mirror of
https://github.com/System-End/hackatime.git
synced 2026-04-19 23:32:53 +00:00
53 lines
1.3 KiB
Ruby
53 lines
1.3 KiB
Ruby
module Api
|
|
module Admin
|
|
class ApplicationController < ActionController::API
|
|
include ActionController::HttpAuthentication::Token::ControllerMethods
|
|
|
|
before_action :authenticate_admin_api_key!
|
|
|
|
private
|
|
|
|
def authenticate_admin_api_key!
|
|
authenticate_or_request_with_http_token do |token, options|
|
|
admin_api_key = AdminApiKey.active.find { |key| ActiveSupport::SecurityUtils.secure_compare(key.token, token) }
|
|
@admin_api_key = admin_api_key
|
|
|
|
if @admin_api_key
|
|
@current_user = @admin_api_key.user
|
|
|
|
if @current_user.admin_level.in?([ "admin", "superadmin", "viewer" ])
|
|
true
|
|
else
|
|
@admin_api_key.revoke!
|
|
false
|
|
end
|
|
else
|
|
false
|
|
end
|
|
end
|
|
end
|
|
|
|
def current_user
|
|
@current_user
|
|
end
|
|
|
|
def current_admin_api_key
|
|
@admin_api_key
|
|
end
|
|
|
|
def render_unauthorized
|
|
render json: { error: "lmao no perms" }, status: :unauthorized
|
|
end
|
|
|
|
def render_forbidden
|
|
render json: { error: "lmao no perms" }, status: :forbidden
|
|
end
|
|
|
|
def require_superadmin
|
|
unless current_user&.admin_level_superadmin?
|
|
render json: { error: "lmao no perms" }, status: :unauthorized
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|