wedding-planner/app/controllers/application_controller.rb

# Copyright (C) 2024 Manuel Bustillo

# Copyright (C) 2024-2025 LibreWeddingPlanner contributors

# frozen_string_literal: true

class ApplicationController < ActionController::Base
  set_current_tenant_through_filter
  before_action :set_tenant
  before_action :authenticate_user!
  after_action :set_csrf_cookie

  skip_before_action :verify_authenticity_token, if: :development_swagger?

  rescue_from ActiveRecord::RecordInvalid do |exception|
    render json: {
      message: 'Record invalid',
      errors: exception.record.errors.full_messages
    }, status: :unprocessable_entity
  end

  rescue_from ActionController::ParameterMissing do |exception|
    render json: {
      message: 'Parameter missing',
      errors: [exception.message]
    }, status: :bad_request
  end

  rescue_from ActiveRecord::RecordNotFound do |exception|
    render json: {
      message: 'Record not found',
      errors: [exception.message]
    }, status: :not_found
  end

  private

  def validate_captcha!
    Rails.logger.info("Captcha params: #{captcha_params}")

    return if LibreCaptcha.new.valid?(id: captcha_params[:id], answer: captcha_params[:answer])

    render json: { error: 'Incorrect CAPTCHA solution' }, status: :unprocessable_entity
  end

  def captcha_params
    params.expect(captcha: %i[id answer])
  end

  def default_url_options(options = {})
    options.merge(path_params: { slug: ActsAsTenant.current_tenant&.slug })
  end

  def set_tenant
    set_current_tenant(Wedding.find_by!(slug: params[:slug]))
  end

  def development_swagger?
    Rails.env.test? ||
      (Rails.env.development? && request.headers['referer']&.include?('/api-docs/index.html'))
  end

  def set_csrf_cookie
    cookies['csrf-token'] = {
      value: form_authenticity_token,
      secure: false,
      same_site: :strict
    }
  end
end
Add copyright notice 2025-01-13 20:38:47 +00:00			`# Copyright (C) 2024 Manuel Bustillo`

Update copyright assignment to cover 2025 and include all contributors 2025-01-13 21:37:02 +01:00			`# Copyright (C) 2024-2025 LibreWeddingPlanner contributors`
Add copyright notice 2024-10-27 21:42:45 +00:00
Fix order of Ruby's magic string comment and Copyright assignment 2024-12-28 18:37:47 +01:00			`# frozen_string_literal: true`

Initial commit 2024-07-11 18:42:31 +02:00			`class ApplicationController < ActionController::Base`
Limit visibility per tenant 2024-12-02 09:04:48 +01:00			`set_current_tenant_through_filter`
Configure current tenant in a before_action of the ApplicationController 2024-11-30 21:11:25 +01:00			`before_action :set_tenant`
Require user authentication by default 2024-11-30 11:03:29 +01:00			`before_action :authenticate_user!`
Update format of guests API and document endpoints 2024-11-16 02:16:19 +01:00			`after_action :set_csrf_cookie`
Configure endpoint to support bulk updates 2024-10-27 14:03:13 +01:00
Update format of guests API and document endpoints 2024-11-16 02:16:19 +01:00			`skip_before_action :verify_authenticity_token, if: :development_swagger?`
Configure endpoint to support bulk updates 2024-10-27 14:03:13 +01:00
Update format of guests API and document endpoints 2024-11-16 02:16:19 +01:00			`rescue_from ActiveRecord::RecordInvalid do \|exception\|`
			`render json: {`
			`message: 'Record invalid',`
			`errors: exception.record.errors.full_messages`
			`}, status: :unprocessable_entity`
			`end`

			`rescue_from ActionController::ParameterMissing do \|exception\|`
			`render json: {`
			`message: 'Parameter missing',`
			`errors: [exception.message]`
			`}, status: :bad_request`
			`end`

			`rescue_from ActiveRecord::RecordNotFound do \|exception\|`
			`render json: {`
			`message: 'Record not found',`
			`errors: [exception.message]`
			`}, status: :not_found`
			`end`

			`private`

Validate the Captcha challenge for account signup 2024-12-01 19:56:49 +01:00			`def validate_captcha!`
			`Rails.logger.info("Captcha params: #{captcha_params}")`

			`return if LibreCaptcha.new.valid?(id: captcha_params[:id], answer: captcha_params[:answer])`

			`render json: { error: 'Incorrect CAPTCHA solution' }, status: :unprocessable_entity`
			`end`

			`def captcha_params`
Run Rubocop autocorrect on app/controllers 2024-12-28 18:28:28 +01:00			`params.expect(captcha: %i[id answer])`
Validate the Captcha challenge for account signup 2024-12-01 19:56:49 +01:00			`end`
Run Rubocop autocorrect on app/controllers 2024-12-28 18:28:28 +01:00
Configure registration endpoint to create a wedding as well 2024-12-01 14:03:06 +01:00			`def default_url_options(options = {})`
			`options.merge(path_params: { slug: ActsAsTenant.current_tenant&.slug })`
			`end`

Configure current tenant in a before_action of the ApplicationController 2024-11-30 21:11:25 +01:00			`def set_tenant`
Limit visibility per tenant 2024-12-02 09:04:48 +01:00			`set_current_tenant(Wedding.find_by!(slug: params[:slug]))`
Configure current tenant in a before_action of the ApplicationController 2024-11-30 21:11:25 +01:00			`end`

Update format of guests API and document endpoints 2024-11-16 02:16:19 +01:00			`def development_swagger?`
			`Rails.env.test? \|\|`
Run Rubocop autocorrect on app/controllers 2024-12-28 18:28:28 +01:00			`(Rails.env.development? && request.headers['referer']&.include?('/api-docs/index.html'))`
Update format of guests API and document endpoints 2024-11-16 02:16:19 +01:00			`end`

			`def set_csrf_cookie`
			`cookies['csrf-token'] = {`
			`value: form_authenticity_token,`
Temporarily allow insecure cookies 2024-12-08 00:48:42 +01:00			`secure: false,`
Update format of guests API and document endpoints 2024-11-16 02:16:19 +01:00			`same_site: :strict`
			`}`
			`end`
Initial commit 2024-07-11 18:42:31 +02:00			`end`