58 lines
1.5 KiB
Ruby
58 lines
1.5 KiB
Ruby
class API::V2::BaseController < ApplicationController
|
|
# Disable forgery protection for API controllers when the request is authenticated
|
|
# with a bearer token. Otherwise the session will be nullified and we'll lose curent_user
|
|
protect_from_forgery with: :null_session, unless: :token?
|
|
skip_before_action :setup_tracking
|
|
prepend_before_action :authenticate_administrateur_from_token
|
|
|
|
private
|
|
|
|
def context
|
|
# new token
|
|
if api_token.present?
|
|
api_token.context
|
|
# web interface (/graphql) give current_administrateur
|
|
elsif current_administrateur.present?
|
|
{
|
|
administrateur_id: current_administrateur.id,
|
|
procedure_ids: current_administrateur.procedure_ids,
|
|
write_access: true
|
|
}
|
|
# old token
|
|
else
|
|
{
|
|
token: authorization_bearer_token,
|
|
write_access: true
|
|
}
|
|
end
|
|
end
|
|
|
|
def token?
|
|
authorization_bearer_token.present?
|
|
end
|
|
|
|
def authenticate_administrateur_from_token
|
|
if api_token.present?
|
|
@current_user = api_token.administrateur.user
|
|
end
|
|
end
|
|
|
|
def api_token
|
|
if @api_token.nil?
|
|
@api_token = APIToken
|
|
.find_and_verify(authorization_bearer_token)
|
|
&.tap { _1.touch(:last_v2_authenticated_at) } || false
|
|
end
|
|
@api_token
|
|
end
|
|
|
|
def authorization_bearer_token
|
|
@authorization_bearer_token ||= begin
|
|
received_token = nil
|
|
authenticate_with_http_token do |token, _options|
|
|
received_token = token
|
|
end
|
|
received_token
|
|
end
|
|
end
|
|
end
|