Module: HousingMisc::ApiHelper

Included in:

LogsController, ModelReflectionsController, SidekiqQueueCheckController

Defined in:

lib/housing_misc/api_helper.rb

Constant Summary

MOBILE_REQUEST_TIME_THRESHOLD =

in seconds

300

Instance Method Summary

• #add_attachments(email_template_hash, attachments) ⇒ Object
• #add_base_vars(email_template_hash, base_vars) ⇒ Object
• #add_global_merge_vars(email_template_hash, vars) ⇒ Object
• #add_merge_vars(email_template_hash, vars) ⇒ Object
• #add_user_emails(email_template_hash, users) ⇒ Object
• #csrf_check(csrf_encryption_key, velocity_salt) ⇒ Object
• #filter_parameters(params) ⇒ Object
• #get_api_call(url, request_timeout = 15.0) ⇒ Object
• #get_email_template_from_mail_service(template_slug, template_version) ⇒ Object
• #get_past_channel_details(profiles_hash, start_datetime, end_datetime, channel, template_details) ⇒ Object
• #get_request_attribute_value(headers, params, key) ⇒ Object
• #get_shortened_url(url) ⇒ Object
• #internal_host_check ⇒ Object
• #is_request_csrf_valid?(request, cookies, params, csrf_encryption_key, velocity_salt) ⇒ Boolean
• #is_request_from_mobile?(request, params, velocity_salt) ⇒ Boolean
• #is_request_internal?(request) ⇒ Boolean
• #log_invalid_csrf_request(log_file, request, cookies, params) ⇒ Object
• #logging_file ⇒ Object
• #send_generic_mail(template_slug, template_version, users, base_vars, merge_vars, high_priority = false, attachments = [], deferred = false, send_time = nil, google_analytics_campaign = nil) ⇒ Object
• #send_generic_sms(phone_number, template_name, send_time, sms_params) ⇒ Object
• #upload_log_to_s3(file_path) ⇒ Object

Instance Method Details

#add_attachments(email_template_hash, attachments) ⇒ Object

# File 'lib/housing_misc/api_helper.rb', line 128

def add_attachments(email_template_hash, attachments)
  email_template_hash[:params_json][:attachments] = attachments if attachments.present?
  return email_template_hash
end

#add_base_vars(email_template_hash, base_vars) ⇒ Object

# File 'lib/housing_misc/api_helper.rb', line 90

def add_base_vars(email_template_hash, base_vars)
  email_template_hash[:params_json].merge!(base_vars)
  email_template_hash[:test_email] = Housing.mail_test_id
  return email_template_hash
end

#add_global_merge_vars(email_template_hash, vars) ⇒ Object

# File 'lib/housing_misc/api_helper.rb', line 105

def add_global_merge_vars(email_template_hash, vars)
  email_template_hash[:params_json][:global_merge_vars][:modules].each do |mod_name|
    mod_name[:merge_vars].first.each do |key, value|
      mod_name[:merge_vars].first[key] = vars[key] if value.nil?
    end
  end
  return email_template_hash
end

#add_merge_vars(email_template_hash, vars) ⇒ Object

# File 'lib/housing_misc/api_helper.rb', line 114

def add_merge_vars(email_template_hash, vars)
  email_template_hash[:params_json][:merge_vars] = []
  email_template_hash[:params_json][:users].each do |user_email|
    email = user_email[:email]
    email_template_hash[:params_json][:merge_vars].push(email_template_hash[:params_json][:global_merge_vars].merge({email: email}))
  end
  if email_template_hash[:params_json][:global_merge_vars][:template_merge_vars].present?
    email_template_hash[:params_json][:global_merge_vars][:template_merge_vars].each do |key, value|
      email_template_hash[:params_json][:global_merge_vars][:template_merge_vars][key] = vars[key]
    end
  end
  return email_template_hash
end

#add_user_emails(email_template_hash, users) ⇒ Object

# File 'lib/housing_misc/api_helper.rb', line 96

def add_user_emails(email_template_hash, users)
  email_template_hash[:params_json][:users] = []
  users.each do |user_email|
    user_email = user_email.with_indifferent_access
    email_template_hash[:params_json][:users].push({name: user_email[:name], email: user_email[:email]})
  end
  return email_template_hash
end

#csrf_check(csrf_encryption_key, velocity_salt) ⇒ Object

# File 'lib/housing_misc/api_helper.rb', line 58

def csrf_check(csrf_encryption_key, velocity_salt)
  unless is_request_csrf_valid?(request, cookies, params, csrf_encryption_key, velocity_salt)
    log_file ||= Logger.new("#{Rails.root}/log/unauthorized_api_requests.log")
    log_invalid_csrf_request(log_file, request, cookies, params)
    render :json => {:message => "You are not authorized to make this call", :error => "CSRF_CHECK_FAILED"}, status: 401
  end
end

#filter_parameters(params) ⇒ Object

# File 'lib/housing_misc/api_helper.rb', line 9

def filter_parameters(params)
  filters = Rails.application.config.filter_parameters rescue []
  f = ActionDispatch::Http::ParameterFilter.new filters
  return f.filter(params)
end

#get_api_call(url, request_timeout = 15.0) ⇒ Object

# File 'lib/housing_misc/api_helper.rb', line 169

def get_api_call(url, request_timeout = 15.0)
  parsed_url = URI.parse(url)
  http = Net::HTTP.new(parsed_url.host, parsed_url.port)
  http.read_timeout = request_timeout
  request = Net::HTTP::Get.new(parsed_url.request_uri)
  begin
    response = http.request(request)
    raise "request failed :: #{response}" if response.code != "200"
    request_response = response.body
  rescue => exception
    logging_file.error("CampaignError :: #{exception}")
    raise "CampaignError for url: #{url}"
  end
  return request_response
end

#get_email_template_from_mail_service(template_slug, template_version) ⇒ Object

# File 'lib/housing_misc/api_helper.rb', line 134

def get_email_template_from_mail_service(template_slug, template_version)
  template_name = template_slug.gsub("-","_")
  uri = URI.parse("#{Housing.mail_service_url}v1/email/request_format?template_name=#{template_name}&template_version=#{template_version}")
  response = (Oj.load(Net::HTTP.get(uri))["data"]) rescue {}
end

#get_past_channel_details(profiles_hash, start_datetime, end_datetime, channel, template_details) ⇒ Object

# File 'lib/housing_misc/api_helper.rb', line 140

def get_past_channel_details(profiles_hash, start_datetime, end_datetime, channel, template_details)
  response = {}
  query_params = {
                  template_name: template_details[:template_name],
                  end_datetime: end_datetime
                 }
  query_params[:template_version] = template_details[:template_version] if channel == "email"

  profiles_date_hash = {}
  profiles_hash.each do |key, value|
    date = value["last_activity_time"] || start_datetime
    date = Date.strptime(date.to_s,'%s').to_time.to_i
    (profiles_date_hash[date] ||= []) << key
  end

  profiles_date_hash.each do |date, email_or_numbers|
    # increasing batch size would lead to exception 414 URI too large, Please don't increase batch size
    email_or_numbers.each_slice(100) do |batch|
      query_params[identifier[channel.to_sym]] = batch.join(',')
      query_params[:start_datetime] = date
      query = query_params.to_query
      url = send("#{channel}_report_url".to_sym) + query
      batch_response = (Oj.load(get_api_call(url))["data"])
      response.merge!(batch_response)
    end
  end
  response
end

#get_request_attribute_value(headers, params, key) ⇒ Object

# File 'lib/housing_misc/api_helper.rb', line 5

def get_request_attribute_value(headers, params, key)
  headers["HTTP_#{key.upcase.tr('-', '_')}"] || params[key]
end

#get_shortened_url(url) ⇒ Object

# File 'lib/housing_misc/api_helper.rb', line 200

def get_shortened_url(url)
  shortened_url = ""
  uri = URI.parse("#{Housing.url_shortener}/shorten")
  response = Net::HTTP.post_form(uri, {url: url})
  if response.code.to_i == 200
    shortened_url = Housing.short_url_domain + JSON.parse(response.body)["id"]
  end
  shortened_url
end

#internal_host_check ⇒ Object

# File 'lib/housing_misc/api_helper.rb', line 50

def internal_host_check
  unless is_request_internal?(request)
    log_file ||= Logger.new("#{Rails.root}/log/unauthorized_api_requests.log")
    log_file.info "Internal host check violated | remote_ip:#{request.remote_ip}, host:#{request.host}, port:#{request.port}, params:#{filter_parameters(params)}"
    render :json => {:message => "You are not authorized to make this call"}, status: 401
  end
end

#is_request_csrf_valid?(request, cookies, params, csrf_encryption_key, velocity_salt) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/housing_misc/api_helper.rb', line 40

def is_request_csrf_valid?(request, cookies, params, csrf_encryption_key, velocity_salt)
  if request.get? || is_request_internal?(request) || is_request_from_mobile?(request, params, velocity_salt)
    return true
  else
    csrf_id = cookies["cuid"] || ""
    csrf_token = request.headers["HTTP_X_CSRF_TOKEN_V2"]
    return OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), csrf_encryption_key, csrf_id) == csrf_token
  end
end

#is_request_from_mobile?(request, params, velocity_salt) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/housing_misc/api_helper.rb', line 19

def is_request_from_mobile?(request, params, velocity_salt)
  source = get_request_attribute_value(request.headers, params, "source") || ""
  time_stamp = get_request_attribute_value(request.headers, params, "ts")
  signed_param = get_request_attribute_value(request.headers, params, "sp")

  if time_stamp.blank? || signed_param.blank?
    if ["android", "ios"].include?(source.downcase) # To be removed once all the users moves to latest app version which includes ts-sp thing
      log_file ||= Logger.new("#{Rails.root}/log/app_requests_with_missing_params.log")
      log_invalid_csrf_request(log_file, request, cookies, params)
       return true 
    elsif params["app_name"] == "locon.com.datacollection" # To be removed once dc app implements ts-sp thing
      log_file ||= Logger.new("#{Rails.root}/log/dc_app_requests_with_missing_params.log")
      log_invalid_csrf_request(log_file, request, cookies, params)
       return true 
    end
  else
    return ((Time.now.to_i - time_stamp.to_i) <= MOBILE_REQUEST_TIME_THRESHOLD) && (Digest::MD5.hexdigest(velocity_salt + time_stamp) == signed_param)
  end
  return false
end

#is_request_internal?(request) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/housing_misc/api_helper.rb', line 15

def is_request_internal?(request)
  Rails.env != "production" || request.host.include?("internal")
end

#log_invalid_csrf_request(log_file, request, cookies, params) ⇒ Object

# File 'lib/housing_misc/api_helper.rb', line 66

def log_invalid_csrf_request(log_file, request, cookies, params)
  log_file.info "CSRF check violated | new_csrf_token:#{request.headers["HTTP_X_CSRF_TOKEN_V2"]} | new_csrf_id:#{cookies["cuid"]} | remote_ip:#{request.remote_ip} | host:#{request.host} | port:#{request.port} | method:#{request.method} | referrer:#{request.referrer} | User-Agent:#{request.headers["User-Agent"]} | source:#{get_request_attribute_value(request.headers, params, "source")} | time_stamp: #{get_request_attribute_value(request.headers, params, "ts")} | signed_param:#{get_request_attribute_value(request.headers, params, "sp")} | params:#{filter_parameters(params)}"
end

#logging_file ⇒ Object

# File 'lib/housing_misc/api_helper.rb', line 185

def logging_file
  @log_file ||= Logger.new("#{Rails.root}/log/campaign_errors.log")
end

#send_generic_mail(template_slug, template_version, users, base_vars, merge_vars, high_priority = false, attachments = [], deferred = false, send_time = nil, google_analytics_campaign = nil) ⇒ Object

# File 'lib/housing_misc/api_helper.rb', line 70

def send_generic_mail(template_slug, template_version, users, base_vars, merge_vars, high_priority=false, attachments=[], deferred=false, send_time=nil, google_analytics_campaign=nil)
  base_vars = base_vars.with_indifferent_access
  merge_vars = merge_vars.with_indifferent_access
  email_template_hash = get_email_template_from_mail_service(template_slug, template_version).with_indifferent_access
  email_template_hash = add_base_vars(email_template_hash, base_vars)
  if google_analytics_campaign.present?
    email_template_hash[:params_json].merge!(google_analytics_campaign: google_analytics_campaign)
  end
  email_template_hash = add_user_emails(email_template_hash, users)
  email_template_hash = add_global_merge_vars(email_template_hash, merge_vars)
  email_template_hash = add_merge_vars(email_template_hash, merge_vars)
  email_template_hash = add_attachments(email_template_hash, attachments)
  if deferred
    response = Net::HTTP.post_form( URI( "#{Housing.mail_service_url}v1/email/send_deferred" ), "email_request"=> email_template_hash.to_json, "high_priority"=>high_priority, "send_time" => send_time)
  else
    response = Net::HTTP.post_form( URI( "#{Housing.mail_service_url}v1/email/send" ), "email_request"=> email_template_hash.to_json, "high_priority"=>high_priority)
  end
  return response.code.to_i, response.body
end

#send_generic_sms(phone_number, template_name, send_time, sms_params) ⇒ Object

# File 'lib/housing_misc/api_helper.rb', line 189

def send_generic_sms(phone_number, template_name, send_time, sms_params)
  post_args ={
    "template_name" => template_name,
    "sms_request[number]" => phone_number,
    "sms_request[test_number]" => Housing.sms_test_number,
    "send_time" => send_time,
    "sms_request[params_json]" => sms_params.to_json
  }
  response = Net::HTTP.post_form( URI("#{Housing.sms_service_url}/v0/sms/send_deferred"), post_args)
end

#upload_log_to_s3(file_path) ⇒ Object

# File 'lib/housing_misc/api_helper.rb', line 210

def upload_log_to_s3(file_path)
  s3_key = Rails.root.to_s.split('/')[-1] + '/' + file_path.split('/')[-1]
  s3_client.bucket(HousingMisc.bucket).object(s3_key).upload_file(file_path)
end