Feature: Access tokens for API access (#604)

Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com>
2020-03-11 00:02:15 +05:30
parent 19ab0fe108
commit a5b1e2b650
29 changed files with 517 additions and 270 deletions
--- a/app/controllers/concerns/access_token_auth_helper.rb
+++ b/app/controllers/concerns/access_token_auth_helper.rb
@@ -0,0 +1,24 @@
+module AccessTokenAuthHelper
+  BOT_ACCESSIBLE_ENDPOINTS = {
+    'api/v1/accounts/conversations' => ['toggle_status'],
+    'api/v1/accounts/conversations/messages' => ['create']
+  }.freeze
+
+  def authenticate_access_token!
+    access_token = AccessToken.find_by(token: request.headers[:api_access_token])
+    render_unauthorized('Invalid Access Token') && return unless access_token
+    token_owner = access_token.owner
+    @resource = token_owner
+  end
+
+  def validate_bot_access_token!
+    return if current_user.is_a?(User)
+    return if agent_bot_accessible?
+
+    render_unauthorized('Access to this endpoint is not authorized for bots')
+  end
+
+  def agent_bot_accessible?
+    BOT_ACCESSIBLE_ENDPOINTS.fetch(params[:controller], []).include?(params[:action])
+  end
+end