Merge remote-tracking branch 'origin/master' into repp-domains

app/controllers/repp/v1/base_controller.rb

@@ -3,6 +3,7 @@ module Repp
     class BaseController < ActionController::API
       rescue_from ActiveRecord::RecordNotFound, with: :not_found_error
       before_action :authenticate_user
+      before_action :validate_webclient_ca
       before_action :check_ip_restriction
       attr_reader :current_user
 
@@ -93,15 +94,33 @@ module Repp
       end
 
       def check_ip_restriction
-        allowed = @current_user.registrar.api_ip_white?(request.ip)
-
-        return if allowed
+        return if webclient_request?
+        return if @current_user.registrar.api_ip_white?(request.ip)
 
         @response = { code: 2202,
                       message: I18n.t('registrar.authorization.ip_not_allowed', ip: request.ip) }
         render(json: @response, status: :unauthorized)
       end
 
+      def webclient_request?
+        return if Rails.env.test?
+
+        ENV['webclient_ips'].split(',').map(&:strip).include?(request.ip)
+      end
+
+      def validate_webclient_ca
+        return unless webclient_request?
+
+        request_name = request.env['HTTP_SSL_CLIENT_S_DN_CN']
+        webclient_cn = ENV['webclient_cert_common_name'] || 'webclient'
+        return if request_name == webclient_cn
+
+        @response = { code: 2202,
+                      message: I18n.t('registrar.authorization.ip_not_allowed', ip: request.ip) }
+
+        render(json: @response, status: :unauthorized)
+      end
+
       def not_found_error
         @response = { code: 2303, message: 'Object does not exist' }
         render(json: @response, status: :not_found)

app/controllers/repp/v1/domains/renews_controller.rb

@@ -0,0 +1,65 @@
+module Repp
+  module V1
+    module Domains
+      class RenewsController < BaseController
+        before_action :validate_renew_period, only: [:bulk_renew]
+        before_action :select_renewable_domains, only: [:bulk_renew]
+
+        def bulk_renew
+          renew = run_bulk_renew_task(@domains, bulk_renew_params[:renew_period])
+          return render_success(data: { updated_domains: @domains.map(&:name) }) if renew.valid?
+
+          @epp_errors << { code: 2002,
+                           msg: renew.errors.keys.map { |k, _v| renew.errors[k] }.join(', ') }
+          handle_errors
+        end
+
+        private
+
+        def validate_renew_period
+          @epp_errors ||= []
+          periods = Depp::Domain::PERIODS.map { |p| p[1] }
+          return if periods.include? bulk_renew_params[:renew_period]
+
+          @epp_errors << { code: 2005, msg: 'Invalid renew period' }
+        end
+
+        def select_renewable_domains
+          @epp_errors ||= []
+
+          if bulk_renew_params[:domains].instance_of?(Array)
+            @domains = bulk_renew_domains
+          else
+            @epp_errors << { code: 2005, msg: 'Domains attribute must be an array' }
+          end
+
+          return handle_errors if @epp_errors.any?
+        end
+
+        def run_bulk_renew_task(domains, period)
+          ::Domains::BulkRenew::Start.run(domains: domains, period_element: period,
+                                          registrar: current_user.registrar)
+        end
+
+        def bulk_renew_params
+          params do
+            params.require(%i[domains renew_period])
+            params.permit(:domains, :renew_period)
+          end
+        end
+
+        def bulk_renew_domains
+          @epp_errors ||= []
+          domains = []
+          bulk_renew_params[:domains].each do |idn|
+            domain = Epp::Domain.find_by(name: idn)
+            domains << domain if domain
+            @epp_errors << { code: 2304, msg: "Object does not exist: #{idn}" } unless domain
+          end
+
+          domains
+        end
+      end
+    end
+  end
+end