Add whitelist mode (#11291)

author: Eugen Rochko <eugen@zeonfederated.com> 2019-07-30 11:10:46 +0200
committer: GitHub <noreply@github.com> 2019-07-30 11:10:46 +0200
commit: 24552b5160a5090e7d6056fb69a209aa48fe4fce (patch)
tree: 57ab47f71d7f589c9da4dd959d3dec6f0902409a /app/controllers/api/base_controller.rb
parent: 85b7b565def2594b6ad791731802eb4c8a803a69 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb
index 6f33a1ea9..109e38ffa 100644
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -9,6 +9,7 @@ class Api::BaseController < ApplicationController
   skip_before_action :store_current_location
   skip_before_action :require_functional!
 
+  before_action :require_authenticated_user!, if: :disallow_unauthenticated_api_access?
   before_action :set_cache_headers
 
   protect_from_forgery with: :null_session
@@ -69,6 +70,10 @@ class Api::BaseController < ApplicationController
     nil
   end
 
+  def require_authenticated_user!
+    render json: { error: 'This API requires an authenticated user' }, status: 401 unless current_user
+  end
+
   def require_user!
     if !current_user
       render json: { error: 'This method requires an authenticated user' }, status: 422
@@ -94,4 +99,8 @@ class Api::BaseController < ApplicationController
   def set_cache_headers
     response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
   end
+
+  def disallow_unauthenticated_api_access?
+    authorized_fetch_mode?
+  end
 end
author	Eugen Rochko <eugen@zeonfederated.com>	2019-07-30 11:10:46 +0200
committer	GitHub <noreply@github.com>	2019-07-30 11:10:46 +0200
commit	24552b5160a5090e7d6056fb69a209aa48fe4fce (patch)
tree	57ab47f71d7f589c9da4dd959d3dec6f0902409a /app/controllers/api/base_controller.rb
parent	85b7b565def2594b6ad791731802eb4c8a803a69 (diff)