#327 #327 #327 #327 Merge remote-tracking branch 'origin/main' into feature/327 #327 Co-authored-by: miteruzo <miteruzo@naver.com> Reviewed-on: #342
This commit was merged in pull request #342.
This commit is contained in:
@@ -1,14 +1,16 @@
|
||||
class ApplicationController < ActionController::API
|
||||
before_action :reject_banned_ip_address!
|
||||
before_action :authenticate_user
|
||||
before_action :reject_banned_user!
|
||||
|
||||
def current_user
|
||||
@current_user
|
||||
end
|
||||
def current_user = @current_user
|
||||
|
||||
private
|
||||
|
||||
def authenticate_user
|
||||
code = request.headers['X-Transfer-Code'] || request.headers['HTTP_X_TRANSFER_CODE']
|
||||
return if code.blank?
|
||||
|
||||
@current_user = User.find_by(inheritance_code: code)
|
||||
end
|
||||
|
||||
@@ -22,4 +24,17 @@ class ApplicationController < ActionController::API
|
||||
s.in?(['', '1', 'true', 'on', 'yes'])
|
||||
end
|
||||
end
|
||||
|
||||
def reject_banned_ip_address!
|
||||
ip_address = IpAddress.find_by(ip_address: IPAddr.new(request.remote_ip).hton)
|
||||
return unless ip_address&.banned?
|
||||
|
||||
head :forbidden
|
||||
end
|
||||
|
||||
def reject_banned_user!
|
||||
return unless current_user&.banned?
|
||||
|
||||
head :forbidden
|
||||
end
|
||||
end
|
||||
|
||||
@@ -1,9 +1,6 @@
|
||||
class UsersController < ApplicationController
|
||||
def create
|
||||
return head :unprocessable_entity if request.remote_ip.blank?
|
||||
|
||||
user = nil
|
||||
|
||||
User.transaction do
|
||||
user = User.create!(inheritance_code: SecureRandom.uuid, role: :guest)
|
||||
attach_ip_address!(user)
|
||||
@@ -17,8 +14,7 @@ class UsersController < ApplicationController
|
||||
def verify
|
||||
user = User.find_by(inheritance_code: params[:code])
|
||||
return render json: { valid: false } unless user
|
||||
|
||||
return head :unprocessable_entity if request.remote_ip.blank?
|
||||
return head :forbidden if user.banned?
|
||||
|
||||
attach_ip_address!(user)
|
||||
|
||||
|
||||
@@ -1,7 +1,10 @@
|
||||
class IpAddress < ApplicationRecord
|
||||
validates :ip_address, presence: true, length: { maximum: 16 }
|
||||
validates :banned, inclusion: { in: [true, false] }
|
||||
|
||||
has_many :user_ips, dependent: :destroy
|
||||
has_many :users, through: :user_ips
|
||||
|
||||
def banned? = banned_at.present?
|
||||
def ban! = banned? || update!(banned_at: Time.current)
|
||||
def unban! = update!(banned_at: nil)
|
||||
end
|
||||
|
||||
@@ -4,7 +4,6 @@ class User < ApplicationRecord
|
||||
validates :name, length: { maximum: 255 }
|
||||
validates :inheritance_code, presence: true, length: { maximum: 64 }
|
||||
validates :role, presence: true, inclusion: { in: roles.keys }
|
||||
validates :banned, inclusion: { in: [true, false] }
|
||||
|
||||
has_many :created_posts,
|
||||
class_name: 'Post', foreign_key: :uploaded_user_id, dependent: :nullify
|
||||
@@ -19,5 +18,10 @@ class User < ApplicationRecord
|
||||
class_name: 'WikiPage', foreign_key: :updated_user_id, dependent: :nullify
|
||||
|
||||
def viewed?(post) = user_post_views.exists?(post_id: post.id)
|
||||
|
||||
def gte_member? = member? || admin?
|
||||
|
||||
def banned? = banned_at.present?
|
||||
def ban! = banned? || update!(banned_at: Time.current)
|
||||
def unban! = update!(banned_at: nil)
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user