Chatwoot/app/controllers/concerns/access_token_auth_helper.rb

module AccessTokenAuthHelper
  BOT_ACCESSIBLE_ENDPOINTS = {
    'api/v1/accounts/conversations' => %w[toggle_status create],
    'api/v1/accounts/conversations/messages' => ['create']
  }.freeze

  def ensure_access_token
    token = request.headers[:api_access_token] || request.headers[:HTTP_API_ACCESS_TOKEN]
    @access_token = AccessToken.find_by(token: token) if token.present?
  end

  def authenticate_access_token!
    ensure_access_token
    render_unauthorized('Invalid Access Token') && return if @access_token.blank?

    @resource = @access_token.owner
    Current.user = @resource if current_user.is_a?(User)
  end

  def validate_bot_access_token!
    return if Current.user.is_a?(User)
    return if agent_bot_accessible?

    render_unauthorized('Access to this endpoint is not authorized for bots')
  end

  def agent_bot_accessible?
    BOT_ACCESSIBLE_ENDPOINTS.fetch(params[:controller], []).include?(params[:action])
  end
end
Feature: Access tokens for API access (#604) Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-03-10 18:32:15 +00:00			`module AccessTokenAuthHelper`
			`BOT_ACCESSIBLE_ENDPOINTS = {`
Feature: Rich Message Types (#610) Co-authored-by: Pranav Raj S <pranavrajs@gmail.com> Co-authored-by: Nithin David Thomas <webofnithin@gmail.com> 2020-04-10 11:12:37 +00:00			`'api/v1/accounts/conversations' => %w[toggle_status create],`
Feature: Access tokens for API access (#604) Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-03-10 18:32:15 +00:00			`'api/v1/accounts/conversations/messages' => ['create']`
			`}.freeze`

Feature: Introduce Super Admins (#705) * Feature: Introduce Super Admins - added new devise model for super user - added administrate gem - sample dashboards for users and accounts Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-05-11 17:37:22 +00:00			`def ensure_access_token`
Feature: Business logo API for web widget (#674) Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-04-07 04:49:19 +00:00			`token = request.headers[:api_access_token] \|\| request.headers[:HTTP_API_ACCESS_TOKEN]`
Feature: Introduce Super Admins (#705) * Feature: Introduce Super Admins - added new devise model for super user - added administrate gem - sample dashboards for users and accounts Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-05-11 17:37:22 +00:00			`@access_token = AccessToken.find_by(token: token) if token.present?`
			`end`

			`def authenticate_access_token!`
			`ensure_access_token`
			`render_unauthorized('Invalid Access Token') && return if @access_token.blank?`

			`@resource = @access_token.owner`
fix: Current.user nil issue when using access tokens (#2012) 2021-03-29 17:56:20 +00:00			`Current.user = @resource if current_user.is_a?(User)`
Feature: Introduce Super Admins (#705) * Feature: Introduce Super Admins - added new devise model for super user - added administrate gem - sample dashboards for users and accounts Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-05-11 17:37:22 +00:00			`end`
Chore: Update ruby version (#665) 2020-04-05 06:41:50 +00:00
Feature: Access tokens for API access (#604) Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-03-10 18:32:15 +00:00			`def validate_bot_access_token!`
fix: Current.user nil issue when using access tokens (#2012) 2021-03-29 17:56:20 +00:00			`return if Current.user.is_a?(User)`
Feature: Access tokens for API access (#604) Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-03-10 18:32:15 +00:00			`return if agent_bot_accessible?`

			`render_unauthorized('Access to this endpoint is not authorized for bots')`
			`end`

			`def agent_bot_accessible?`
			`BOT_ACCESSIBLE_ENDPOINTS.fetch(params[:controller], []).include?(params[:action])`
			`end`
			`end`