mirror of
https://github.com/openfoodfoundation/openfoodnetwork
synced 2026-01-22 20:16:50 +00:00
110 lines
3.0 KiB
Ruby
110 lines
3.0 KiB
Ruby
# Base controller for OFN's API
|
|
require_dependency 'spree/api/controller_setup'
|
|
|
|
module Api
|
|
class BaseController < ActionController::Metal
|
|
include Spree::Api::ControllerSetup
|
|
include Spree::Core::ControllerHelpers::SSL
|
|
include ::ActionController::Head
|
|
|
|
respond_to :json
|
|
|
|
attr_accessor :current_api_user
|
|
|
|
before_filter :set_content_type
|
|
before_filter :authenticate_user
|
|
after_filter :set_jsonp_format
|
|
|
|
rescue_from Exception, with: :error_during_processing
|
|
rescue_from CanCan::AccessDenied, with: :unauthorized
|
|
rescue_from ActiveRecord::RecordNotFound, with: :not_found
|
|
|
|
helper Spree::Api::ApiHelpers
|
|
|
|
ssl_allowed
|
|
|
|
# Include these because we inherit from ActionController::Metal
|
|
# rather than ActionController::Base and these are required for AMS
|
|
include ActionController::Serialization
|
|
include ActionController::UrlFor
|
|
include Rails.application.routes.url_helpers
|
|
|
|
use_renderers :json
|
|
check_authorization
|
|
|
|
def set_jsonp_format
|
|
return unless params[:callback] && request.get?
|
|
|
|
self.response_body = "#{params[:callback]}(#{response_body})"
|
|
headers["Content-Type"] = 'application/javascript'
|
|
end
|
|
|
|
def respond_with_conflict(json_hash)
|
|
render json: json_hash, status: :conflict
|
|
end
|
|
|
|
private
|
|
|
|
# Use logged in user (spree_current_user) for API authentication (current_api_user)
|
|
def authenticate_user
|
|
return if @current_api_user = try_spree_current_user
|
|
|
|
if api_key.blank?
|
|
# An anonymous user
|
|
@current_api_user = Spree.user_class.new
|
|
return
|
|
end
|
|
|
|
return if @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s)
|
|
|
|
invalid_api_key
|
|
end
|
|
|
|
def set_content_type
|
|
content_type = case params[:format]
|
|
when "json"
|
|
"application/json"
|
|
when "xml"
|
|
"text/xml"
|
|
end
|
|
headers["Content-Type"] = content_type
|
|
end
|
|
|
|
def error_during_processing(exception)
|
|
render(text: { exception: exception.message }.to_json,
|
|
status: :unprocessable_entity) && return
|
|
end
|
|
|
|
def current_ability
|
|
Spree::Ability.new(current_api_user)
|
|
end
|
|
|
|
def api_key
|
|
request.headers["X-Spree-Token"] || params[:token]
|
|
end
|
|
helper_method :api_key
|
|
|
|
def invalid_resource!(resource)
|
|
@resource = resource
|
|
render(json: { error: I18n.t(:invalid_resource, scope: "spree.api"),
|
|
errors: @resource.errors },
|
|
status: :unprocessable_entity)
|
|
end
|
|
|
|
def invalid_api_key
|
|
render(json: { error: I18n.t(:invalid_api_key, key: api_key, scope: "spree.api") },
|
|
status: :unauthorized) && return
|
|
end
|
|
|
|
def unauthorized
|
|
render(json: { error: I18n.t(:unauthorized, scope: "spree.api") },
|
|
status: :unauthorized) && return
|
|
end
|
|
|
|
def not_found
|
|
render(json: { error: I18n.t(:resource_not_found, scope: "spree.api") },
|
|
status: :not_found) && return
|
|
end
|
|
end
|
|
end
|