demarches-normaliennes/app/controllers/api/v2/base_controller.rb

class API::V2::BaseController < ApplicationController
  # Disable forgery protection for API controllers when the request is authenticated
  # with a bearer token. Otherwise the session will be nullified and we'll lose curent_user
  protect_from_forgery with: :null_session, unless: :token?
  skip_before_action :setup_tracking
  prepend_before_action :authenticate_administrateur_from_token

  private

  def context
    # new token
    if api_token.present?
      api_token.context
    # web interface (/graphql) give current_administrateur
    elsif current_administrateur.present?
      {
        administrateur_id: current_administrateur.id,
        procedure_ids: current_administrateur.procedure_ids,
        write_access: true
      }
    # old token
    else
      {
        token: authorization_bearer_token,
        write_access: true
      }
    end
  end

  def token?
    authorization_bearer_token.present?
  end

  def authenticate_administrateur_from_token
    if api_token.present?
      @current_user = api_token.administrateur.user
    end
  end

  def api_token
    if @api_token.nil?
      @api_token = APIToken
        .find_and_verify(authorization_bearer_token)
        &.tap { _1.touch(:last_v2_authenticated_at) } || false
    end
    @api_token
  end

  def authorization_bearer_token
    @authorization_bearer_token ||= begin
      received_token = nil
      authenticate_with_http_token do |token, _options|
        received_token = token
      end
      received_token
    end
  end
end
Add graphql end point 2018-11-19 21:18:17 +01:00			`class API::V2::BaseController < ApplicationController`
feat(graphql): new tokens should carry administrateur_id 2022-09-28 12:40:44 +02:00			`# Disable forgery protection for API controllers when the request is authenticated`
			`# with a bearer token. Otherwise the session will be nullified and we'll lose curent_user`
			`protect_from_forgery with: :null_session, unless: :token?`
			`skip_before_action :setup_tracking`
			`prepend_before_action :authenticate_administrateur_from_token`
Add graphql end point 2018-11-19 21:18:17 +01:00
			`private`

			`def context`
feat(api_token): api v2 use new token 2022-11-30 10:14:23 +01:00			`# new token`
			`if api_token.present?`
feat(api_token): add allowed_procedure_ids and write_access 2023-02-13 14:57:51 +01:00			`api_token.context`
fix(web_graphql): fix graphql web playground authorization 2022-10-03 18:08:03 +02:00			`# web interface (/graphql) give current_administrateur`
			`elsif current_administrateur.present?`
feat(api_token): add allowed_procedure_ids and write_access 2023-02-13 14:57:51 +01:00			`{`
			`administrateur_id: current_administrateur.id,`
			`procedure_ids: current_administrateur.procedure_ids,`
			`write_access: true`
			`}`
fix(web_graphql): fix graphql web playground authorization 2022-10-03 18:08:03 +02:00			`# old token`
feat(graphql): new tokens should carry administrateur_id 2022-09-28 12:40:44 +02:00			`else`
feat(api_token): add allowed_procedure_ids and write_access 2023-02-13 14:57:51 +01:00			`{`
			`token: authorization_bearer_token,`
			`write_access: true`
			`}`
feat(graphql): new tokens should carry administrateur_id 2022-09-28 12:40:44 +02:00			`end`
			`end`

			`def token?`
			`authorization_bearer_token.present?`
Add graphql end point 2018-11-19 21:18:17 +01:00			`end`

feat(api_token): api v2 use new token 2022-11-30 10:14:23 +01:00			`def authenticate_administrateur_from_token`
			`if api_token.present?`
			`@current_user = api_token.administrateur.user`
			`end`
			`end`

			`def api_token`
			`if @api_token.nil?`
feat(api): add last_authenticated_at timestamp to api requests 2023-08-01 12:30:23 +02:00			`@api_token = APIToken`
			`.find_and_verify(authorization_bearer_token)`
			`&.tap { _1.touch(:last_v2_authenticated_at) } \|\| false`
feat(api_token): api v2 use new token 2022-11-30 10:14:23 +01:00			`end`
			`@api_token`
			`end`

Add graphql end point 2018-11-19 21:18:17 +01:00			`def authorization_bearer_token`
feat(graphql): new tokens should carry administrateur_id 2022-09-28 12:40:44 +02:00			`@authorization_bearer_token \|\|= begin`
			`received_token = nil`
			`authenticate_with_http_token do \|token, _options\|`
			`received_token = token`
			`end`
			`received_token`
			`end`
			`end`
Add graphql end point 2018-11-19 21:18:17 +01:00			`end`