change acceptable tokens

2025-07-28 05:26:17 +02:00 · 2022-03-28 16:35:45 +03:00 · 2022-03-28 16:35:45 +03:00 · 204629a62b
commit 204629a62b
parent c54c89baf7
3 changed files with 14 additions and 10 deletions
--- a/app/controllers/eis_billing/base_controller.rb
+++ b/app/controllers/eis_billing/base_controller.rb
@ -6,6 +6,8 @@ module EisBilling
    before_action :persistent
    before_action :authorized

+    INITIATOR = 'billing'.freeze
+
    def encode_token(payload)
      JWT.encode(payload, ENV['secret_word'])
    end
@ -19,7 +21,7 @@ module EisBilling
      if auth_header
        token = auth_header.split(' ')[1]
        begin
-          JWT.decode(token, ENV['secret_word'], true, algorithm: 'HS256')
+          JWT.decode(token, billing_secret_key, true, algorithm: 'HS256')
        rescue JWT::DecodeError
          nil
        end
@ -27,9 +29,9 @@ module EisBilling
    end

    def accessable_service
-      if decoded_token
-        decoded_token[0]['data'] == ENV['secret_access_word']
-      end
+      return decoded_token[0]['initiator'] == INITIATOR if decoded_token
+
+      false
    end

    def logged_in?
@ -40,12 +42,12 @@ module EisBilling
      render json: { message: 'Access denied' }, status: :unauthorized unless logged_in?
    end

-    def logger
-      Rails.logger
+    def billing_secret_key
+      Rails.application.credentials.config[:billing_secret]
    end

    def logger
-      @logger ||= Rails.logger
+      Rails.logger
    end

    def persistent
--- a/app/services/eis_billing/base.rb
+++ b/app/services/eis_billing/base.rb
@ -7,7 +7,7 @@ module EisBilling
      uri = URI(url)
      http = Net::HTTP.new(uri.host, uri.port)

-      unless Rails.env.development? || Rails.env.test?
+      if Rails.env.production?
        http.use_ssl = true
        http.verify_mode = OpenSSL::SSL::VERIFY_NONE
      end
--- a/config/application.yml.sample
+++ b/config/application.yml.sample
@ -235,8 +235,10 @@ registry_demo_accredited_users_url: 'http://registry.test/api/v1/accreditation_c
 a_and_aaaa_validation_timeout: '1'
 nameserver_validation_timeout: '1'

-eis_billing_system_base_url_dev: 'http://eis_billing_system:3000'
-eis_billing_system_base_url_staging: 'https://st-billing.infra.tld.ee'
+eis_billing_system_base_url: 'http://eis_billing_system:3000'
+
 secret_access_word: 'please-Give-Me-accesS'
 secret_word: 'this-secret-should-be-change'
 billing_system_integrated: 'true'
+allow_accr_endspoints: 'true'
+