Make API key auth togglable [SCI-6968]

2025-10-03 18:35:36 +08:00 · 2024-05-24 14:55:48 +02:00 · 2024-05-24 14:55:48 +02:00 · eae0587699
commit eae0587699
parent 2781295325
4 changed files with 9 additions and 1 deletions
--- a/app/controllers/concerns/token_authentication.rb
+++ b/app/controllers/concerns/token_authentication.rb
@ -21,6 +21,8 @@ module TokenAuthentication
  end

  def authenticate_with_api_key
+    return unless Rails.configuration.x.core_api_key_enabled
+
    @api_key = request.headers['Api-Key']
    return unless @api_key

--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -629,6 +629,10 @@ class User < ApplicationRecord
      %w(id due_date age results status archived assigned tags comments)
  end

+  def api_key_enabled?
+    Rails.configuration.x.core_api_key_enabled
+  end
+
  protected

  def confirmation_required?
--- a/app/views/users/registrations/edit.html.erb
+++ b/app/views/users/registrations/edit.html.erb
@ -36,7 +36,7 @@
      </div>
      <%= render partial: 'users/registrations/edit_partials/2fa' %>

-      <% if Rails.application.config.x.core_api_v1_enabled %>
+      <% if current_user.api_key_enabled? %>
        <%= render partial: 'users/registrations/edit_partials/api_key' %>
      <% end %>
   </div>
--- a/config/initializers/api.rb
+++ b/config/initializers/api.rb
@ -12,4 +12,6 @@ Rails.application.configure do
  config.x.core_api_v1_enabled = ENV['CORE_API_V1_ENABLED'] || false

  config.x.core_api_v2_enabled = ENV['CORE_API_V2_ENABLED'] || false
+
+  config.x.core_api_key_enabled = ENV['CORE_API_KEY_ENABLED'] || false
 end