Class: UserApiKeyClientsController
- Inherits:
-
ApplicationController
- Object
- ActionController::Base
- ApplicationController
- UserApiKeyClientsController
- Defined in:
- app/controllers/user_api_key_clients_controller.rb
Constant Summary
Constants inherited from ApplicationController
ApplicationController::CHALLENGE_KEY, ApplicationController::HONEYPOT_KEY, ApplicationController::LEGACY_NO_THEMES, ApplicationController::LEGACY_NO_UNOFFICIAL_PLUGINS, ApplicationController::NO_PLUGINS, ApplicationController::NO_THEMES, ApplicationController::NO_UNOFFICIAL_PLUGINS, ApplicationController::SAFE_MODE
Constants included from CanonicalURL::ControllerExtensions
CanonicalURL::ControllerExtensions::ALLOWED_CANONICAL_PARAMS
Instance Attribute Summary
Attributes inherited from ApplicationController
Instance Method Summary collapse
- #create ⇒ Object
- #ensure_new_client ⇒ Object
- #rate_limit ⇒ Object
- #require_params ⇒ Object
- #show ⇒ Object
- #validate_params ⇒ Object
Methods inherited from ApplicationController
#application_layout, #can_cache_content?, #clear_notifications, #conditionally_allow_site_embedding, #current_homepage, #discourse_expires_in, #dont_cache_page, #ember_cli_required?, #fetch_user_from_params, #guardian, #handle_permalink, #handle_theme, #handle_unverified_request, #has_escaped_fragment?, #immutable_for, #login_method, #no_cookies, #perform_refresh_session, #post_ids_including_replies, #preload_json, #rate_limit_second_factor!, #redirect_with_client_support, #render_json_dump, #render_serialized, requires_plugin, #rescue_discourse_actions, #resolve_safe_mode, #secure_session, #serialize_data, #set_current_user_for_logs, #set_layout, #set_mobile_view, #set_mp_snapshot_fields, #show_browser_update?, #store_preloaded, #use_crawler_layout?, #with_resolved_locale
Methods included from VaryHeader
Methods included from ThemeResolver
Methods included from ReadOnlyMixin
#add_readonly_header, #allowed_in_staff_writes_only_mode?, #block_if_readonly_mode, #check_readonly_mode, #get_or_check_readonly_mode, #get_or_check_staff_writes_only_mode, included, #staff_writes_only_mode?
Methods included from Hijack
Methods included from GlobalPath
#cdn_path, #cdn_relative_path, #full_cdn_url, #path, #upload_cdn_path
Methods included from JsonError
Methods included from CanonicalURL::ControllerExtensions
#canonical_url, #default_canonical, included
Methods included from CurrentUser
#clear_current_user, #current_user, has_auth_cookie?, #is_api?, #is_user_api?, #log_off_user, #log_on_user, lookup_from_env, #refresh_session
Instance Method Details
#create ⇒ Object
14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
# File 'app/controllers/user_api_key_clients_controller.rb', line 14 def create rate_limit require_params validate_params ensure_new_client client = UserApiKeyClient.new(client_id: params[:client_id]) client.application_name = params[:application_name] client.public_key = params[:public_key] client.auth_redirect = params[:auth_redirect] ActiveRecord::Base.transaction do client.save! @scopes.each { |scope| client.scopes.create!(name: scope) } end if client.persisted? render json: success_json else render json: failed_json end end |
#ensure_new_client ⇒ Object
51 52 53 |
# File 'app/controllers/user_api_key_clients_controller.rb', line 51 def ensure_new_client raise Discourse::InvalidAccess if UserApiKeyClient.where(client_id: params[:client_id]).exists? end |
#rate_limit ⇒ Object
37 38 39 |
# File 'app/controllers/user_api_key_clients_controller.rb', line 37 def rate_limit RateLimiter.new(nil, "user-api-key-clients-#{request.remote_ip}", 1, 24.hours).performed! end |
#require_params ⇒ Object
41 42 43 44 |
# File 'app/controllers/user_api_key_clients_controller.rb', line 41 def require_params %i[client_id application_name public_key auth_redirect scopes].each { |p| params.require(p) } @scopes = params[:scopes].split(",") end |
#show ⇒ Object
7 8 9 10 11 12 |
# File 'app/controllers/user_api_key_clients_controller.rb', line 7 def show params.require(:client_id) client = UserApiKeyClient.find_by(client_id: params[:client_id]) raise Discourse::InvalidParameters unless client && client.auth_redirect.present? head :ok end |
#validate_params ⇒ Object
46 47 48 49 |
# File 'app/controllers/user_api_key_clients_controller.rb', line 46 def validate_params raise Discourse::InvalidAccess unless UserApiKeyClientScope.allowed.superset?(Set.new(@scopes)) OpenSSL::PKey::RSA.new(params[:public_key]) end |