scinote-web/app/controllers/api/api_controller.rb

# frozen_string_literal: true

module Api
  class ApiController < ActionController::API
    attr_reader :iss
    attr_reader :token
    attr_reader :current_user

    before_action :authenticate_request!, except: %i(status health)

    rescue_from StandardError do |e|
      logger.error e.message
      logger.error e.backtrace.join("\n")
      render json: {}, status: :bad_request
    end

    rescue_from JWT::DecodeError,
                JWT::InvalidPayload,
                JWT::VerificationError do |e|
      logger.error e.message
      render json: { message: I18n.t('api.core.invalid_token') },
             status: :unauthorized
    end

    rescue_from JWT::ExpiredSignature do |e|
      logger.error e.message
      render json: { message: I18n.t('api.core.expired_token') },
             status: :unauthorized
    end

    def initialize
      super
      @iss = nil
    end

    def health
      User.new && Team.new && Project.new
      User.first if params[:db]
      if Rails.application.secrets.system_notifications_uri.present? &&
         Rails.application.secrets.system_notifications_channel.present? &&
         !Notifications::SyncSystemNotificationsService.available?
        return render plain: 'SYSTEM NOTIFICATIONS SERVICE CHECK FAILED', status: :error
      end
      render plain: 'RUNNING'
    end

    def status
      response = {}
      response[:message] = I18n.t('api.core.status_ok')
      response[:versions] = []
      Extends::API_VERSIONS.each do |ver|
        response[:versions] << { version: ver, baseUrl: "/api/#{ver}/" }
      end
      render json: response, status: :ok
    end

    private

    def azure_jwt_auth
      return unless iss =~ %r{windows.net/|microsoftonline.com/}
      token_payload, = Api::AzureJwt.decode(token)
      @current_user = User.from_azure_jwt_token(token_payload)
      unless current_user
        raise JWT::InvalidPayload, I18n.t('api.core.no_azure_user_mapping')
      end
    end

    def authenticate_request!
      @token = request.headers['Authorization']&.sub('Bearer ', '')
      unless @token
        raise JWT::VerificationError, I18n.t('api.core.missing_token')
      end

      @iss = CoreJwt.read_iss(token)
      raise JWT::InvalidPayload, I18n.t('api.core.no_iss') unless @iss

      Extends::API_PLUGABLE_AUTH_METHODS.each do |auth_method|
        method(auth_method).call
        return true if current_user
      end

      # Default token implementation
      unless iss == Rails.configuration.x.core_api_token_iss
        raise JWT::InvalidPayload, I18n.t('api.core.wrong_iss')
      end
      payload = CoreJwt.decode(token)
      @current_user = User.find_by_id(payload['sub'])
      unless current_user
        raise JWT::InvalidPayload, I18n.t('api.core.no_user_mapping')
      end
    end

    def auth_params
      params.permit(:grant_type, :email, :password)
    end
  end
end
Add OAuth2 provider [SCI-2515] 2018-08-17 17:59:47 +08:00			`# frozen_string_literal: true`

Backport API to Rails-4 [SCI-1579] 2017-08-30 00:49:07 +08:00			`module Api`
Change base class for API controller [SCI-1966] 2018-01-26 20:34:38 +08:00			`class ApiController < ActionController::API`
Backport API to Rails-4 [SCI-1579] 2017-08-30 00:49:07 +08:00			`attr_reader :iss`
			`attr_reader :token`
			`attr_reader :current_user`

Add OAuth2 provider [SCI-2515] 2018-08-17 17:59:47 +08:00			`before_action :authenticate_request!, except: %i(status health)`
Backport API to Rails-4 [SCI-1579] 2017-08-30 00:49:07 +08:00
Improve error logging [GIOT-31] 2017-09-01 22:36:45 +08:00			`rescue_from StandardError do \|e\|`
			`logger.error e.message`
Adds API authentication with Azure AD [SCI-2608] 2018-07-24 20:21:33 +08:00			`logger.error e.backtrace.join("\n")`
Backport API to Rails-4 [SCI-1579] 2017-08-30 00:49:07 +08:00			`render json: {}, status: :bad_request`
			`end`

Adds API authentication with Azure AD [SCI-2608] 2018-07-24 20:21:33 +08:00			`rescue_from JWT::DecodeError,`
			`JWT::InvalidPayload,`
			`JWT::VerificationError do \|e\|`
Improve error logging [GIOT-31] 2017-09-01 22:36:45 +08:00			`logger.error e.message`
Backport API to Rails-4 [SCI-1579] 2017-08-30 00:49:07 +08:00			`render json: { message: I18n.t('api.core.invalid_token') },`
			`status: :unauthorized`
			`end`

Adds API authentication with Azure AD [SCI-2608] 2018-07-24 20:21:33 +08:00			`rescue_from JWT::ExpiredSignature do \|e\|`
			`logger.error e.message`
			`render json: { message: I18n.t('api.core.expired_token') },`
			`status: :unauthorized`
			`end`

Backport API to Rails-4 [SCI-1579] 2017-08-30 00:49:07 +08:00			`def initialize`
			`super`
			`@iss = nil`
			`end`

Add health check endpoint to API controller [SCI-1970] 2018-01-22 23:52:48 +08:00			`def health`
Improve health check endpoint [SCI-2604] 2018-08-17 22:13:21 +08:00			`User.new && Team.new && Project.new`
			`User.first if params[:db]`
Add system notifications service to health check endpoint [SCI-3522] 2019-05-31 21:52:47 +08:00			`if Rails.application.secrets.system_notifications_uri.present? &&`
			`Rails.application.secrets.system_notifications_channel.present? &&`
			`!Notifications::SyncSystemNotificationsService.available?`
			`return render plain: 'SYSTEM NOTIFICATIONS SERVICE CHECK FAILED', status: :error`
			`end`
Add health check endpoint to API controller [SCI-1970] 2018-01-22 23:52:48 +08:00			`render plain: 'RUNNING'`
			`end`

Backport API to Rails-4 [SCI-1579] 2017-08-30 00:49:07 +08:00			`def status`
			`response = {}`
			`response[:message] = I18n.t('api.core.status_ok')`
			`response[:versions] = []`
			`Extends::API_VERSIONS.each do \|ver\|`
			`response[:versions] << { version: ver, baseUrl: "/api/#{ver}/" }`
			`end`
			`render json: response, status: :ok`
			`end`

			`private`

Adds API authentication with Azure AD [SCI-2608] 2018-07-24 20:21:33 +08:00			`def azure_jwt_auth`
			`return unless iss =~ %r{windows.net/\|microsoftonline.com/}`
			`token_payload, = Api::AzureJwt.decode(token)`
			`@current_user = User.from_azure_jwt_token(token_payload)`
			`unless current_user`
Improve error messages and fix task users/items endpoints [SCI-2886] 2018-11-28 21:14:45 +08:00			`raise JWT::InvalidPayload, I18n.t('api.core.no_azure_user_mapping')`
Adds API authentication with Azure AD [SCI-2608] 2018-07-24 20:21:33 +08:00			`end`
Backport API to Rails-4 [SCI-1579] 2017-08-30 00:49:07 +08:00			`end`

			`def authenticate_request!`
Add OAuth2 provider [SCI-2515] 2018-08-17 17:59:47 +08:00			`@token = request.headers['Authorization']&.sub('Bearer ', '')`
Improve error messages and fix task users/items endpoints [SCI-2886] 2018-11-28 21:14:45 +08:00			`unless @token`
			`raise JWT::VerificationError, I18n.t('api.core.missing_token')`
			`end`
Add OAuth2 provider [SCI-2515] 2018-08-17 17:59:47 +08:00
			`@iss = CoreJwt.read_iss(token)`
Improve error messages and fix task users/items endpoints [SCI-2886] 2018-11-28 21:14:45 +08:00			`raise JWT::InvalidPayload, I18n.t('api.core.no_iss') unless @iss`
Add OAuth2 provider [SCI-2515] 2018-08-17 17:59:47 +08:00
Backport API to Rails-4 [SCI-1579] 2017-08-30 00:49:07 +08:00			`Extends::API_PLUGABLE_AUTH_METHODS.each do \|auth_method\|`
			`method(auth_method).call`
			`return true if current_user`
			`end`
Adds API authentication with Azure AD [SCI-2608] 2018-07-24 20:21:33 +08:00
			`# Default token implementation`
Refactor Azure configuration [SCI-4098] 2019-11-26 22:09:40 +08:00			`unless iss == Rails.configuration.x.core_api_token_iss`
Improve error messages and fix task users/items endpoints [SCI-2886] 2018-11-28 21:14:45 +08:00			`raise JWT::InvalidPayload, I18n.t('api.core.wrong_iss')`
Adds API authentication with Azure AD [SCI-2608] 2018-07-24 20:21:33 +08:00			`end`
Backport API to Rails-4 [SCI-1579] 2017-08-30 00:49:07 +08:00			`payload = CoreJwt.decode(token)`
Rename user_id to sub in JWT [SCI-2814] 2018-10-28 21:34:51 +08:00			`@current_user = User.find_by_id(payload['sub'])`
Adds API authentication with Azure AD [SCI-2608] 2018-07-24 20:21:33 +08:00			`unless current_user`
Improve error messages and fix task users/items endpoints [SCI-2886] 2018-11-28 21:14:45 +08:00			`raise JWT::InvalidPayload, I18n.t('api.core.no_user_mapping')`
Adds API authentication with Azure AD [SCI-2608] 2018-07-24 20:21:33 +08:00			`end`
Backport API to Rails-4 [SCI-1579] 2017-08-30 00:49:07 +08:00			`end`

			`def auth_params`
			`params.permit(:grant_type, :email, :password)`
			`end`
			`end`
			`end`