mirror of
https://github.com/Freika/dawarich.git
synced 2025-12-29 09:19:45 -06:00
b1393ee674
* Implement OmniAuth GitHub authentication * Fix omniauth GitHub scope to include user email access * Remove margin-bottom * Implement Google OAuth2 authentication * Implement OIDC authentication for Dawarich using omniauth_openid_connect gem. * Add patreon account linking and patron checking service * Update docker-compose.yml to use boolean values instead of strings * Add support for KML files * Add tests * Update changelog * Remove patreon OAuth integration * Move omniauthable to a concern * Update an icon in integrations * Update changelog * Update app version * Fix family location sharing toggle * Move family location sharing to its own controller * Update changelog * Implement basic tagging functionality for places, allowing users to categorize and label places with custom tags. * Add places management API and tags feature * Add some changes related to places management feature * Fix some tests * Fix sometests * Add places layer * Update places layer to use Leaflet.Control.Layers.Tree for hierarchical layer control * Rework tag form * Add hashtag * Add privacy zones to tags * Add notes to places and manage place tags * Update changelog * Update e2e tests * Extract tag serializer to its own file * Fix some tests * Fix tags request specs * Fix some tests * Fix rest of the tests * Revert some changes * Add missing specs * Revert changes in place export/import code * Fix some specs * Fix PlaceFinder to only consider global places when finding existing places * Fix few more specs * Fix visits creator spec * Fix last tests * Update place creating modal * Add home location based on "Home" tagged place * Save enabled tag layers * Some fixes * Fix bug where enabling place tag layers would trigger saving enabled layers, overwriting with incomplete data * Update migration to use disable_ddl_transaction! and add up/down methods * Fix tag layers restoration and filtering logic * Update OIDC auto-registration and email/password registration settings * Fix potential xss
65 lines
1.6 KiB
Ruby
65 lines
1.6 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class ApiController < ApplicationController
|
|
skip_before_action :verify_authenticity_token
|
|
before_action :set_version_header
|
|
before_action :authenticate_api_key
|
|
|
|
rescue_from ActiveRecord::RecordNotFound, with: :record_not_found
|
|
|
|
private
|
|
|
|
def record_not_found
|
|
render json: { error: 'Record not found' }, status: :not_found
|
|
end
|
|
|
|
def set_version_header
|
|
message = "Hey, I\'m alive#{current_api_user ? ' and authenticated' : ''}!"
|
|
|
|
response.set_header('X-Dawarich-Response', message)
|
|
response.set_header('X-Dawarich-Version', APP_VERSION)
|
|
end
|
|
|
|
def authenticate_api_key
|
|
return head :unauthorized unless current_api_user
|
|
|
|
true
|
|
end
|
|
|
|
def authenticate_active_api_user!
|
|
render json: { error: 'User is not active' }, status: :unauthorized unless current_api_user&.active_until&.future?
|
|
|
|
true
|
|
end
|
|
|
|
def current_api_user
|
|
@current_api_user ||= User.find_by(api_key:)
|
|
end
|
|
|
|
def api_key
|
|
params[:api_key] || request.headers['Authorization']&.split(' ')&.last
|
|
end
|
|
|
|
def validate_params
|
|
missing_params = required_params.select { |param| params[param].blank? }
|
|
|
|
if missing_params.any?
|
|
render json: {
|
|
error: "Missing required parameters: #{missing_params.join(', ')}"
|
|
}, status: :bad_request and return
|
|
end
|
|
|
|
params.permit(*required_params)
|
|
end
|
|
|
|
def required_params
|
|
[]
|
|
end
|
|
|
|
def validate_points_limit
|
|
limit_exceeded = PointsLimitExceeded.new(current_api_user).call
|
|
|
|
render json: { error: 'Points limit exceeded' }, status: :unauthorized if limit_exceeded
|
|
end
|
|
end
|