Class: Webhookdb::API::V1
- Defined in:
- lib/webhookdb/api.rb
Direct Known Subclasses
Auth, Db, Demo, Install, Me, Organizations, Replay, SavedQueries, ServiceIntegrations, Services, Stripe, Subscriptions, SyncTargets, WebhookSubscriptions
Constant Summary
Constants inherited from Service
Service::AUTH_TOKEN_HEADER, Service::AUTH_TOKEN_HTTP, Service::DEFAULT_CORS_ORIGINS, Service::SESSION_COOKIE, Service::SHORT_SESSION_HEADER, Service::SHORT_SESSION_HTTP
Class Method Summary collapse
Methods inherited from Service
build_app, cookie_config, decode_cookie, error_body
Methods included from MethodUtilities
#attr_predicate, #attr_predicate_accessor, #singleton_attr_accessor, #singleton_attr_reader, #singleton_attr_writer, #singleton_method_alias, #singleton_predicate_accessor, #singleton_predicate_reader
Class Method Details
.inherited(subclass) ⇒ Object
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 |
# File 'lib/webhookdb/api.rb', line 13 def self.inherited(subclass) super subclass.instance_eval do version "v1", using: :path format :json require "webhookdb/service/helpers" helpers Webhookdb::Service::Helpers require "webhookdb/api/helpers" helpers Webhookdb::API::Helpers require "webhookdb/api/connstr_auth" helpers do def verified_customer! c = current_customer forbidden! unless c.phone_verified? return c end # Lookup the organization. # @param identifier [String] Can be passed in, or is extracted from the route params # (:org_identifier, or :org if :org_identiier is '-'). # @param customer [Webhookdb::Customer] Authed customer. Will use current_customer if nil. # @param allow_connstr_auth [Boolean] True to use Webhookdb::API::ConnstrAuth. # See module for more details. def lookup_org!(identifier=nil, customer: nil, allow_connstr_auth: false) identifier ||= params[:org_identifier] if identifier == "-" identifier = params[:org] merror!(400, "must supply 'org_identifier' or 'org' param", code: "missing_org") unless identifier end # Run this first to verify authentication before other lookups. customer ||= allow_connstr_auth ? current_customer? : current_customer # Can return multiple orgs, including ones the user cannot access orgs = Webhookdb::Organization.with_identifier(identifier).all merror!(403, "There is no organization with that identifier.") if orgs.empty? if customer # This is scoped to just orgs the user can access. We check if the identifier # matches multiple orgs, in which case it's ambiguous. memberships = customer.verified_memberships_dataset.where(organization: orgs).limit(2).all ("You don't have permissions with that organization.") if memberships.empty? merror!(500, "ambiguous", alert: true) if memberships.size > 1 # TODO: better message, tests return memberships.first.organization end raise "something went wrong" unless allow_connstr_auth org = Webhookdb::API::ConnstrAuth.find_authed(orgs, request) unauthenticated! if org.nil? return org end # rubocop:disable Naming/PredicateName def has_admin?(org=nil, customer: nil) # rubocop:enable Naming/PredicateName customer ||= current_customer org ||= lookup_org! has_no_admin = org.verified_memberships_dataset. where(customer:, membership_role: Webhookdb::Role.admin_role). empty? return !has_no_admin end def ensure_admin!(org=nil, customer: nil) org ||= lookup_org! admin = has_admin?(org, customer:) # noinspection RubyNilAnalysis ("You don't have admin privileges with #{org.name}.") unless admin end end before do Sentry.configure_scope do |scope| scope.(application: "public-api") end end before_validation do # We want to strip control characters out of the string inputs # Found the control character regex here: # https://www.appsloveworld.com/ruby/100/167/how-to-remove-control-characters-in-ruby # rgx = /\e\[[^\x40-\x7E]*[\x40-\x7E]/ self.params.each do |k, v| params[k] = v.gsub(rgx, "") if v.is_a?(String) end end end end |