zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-06-08 05:34:46 +02:00
Code Issues Projects Releases Packages Wiki Activity
internetee-registry/app/controllers/api/v1/registrant/auth_controller.rb
Maciej Szlosarczyk 42004f933f
Add IP block on authentication via EID 
Also, correct mistakenly used 403 error code.
Update aplication-example.yml to include new functionality.
2018-07-24 11:33:51 +03:00

55 lines
1.5 KiB
Ruby
Raw Blame History

require 'rails5_api_controller_backport'
require 'auth_token/auth_token_creator'
module Api
module V1
module Registrant
class AuthController < ActionController::API
before_action :check_ip_whitelist
rescue_from(ActionController::ParameterMissing) do |parameter_missing_exception|
error = {}
error[parameter_missing_exception.param] = ['parameter is required']
response = { errors: [error] }
render json: response, status: :unprocessable_entity
end
def eid
user = RegistrantUser.find_or_create_by_api_data(eid_params)
token = create_token(user)
if token
render json: token
else
render json: { error: 'Cannot create generate session token'}
end
end
private
def eid_params
required_params = [:ident, :first_name, :last_name]
required_params.each_with_object(params) do |key, obj|
obj.require(key)
end
params.permit(required_params)
end
def create_token(user)
token_creator = AuthTokenCreator.create_with_defaults(user)
hash = token_creator.token_in_hash
hash
end
def check_ip_whitelist
allowed_ips = ENV['registrant_api_auth_allowed_ips'].to_s.split(',').map(&:strip)
unless allowed_ips.include?(request.ip) || Rails.env.development?
render json: { error: 'Not authorized' }, status: 401
end
end
end
end
end
end
Reference in a new issue View git blame Copy permalink