scinote-web/app/controllers/api/api_controller.rb

120 lines
3.5 KiB
Ruby
Raw Normal View History

# frozen_string_literal: true
2017-08-30 00:49:07 +08:00
module Api
class ApiController < ActionController::API
2017-08-30 00:49:07 +08:00
attr_reader :iss
attr_reader :token
attr_reader :current_user
before_action :load_token, except: %i(authenticate status health)
before_action :load_iss, except: %i(authenticate status health)
before_action :authenticate_request!, except: %i(authenticate status health)
2017-08-30 00:49:07 +08:00
2017-09-01 22:36:45 +08:00
rescue_from StandardError do |e|
logger.error e.message
logger.error e.backtrace.join("\n")
2017-08-30 00:49:07 +08:00
render json: {}, status: :bad_request
end
rescue_from JWT::DecodeError,
JWT::InvalidPayload,
JWT::VerificationError do |e|
2017-09-01 22:36:45 +08:00
logger.error e.message
2017-08-30 00:49:07 +08:00
render json: { message: I18n.t('api.core.invalid_token') },
status: :unauthorized
end
rescue_from JWT::ExpiredSignature do |e|
logger.error e.message
render json: { message: I18n.t('api.core.expired_token') },
status: :unauthorized
end
2017-08-30 00:49:07 +08:00
def initialize
super
@iss = nil
end
def health
render plain: 'RUNNING'
end
2017-08-30 00:49:07 +08:00
def status
response = {}
response[:message] = I18n.t('api.core.status_ok')
response[:versions] = []
Extends::API_VERSIONS.each do |ver|
response[:versions] << { version: ver, baseUrl: "/api/#{ver}/" }
end
render json: response, status: :ok
end
def authenticate
if auth_params[:grant_type] == 'password'
user = User.find_by_email(auth_params[:email])
unless user&.valid_password?(auth_params[:password])
raise StandardError, 'Default: Wrong user password'
2017-09-01 22:36:45 +08:00
end
2017-08-30 00:49:07 +08:00
payload = { user_id: user.id }
token = CoreJwt.encode(payload)
render json: { token_type: 'bearer', access_token: token }
else
raise StandardError, 'Default: Wrong grant type in request'
2017-08-30 00:49:07 +08:00
end
end
private
def load_token
2017-09-01 22:36:45 +08:00
if request.headers['Authorization']
@token =
request.headers['Authorization'].scan(/Bearer (.*)$/).flatten.last
end
raise StandardError, 'Common: No token in the header' unless @token
end
def azure_jwt_auth
return unless iss =~ %r{windows.net/|microsoftonline.com/}
token_payload, = Api::AzureJwt.decode(token)
@current_user = User.from_azure_jwt_token(token_payload)
unless current_user
raise JWT::InvalidPayload, 'Azure AD: User mapping not found'
end
2017-08-30 00:49:07 +08:00
end
def authenticate_request!
Extends::API_PLUGABLE_AUTH_METHODS.each do |auth_method|
method(auth_method).call
return true if current_user
end
# Default token implementation
unless iss == Api.configuration.core_api_token_iss
raise JWT::InvalidPayload, 'Default: Wrong ISS in the token'
end
2017-08-30 00:49:07 +08:00
payload = CoreJwt.decode(token)
@current_user = User.find_by_id(payload['user_id'])
unless current_user
raise JWT::InvalidPayload, 'Default: User mapping not found'
end
2017-08-30 00:49:07 +08:00
# Implement sliding sessions, i.e send new token in case of successful
# authorization and when tokens TTL reached specific value (to avoid token
# generation on each request)
if CoreJwt.refresh_needed?(payload)
new_token = CoreJwt.encode(user_id: current_user.id)
2017-08-30 00:49:07 +08:00
response.headers['X-Access-Token'] = new_token
end
end
def load_iss
@iss = CoreJwt.read_iss(token)
raise JWT::InvalidPayload, 'Common: Missing ISS in the token' unless @iss
2017-08-30 00:49:07 +08:00
end
def auth_params
params.permit(:grant_type, :email, :password)
end
end
end