
|
|
|
|
method(auth_method).call
|
|
|
|
return true if current_user
|
|
|
|
end
|
2018-07-24 20:21:33 +08:00
|
|
|
|
|
|
|
# Default token implementation
|
|
|
|
unless iss == Api.configuration.core_api_token_iss
|
2018-11-28 21:14:45 +08:00
|
|
|
raise JWT::InvalidPayload, I18n.t('api.core.wrong_iss')
|
2018-07-24 20:21:33 +08:00
|
|
|
end
|
2017-08-30 00:49:07 +08:00
|
|
|
payload = CoreJwt.decode(token)
|
2018-10-28 21:34:51 +08:00
|
|
|
@current_user = User.find_by_id(payload['sub'])
|
2018-07-24 20:21:33 +08:00
|
|
|
unless current_user
|
2018-11-28 21:14:45 +08:00
|
|
|
raise JWT::InvalidPayload, I18n.t('api.core.no_user_mapping')
|
2018-07-24 20:21:33 +08:00
|
|
|
end
|
2017-08-30 00:49:07 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
def auth_params
|
|
|
|
params.permit(:grant_type, :email, :password)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|