Websites/app/controllers/yiff_rest/application_controller.rb
2024-07-14 13:49:24 -05:00

109 lines
3.7 KiB
Ruby

# frozen_string_literal: true
module YiffRest
class ApplicationController < ::ApplicationController
include YiffyAPIUtil
include ::ApplicationController::CommonAssetRoutes
before_action :check_ip_block
before_action :validate_api_key
def site_domain
YiffRestRoutes::DOMAIN
end
def plausible_domain
"yiff.rest"
end
def site_title
"YiffyAPI"
end
def assets_path
YiffMediaRoutes::DOMAIN
end
def site_color
"#222222"
end
def validate_api_key_required
return render_error(YiffyAPIErrorCodes::API_KEY_REQUIRED, error: "An API key is required to access this service.") if request.headers["Authorization"].blank?
validate_api_key
end
def validate_api_key
return nil if request.headers["Authorization"].blank?
@apikey = APIKey.from_request(request, with_anon: false)
return render_error(YiffyAPIErrorCodes::INVALID_API_KEY, error: "Invalid api key.") unless @apikey
return render_error(YiffyAPIErrorCodes::INACTIVE_API_KEY, error: "Api key is inactive.") unless @apikey.active?
if @apikey.disabled?
extra = {
reason: @apikey.disabled_reason,
support: "https://yiff.rest/support",
code: YiffyAPIErrorCodes::DISABLED_API_KEY.code,
}
render_error(YiffyAPIErrorCodes::DISABLED_API_KEY, error: "Your api key has been disabled by an administrator. See \"extra.reason\" for the reasoning.", extra: extra)
end
CurrentUser.user = @apikey.owner
end
def validate_images_access
@apikey = APIKey.from_request(request)
render_error(YiffyAPIErrorCodes::SERVICE_NO_ACCESS, error: "You do not have access to this service.") unless @apikey.images_access?
end
def validate_thumbs_access
@apikey = APIKey.from_request(request)
render_error(YiffyAPIErrorCodes::SERVICE_NO_ACCESS, error: "You do not have access to this service.") unless @apikey.thumbs_access?
end
def validate_shortener_access
@apikey = APIKey.from_request(request)
render_error(YiffyAPIErrorCodes::SERVICE_NO_ACCESS, error: "You do not have access to this service.") unless @apikey.shortener_access?
end
def validate_images_bulk_access
@apikey = APIKey.from_request(request)
render_error(YiffyAPIErrorCodes::SERVICE_NO_ACCESS, error: "You do not have access to this service.") unless @apikey.images_bulk_access?
end
def handle_ratelimit
info, body, rlheaders = RateLimiter.process(request)
headers.merge!(rlheaders)
return if info.nil?
# noinspection RubyCaseWithoutElseBlockInspection
case info
when :INVALID_KEY
render_error(YiffyAPIErrorCodes::INVALID_API_KEY, error: "Invalid api key.")
when :RATELIMIT_SHORT
render_error(YiffyAPIErrorCodes::RATELIMIT_ROUTE, error: "Request Limit Exceeded", info: body)
when :RATELIMIT_LONG
render_error(YiffyAPIErrorCodes::RATELIMIT_GLOBAL, error: "Request Limit Exceeded", info: body)
end
end
def check_ip_block
Websites.config.blocked_ip_addresses.each do |block|
next unless block[:ip] == request.remote_ip
render_error(YiffyAPIErrorCodes::IP_BLOCKED, error: "You have been blocked from accessing this service.", extra: {
reason: block[:reason],
help: "https://yiff.rest/support",
})
break
end
end
def user_access_check(method)
access_denied(message: "You do not have access to that.") unless CurrentUser.send(method)
end
APIUser::Levels.constants.each do |constant|
define_method("#{constant.downcase}_only") do
user_access_check("is_#{constant.downcase}?")
end
end
end
end