diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0ea58e9..cdc5fda 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -6,8 +6,18 @@ class ApplicationController < ActionController::API attr_reader :current_user def authenticate - return user_invalid! unless authorization_header + if authorization_header + authenticate_user + elsif customer_service_auth_key + authenticate_customer_service + else + user_invalid! + end + end + + private + def authenticate_user user = User.find_or_initialize_by({ email: user_auth_params['email'], google_id: user_auth_params['google_id'] @@ -15,10 +25,16 @@ def authenticate return user_invalid! unless user.valid? save_user!(user) - @current_user = user end + def authenticate_customer_service + customer_service_auth = CustomerServiceAuth.find_by(auth_key: customer_service_auth_key) + return user_invalid! unless customer_service_auth + + @current_user = customer_service_auth.customer + end + def save_user!(user) if user.new_record? user.first_name = user_auth_params['first_name'] @@ -45,6 +61,10 @@ def authorization_header request.headers['Authorization'] end + def customer_service_auth_key + request.headers['Customer-Service-Auth-Key'] + end + def user_auth_params return @user_auth_params if @user_auth_params diff --git a/db/schema.rb b/db/schema.rb index f6045a1..9cb2dcf 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[7.0].define(version: 2024_05_15_131152) do +ActiveRecord::Schema[7.0].define(version: 2024_06_05_181504) do # These are extensions that must be enabled in order to support this database enable_extension "pg_stat_statements" enable_extension "plpgsql" @@ -74,6 +74,22 @@ t.index ["user_id"], name: "index_certifications_on_user_id" end + create_table "customer_api_auths", force: :cascade do |t| + t.string "auth_key" + t.bigint "customer_id", null: false + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + t.index ["customer_id"], name: "index_customer_api_auths_on_customer_id" + end + + create_table "customer_service_auths", force: :cascade do |t| + t.string "auth_key" + t.bigint "customer_id", null: false + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + t.index ["customer_id"], name: "index_customer_service_auths_on_customer_id" + end + create_table "customers", force: :cascade do |t| t.string "name", null: false t.datetime "created_at", null: false @@ -354,6 +370,8 @@ add_foreign_key "assignments", "requirements" add_foreign_key "assignments", "users" add_foreign_key "certifications", "users" + add_foreign_key "customer_api_auths", "customers" + add_foreign_key "customer_service_auths", "customers" add_foreign_key "dynamic_datasets", "projects" add_foreign_key "issues", "projects" add_foreign_key "payments", "statement_of_works"