Feat: authenticate direct upload (#4160)

2022-03-16 13:54:18 +05:30
parent 796a7805db
commit 207a03155e
12 changed files with 174 additions and 57 deletions
--- a/app/controllers/api/v1/widget/base_controller.rb
+++ b/app/controllers/api/v1/widget/base_controller.rb
@@ -1,5 +1,6 @@
 class Api::V1::Widget::BaseController < ApplicationController
  include SwitchLocale
+  include WebsiteTokenHelper

  before_action :set_web_widget
  before_action :set_contact
@@ -19,25 +20,6 @@ class Api::V1::Widget::BaseController < ApplicationController
    @conversation ||= conversations.last
  end

-  def auth_token_params
-    @auth_token_params ||= ::Widget::TokenService.new(token: request.headers['X-Auth-Token']).decode_token
-  end
-
-  def set_web_widget
-    @web_widget = ::Channel::WebWidget.find_by!(website_token: permitted_params[:website_token])
-    @current_account = @web_widget.account
-  end
-
-  def set_contact
-    @contact_inbox = @web_widget.inbox.contact_inboxes.find_by(
-      source_id: auth_token_params[:source_id]
-    )
-    @contact = @contact_inbox&.contact
-    raise ActiveRecord::RecordNotFound unless @contact
-
-    Current.contact = @contact
-  end
-
  def create_conversation
    ::Conversation.create!(conversation_params)
  end
@@ -96,10 +78,6 @@ class Api::V1::Widget::BaseController < ApplicationController
    { timestamp: permitted_params[:message][:timestamp] }
  end

-  def permitted_params
-    params.permit(:website_token)
-  end
-
  def message_params
    {
      account_id: conversation.account_id,