Port REPP Contacts from Grape to Rails internal API

2025-07-22 10:45:58 +02:00 · 2020-10-08 15:54:23 +03:00 · 2020-10-08 15:54:23 +03:00 · aa325604f9
commit aa325604f9
parent dc8551807a
4 changed files with 194 additions and 151 deletions
--- a/app/controllers/repp/v1/base_controller.rb
+++ b/app/controllers/repp/v1/base_controller.rb
@ -0,0 +1,82 @@
+module Repp
+  module V1
+    class BaseController < ActionController::API
+      rescue_from ActiveRecord::RecordNotFound, with: :not_found_error
+      before_action :authenticate_user
+      before_action :check_ip_restriction
+
+      attr_reader :current_user
+
+      rescue_from ActionController::ParameterMissing do |exception|
+        render json: { code: 2003, message: exception }, status: :bad_request
+      end
+
+      private
+
+      def epp_errors
+        @errors ||= []
+      end
+
+      def handle_errors(obj = nil, update: false)
+        @errors ||= []
+
+        if obj
+          obj.construct_epp_errors
+          @errors += obj.errors[:epp_errors]
+        end
+
+        if update
+          @errors.each_with_index do |errors, index|
+            if errors[:code] == '2304' &&
+              errors[:value].present? &&
+              errors[:value][:val] == DomainStatus::SERVER_DELETE_PROHIBITED &&
+              errors[:value][:obj] == 'status'
+              @errors[index][:value][:val] = DomainStatus::PENDING_UPDATE
+            end
+          end
+        end
+
+        @errors.uniq!
+
+        render_epp_error
+      end
+
+      def render_epp_error
+        render(json: { code: @errors[0][:code], message: @errors[0][:msg] }, status: :bad_request)
+      end
+
+      def ip_whitelisted?
+        return false unless @api_user.registrar.api_ip_white?(request.ip)
+      end
+
+      def basic_token
+        pattern = /^Basic /
+        header  = request.headers['Authorization']
+        header.gsub(pattern, '') if header&.match(pattern)
+      end
+
+      def authenticate_user
+        username, password = Base64.urlsafe_decode64(basic_token).split(':')
+        @current_user ||= ApiUser.find_by(username: username, plain_text_password: password)
+
+        return if @current_user
+
+        render(json: { errors: [{ base: ['Not authorized'] }] }, status: :unauthorized)
+      end
+
+      def check_ip_restriction
+        ip_restriction = Authorization::RestrictedIP.new(request.ip)
+        allowed = ip_restriction.can_access_registrar_area?(@current_user.registrar)
+
+        return if allowed
+
+        flash[:alert] = t('registrar.authorization.ip_not_allowed', ip: request.ip)
+        render(json: { errors: [{ base: [I18n.t('registrar.authorization.ip_not_allowed', ip: request.ip)] }] }, status: :unauthorized)
+      end
+
+      def not_found_error
+        render(json: { code: 2303, message: 'Object does not exist' }, status: :not_found)
+      end
+    end
+  end
+end
--- a/app/controllers/repp/v1/contacts_controller.rb
+++ b/app/controllers/repp/v1/contacts_controller.rb
@ -0,0 +1,111 @@
+module Repp
+  module V1
+    class ContactsController < BaseController
+      before_action :find_contact, only: [:update]
+
+      ## GET /repp/v1/contacts
+      def index
+        limit = params[:limit] || 200
+        offset = params[:offset] || 0
+
+        record_count = current_user.registrar.contacts.count
+        contacts = current_user.registrar.contacts.limit(limit).offset(offset)
+
+        unless Contact.address_processing? && params[:details] == 'true'
+          contacts = contacts.select(Contact.attribute_names - Contact.address_attribute_names)
+        end
+
+        contacts = contacts.pluck(:code) unless params[:details]
+        resp = { contacts: contacts, total_number_of_records: record_count }
+        render(json: resp, status: :ok)
+      end
+
+      ## POST /repp/v1/contacts
+      def create
+        @legal_doc = params[:legal_documents]
+        @contact_params = contact_create_params
+        @ident = contact_ident_params
+        address_present = contact_addr_params.keys.any?
+        %w[city street zip country_code].each { |k| @contact_params[k] = contact_addr_params[k] }
+
+        @contact = Epp::Contact.new(@contact_params, current_user.registrar, epp: false)
+
+        action = Actions::ContactCreate.new(@contact, @legal_doc, @ident)
+
+        if action.call
+          if !Contact.address_processing? && address_present
+            @response_code = 1100
+            @response_description = I18n.t('epp.contacts.completed_without_address')
+          else
+            @response_code = 1000
+            @response_description = I18n.t('epp.contacts.completed')
+          end
+
+          render(json: { code: @response_code,
+                         message: @response_description,
+                         data: { contact: { id: @contact.code } } },
+                         status: :created)
+        else
+          handle_errors(@contact)
+        end
+      end
+
+      ## PUT /repp/v1/contacts/1
+      def update
+        @update = contact_create_params
+        %w[city street zip country_code].each { |k| @new_params[k] = contact_addr_params[k] }
+
+        @legal_doc = params[:legal_document]
+        @ident = contact_ident_params || {}
+        address_present = contact_addr_params.keys.any?
+        action = Actions::ContactUpdate.new(@contact, @update, @legal_doc, @ident, current_user)
+
+        if action.call
+          if !Contact.address_processing? && address_present
+            @response_code = 1100
+            @response_description = I18n.t('epp.contacts.completed_without_address')
+          else
+            @response_code = 1000
+            @response_description = I18n.t('epp.contacts.completed')
+          end
+
+          render(json: { code: @response_code,
+                         message: @response_description,
+                         data: { contact: { id: @contact.code } } },
+                         status: :ok)
+        else
+          handle_errors(@contact)
+        end
+      end
+
+      def find_contact
+        code = params[:id]
+        @contact = Epp::Contact.find_by!(code: code)
+      end
+
+      def contact_create_params
+        params.require(:contact).require(%i[name email phone])
+        params.require(:contact).permit(:name, :email, :phone)
+      end
+
+      def contact_ident_params
+        params.require(:contact).require(:ident).require(%i[ident ident_type ident_country_code])
+        params.require(:contact).require(:ident).permit(:ident, :ident_type, :ident_country_code)
+      end
+
+      def contact_addr_params
+        if Contact.address_processing?
+          params.require(:contact).require(:addr).require(%i[country_code city street zip])
+          params.require(:contact).require(:addr).permit(:country_code, :city, :street, :zip)
+        else
+          params.require(:contact).permit(addr: %i[country_code city street zip])
+        end
+      end
+
+      def legal_document_params
+        params.require(:legal_document).require(%i[body type])
+        params.require(:legal_document).permit(:body, :type)
+      end
+    end
+  end
+end