2024-08-25 14:19:02 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
|
|
class ApiController < ApplicationController
|
|
|
|
|
skip_before_action :verify_authenticity_token
|
|
|
|
|
before_action :authenticate_api_key
|
|
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
|
|
def authenticate_api_key
|
|
|
|
|
return head :unauthorized unless current_api_user
|
|
|
|
|
|
|
|
|
|
true
|
|
|
|
|
end
|
|
|
|
|
|
2025-02-19 15:23:11 -05:00
|
|
|
def authenticate_active_api_user!
|
2025-04-04 15:12:42 -04:00
|
|
|
render json: { error: 'User is not active' }, status: :unauthorized unless current_api_user&.active_until&.future?
|
2025-02-19 15:23:11 -05:00
|
|
|
|
|
|
|
|
true
|
|
|
|
|
end
|
|
|
|
|
|
2024-08-25 14:19:02 -04:00
|
|
|
def current_api_user
|
2024-12-20 10:02:17 -05:00
|
|
|
@current_api_user ||= User.find_by(api_key:)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def api_key
|
|
|
|
|
params[:api_key] || request.headers['Authorization']&.split(' ')&.last
|
2024-08-25 14:19:02 -04:00
|
|
|
end
|
2024-12-16 09:42:26 -05:00
|
|
|
|
|
|
|
|
def validate_params
|
|
|
|
|
missing_params = required_params.select { |param| params[param].blank? }
|
|
|
|
|
|
|
|
|
|
if missing_params.any?
|
|
|
|
|
render json: {
|
|
|
|
|
error: "Missing required parameters: #{missing_params.join(', ')}"
|
|
|
|
|
}, status: :bad_request and return
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
params.permit(*required_params)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def required_params
|
|
|
|
|
[]
|
|
|
|
|
end
|
2025-05-16 12:51:48 -04:00
|
|
|
|
|
|
|
|
def validate_points_limit
|
|
|
|
|
limit_exceeded = PointsLimitExceeded.new(current_api_user).call
|
|
|
|
|
|
|
|
|
|
render json: { error: 'Points limit exceeded' }, status: :unauthorized if limit_exceeded
|
|
|
|
|
end
|
2024-08-25 14:19:02 -04:00
|
|
|
end
|
