Module: Api::Admin::Concerns::Authentication

Includes:

EncryptableHelper

Included in:

BaseController

Defined in:

app/controllers/api/admin/concerns/authentication.rb

Constant Summary

RESTAURANT_ONBOARDING_NAME =

'HungryHub-Restaurant Onboarding'

Instance Method Summary

• #authentication! ⇒ Object

Methods included from EncryptableHelper

#decrypt, #encrypt, #generate_signature

Instance Method Details

#authentication! ⇒ Object

# File 'app/controllers/api/admin/concerns/authentication.rb', line 8

def authentication!
  auth_header = request.headers['Authorization']

  if auth_header.blank?
    render json: { success: false, message: 'Missing authorization header', errors: [] }, status: :unauthorized
    return
  end

  # assume the token is in the 'Authorization' header with format 'hmac <token>'
  hmac, token = auth_header.split
  unless hmac.downcase == 'hmac'
    render json: { success: false, message: 'Missing authentication token', errors: [] }, status: :unauthorized
    return
  end

  # validate token format <KEY>:<TIMESTAMP>:<SIGNATURE>
  unless token.match?(/\A[\w-]+:\d+:\w+\z/)
    render json: { success: false, message: 'Invalid authentication token format', errors: [] }, status: :unauthorized
    return
  end

  api_key, timestamp, client_signature = token.split(':')

  unless valid_admin_application?(api_key)
    render json: { success: false, message: 'Invalid admin application', errors: [] }, status: :unauthorized
    return
  end

  unless valid_token?(api_key, timestamp, client_signature)
    render json: { success: false, message: 'Invalid authentication token', errors: [] }, status: :unauthorized
    return
  end

  # Set business context for logging
  BUSINESS_LOGGER.set_business_context({
                                         admin_application: @admin_application.name,
                                         admin_application_id: @admin_application.id,
                                       })

  # token is valid, continue with the request
  true
end