mirror of
https://github.com/internetee/registry.git
synced 2025-06-02 18:58:35 +02:00
60 lines
1.9 KiB
Ruby
60 lines
1.9 KiB
Ruby
require 'auth_token/auth_token_decryptor'
|
|
|
|
module Api
|
|
module V1
|
|
module Registrant
|
|
class BaseController < ActionController::API
|
|
before_action :set_cors_header
|
|
before_action :authenticate
|
|
before_action :set_paper_trail_whodunnit
|
|
|
|
rescue_from ActiveRecord::RecordNotFound, with: :show_not_found_error
|
|
rescue_from ActiveRecord::RecordInvalid, with: :show_invalid_record_error
|
|
rescue_from(ActionController::ParameterMissing) do |parameter_missing_exception|
|
|
error = {}
|
|
error[parameter_missing_exception.param] = ['parameter is required']
|
|
response = { errors: [error] }
|
|
render json: response, status: :unprocessable_entity
|
|
end
|
|
|
|
private
|
|
|
|
def set_cors_header
|
|
response.headers['Access-Control-Allow-Origin'] = request.headers['Origin']
|
|
end
|
|
|
|
def bearer_token
|
|
pattern = /^Bearer /
|
|
header = request.headers['Authorization']
|
|
header.gsub(pattern, '') if header&.match(pattern)
|
|
end
|
|
|
|
def authenticate
|
|
decryptor = AuthTokenDecryptor.create_with_defaults(bearer_token)
|
|
decryptor.decrypt_token
|
|
|
|
if decryptor.valid?
|
|
sign_in(:registrant_user, decryptor.user)
|
|
else
|
|
render json: { errors: [{ base: ['Not authorized'] }] },
|
|
status: :unauthorized
|
|
end
|
|
end
|
|
|
|
# This controller does not inherit from ApplicationController,
|
|
# so user_for_paper_trail method is not usable.
|
|
def set_paper_trail_whodunnit
|
|
::PaperTrail.request.whodunnit = current_registrant_user.id_role_username
|
|
end
|
|
|
|
def show_not_found_error
|
|
render json: { errors: [{ base: ['Not found'] }] }, status: :not_found
|
|
end
|
|
|
|
def show_invalid_record_error(exception)
|
|
render json: { errors: exception.record.errors }, status: :bad_request
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|