app/controllers/api/v1/registrant/auth_controller.rb
require 'auth_token/auth_token_creator'
module Api
module V1
module Registrant
class AuthController < ActionController::API
before_action :set_cors_header
before_action :check_ip_whitelist
rescue_from(ActionController::ParameterMissing) do |parameter_missing_exception|
error = {}
error[parameter_missing_exception.param] = ['parameter is required']
response = { errors: [error] }
render json: response, status: :unprocessable_entity
end
def eid
user = RegistrantUser.find_or_create_by_api_data(eid_params.to_h)
token = create_token(user)
if token
msg = "Bearer for #{eid_params[:first_name]} #{eid_params[:last_name]} " \
"(#{eid_params[:ident]}) - '#{token[:access_token]}'"
ToStdout.msg(msg) unless Rails.env.production?
render json: token
else
render json: { errors: [{ base: ['Cannot create generate session token'] }] }
end
end
private
def set_cors_header
response.headers['Access-Control-Allow-Origin'] = request.headers['Origin']
end
def eid_params
required_params = %i[ident first_name last_name]
required_params.each_with_object(params) do |key, obj|
obj.require(key)
end
params.permit(required_params + [:country_code])
end
def create_token(user)
token_creator = AuthTokenCreator.create_with_defaults(user)
token_creator.token_in_hash
end
def check_ip_whitelist
allowed_ips = ENV['registrant_api_auth_allowed_ips'].to_s.split(',').map(&:strip)
return if allowed_ips.include?(request.ip) || Rails.env.development?
render json: { errors: [{ base: ['Not authorized'] }] }, status: :unauthorized
end
end
end
end
end