impress/app/controllers/application_controller.rb

require 'ipaddr'

class ApplicationController < ActionController::Base
  include FragmentLocalization
  
  protect_from_forgery

  helper_method :current_user, :user_signed_in?
  
  before_action :set_locale

  before_action :configure_permitted_parameters, if: :devise_controller?
  before_action :save_return_to_path,
    if: ->(c) { c.controller_name == 'sessions' && c.action_name == 'new' }

  # Enable profiling tools if logged in as admin.
  before_action do
    if current_user && current_user.admin?
      Rack::MiniProfiler.authorize_request
    end
  end

  def authenticate_user!
    redirect_to(new_auth_user_session_path) unless user_signed_in?
  end

  def authorize_user!
    raise AccessDenied unless user_signed_in? && current_user.id == params[:user_id].to_i
  end

  def current_user
    if auth_user_signed_in?
      User.where(remote_id: current_auth_user.id).first
    else
      nil
    end
  end

  def user_signed_in?
    auth_user_signed_in?
  end
  
  def infer_locale
    return params[:locale] if valid_locale?(params[:locale])
    return cookies[:locale] if valid_locale?(cookies[:locale])
    Rails.logger.debug "Preferred languages: #{http_accept_language.user_preferred_languages}"
    http_accept_language.language_region_compatible_from(I18n.public_locales.map(&:to_s)) ||
      I18n.default_locale
  end
  
  def not_found(record_name='record')
    raise ActionController::RoutingError.new("#{record_name} not found")
  end

  class AccessDenied < StandardError;end

  rescue_from AccessDenied, :with => :on_access_denied

  def on_access_denied
    render template: 'public/403.html', :layout => false, :status => :forbidden
  end

  def redirect_back!(default=:back)
    redirect_to(params[:return_to] || default)
  end
  
  def set_locale
    I18n.locale = infer_locale || I18n.default_locale
  end
  
  def valid_locale?(locale)
    locale && I18n.usable_locales.include?(locale.to_sym)
  end

  def configure_permitted_parameters
    # Devise will automatically permit the authentication key (username) and
    # the password, but we need to let the email field through ourselves.
    devise_parameter_sanitizer.permit(:sign_up, keys: [:email])
    devise_parameter_sanitizer.permit(:account_update, keys: [:email])
  end

  def save_return_to_path
    if params[:return_to]
      Rails.logger.debug "Saving return_to path: #{params[:return_to].inspect}"
      session[:devise_return_to] = params[:return_to]
    end
  end

  def after_sign_in_path_for(user)
    return_to = session.delete(:devise_return_to)
    Rails.logger.debug "Using return_to path: #{return_to.inspect}"
    return_to || root_path
  end

  def after_sign_out_path_for(user)
    return_to = params[:return_to]
    Rails.logger.debug "Using return_to path: #{return_to.inspect}"
    return_to || root_path
  end
end
allow pet data submissions from private-block IPs, not just 127.0.0.1 2015-07-17 22:04:53 -07:00			`require 'ipaddr'`

rails 3 2010-05-14 15:12:31 -07:00			`class ApplicationController < ActionController::Base`
i18n for outfits#new (and layouts#application), including caching 2012-12-29 22:46:36 -08:00			`include FragmentLocalization`

rails 3 2010-05-14 15:12:31 -07:00			`protect_from_forgery`
image mode 2011-06-27 12:33:34 -07:00
Remove old OpenNeo ID auth code This removes login/logout/session logic for integrating with OpenNeo ID, replacing them with stubs that just redirect to `/?TODO` when you click login, and helpers that act as if you're not logged in. This gives us a clean slate to plug in new Devise logic to integrate with the `openneo_id` database directly! 2023-08-03 17:40:52 -07:00			`helper_method :current_user, :user_signed_in?`
i18n for outfits#new (and layouts#application), including caching 2012-12-29 22:46:36 -08:00
Upgrade to Rails 5.2.8.1 Some important little upgrades but mostly straightforward! Note that there's still a known issue where item searches crash, I was hoping that this was a bug in Rails 4.2 that would be fixed on upgading to 5, but nope, oh well! Also uhh I just got a bit silly and didn't actually mean to go all the way to 5.2 in one go, I had meant to start at 5.0… but tbh the 5.1 and 5.2 changes seem small, and this seems to be working, so. Yeah ok let's roll! 2023-08-02 16:05:02 -07:00			`before_action :set_locale`
image mode 2011-06-27 12:33:34 -07:00
Signup and settings page for OpenNeo ID accounts Hey nice!! Note that I removed an account delete button from the settings page. You can still send a DELETE request to the right endpoint to do it, but it's not gonna delete all the associated records, and I wanna think a bit about how to handle that better before exposing that button. 2023-08-06 17:26:56 -07:00			`before_action :configure_permitted_parameters, if: :devise_controller?`
Login/logout returns you to the same page In the login case, we save the `return_to` parameter in the session, because login can be a multi-step process. In the logout case, we just read it directly from the form params. Note that you could end up in a weird scenario where an old return_to value sticks around for a bit? But we have the sense to delete it when we use it on a successful sign-in, and most links to the login page come with a `return_to` param which should reset it. So, you'd have to 1) have started but not finished a sign-in, 2) during the same session, and 3) get to the login page by an unusual means. Probably fine! 2023-08-06 18:24:23 -07:00			`before_action :save_return_to_path,`
			`if: ->(c) { c.controller_name == 'sessions' && c.action_name == 'new' }`
Signup and settings page for OpenNeo ID accounts Hey nice!! Note that I removed an account delete button from the settings page. You can still send a DELETE request to the right endpoint to do it, but it's not gonna delete all the associated records, and I wanna think a bit about how to handle that better before exposing that button. 2023-08-06 17:26:56 -07:00
Add mini profiler to each page It shows up in development always, and if you're logged in as Me Specifically in production! I'm using this to poke at memory usage for pages that seem suspicious. I don't know why our app reliably grows so large in RAM, but my hunch is that maybe there are some pages that just use a truly large amount to begin with - and I've learned Ruby doesn't release memory back after it's GC'd, it just grows the process and keeps the free space to itself in its own heap! So I'm just eyeing pages that I know can have a lot going on, and seeing what I find! 2023-10-27 19:38:49 -07:00			`# Enable profiling tools if logged in as admin.`
			`before_action do`
			`if current_user && current_user.admin?`
			`Rack::MiniProfiler.authorize_request`
			`end`
			`end`

Remove old OpenNeo ID auth code This removes login/logout/session logic for integrating with OpenNeo ID, replacing them with stubs that just redirect to `/?TODO` when you click login, and helpers that act as if you're not logged in. This gives us a clean slate to plug in new Devise logic to integrate with the `openneo_id` database directly! 2023-08-03 17:40:52 -07:00			`def authenticate_user!`
Can log into OpenNeo ID accounts directly! A lot of rough edges here (e.g. no styles on the flash messages), but it's working and that's good!! I tested this by temporarily switching to the production database and logging in as matchu! Still missing a lot of big features too, like registration, password resets, settings page, etc. 2023-08-06 15:52:05 -07:00			`redirect_to(new_auth_user_session_path) unless user_signed_in?`
import closet page 2011-07-12 21:25:14 -07:00			`end`

first pass at closet lists, including form 2011-07-26 17:27:23 -07:00			`def authorize_user!`
			`raise AccessDenied unless user_signed_in? && current_user.id == params[:user_id].to_i`
			`end`

Remove old OpenNeo ID auth code This removes login/logout/session logic for integrating with OpenNeo ID, replacing them with stubs that just redirect to `/?TODO` when you click login, and helpers that act as if you're not logged in. This gives us a clean slate to plug in new Devise logic to integrate with the `openneo_id` database directly! 2023-08-03 17:40:52 -07:00			`def current_user`
Can log into OpenNeo ID accounts directly! A lot of rough edges here (e.g. no styles on the flash messages), but it's working and that's good!! I tested this by temporarily switching to the production database and logging in as matchu! Still missing a lot of big features too, like registration, password resets, settings page, etc. 2023-08-06 15:52:05 -07:00			`if auth_user_signed_in?`
			`User.where(remote_id: current_auth_user.id).first`
			`else`
			`nil`
			`end`
Remove old OpenNeo ID auth code This removes login/logout/session logic for integrating with OpenNeo ID, replacing them with stubs that just redirect to `/?TODO` when you click login, and helpers that act as if you're not logged in. This gives us a clean slate to plug in new Devise logic to integrate with the `openneo_id` database directly! 2023-08-03 17:40:52 -07:00			`end`

			`def user_signed_in?`
Can log into OpenNeo ID accounts directly! A lot of rough edges here (e.g. no styles on the flash messages), but it's working and that's good!! I tested this by temporarily switching to the production database and logging in as matchu! Still missing a lot of big features too, like registration, password resets, settings page, etc. 2023-08-06 15:52:05 -07:00			`auth_user_signed_in?`
image mode 2011-06-27 12:33:34 -07:00			`end`
create /start/:species_name/:color_name route 2012-06-05 09:44:11 -07:00
i18n for outfits#new (and layouts#application), including caching 2012-12-29 22:46:36 -08:00			`def infer_locale`
infer locale from params, then cookies, then Accept-Language header 2013-01-11 09:07:11 -08:00			`return params[:locale] if valid_locale?(params[:locale])`
			`return cookies[:locale] if valid_locale?(cookies[:locale])`
			`Rails.logger.debug "Preferred languages: #{http_accept_language.user_preferred_languages}"`
oops: only infer public locales from language header 2013-01-26 22:35:22 -08:00			`http_accept_language.language_region_compatible_from(I18n.public_locales.map(&:to_s)) \|\|`
infer locale from params, then cookies, then Accept-Language header 2013-01-11 09:07:11 -08:00			`I18n.default_locale`
i18n for outfits#new (and layouts#application), including caching 2012-12-29 22:46:36 -08:00			`end`

create /start/:species_name/:color_name route 2012-06-05 09:44:11 -07:00			`def not_found(record_name='record')`
			`raise ActionController::RoutingError.new("#{record_name} not found")`
			`end`
restructure backend of closet hanger quantity updates 2011-07-15 13:15:57 -07:00
			`class AccessDenied < StandardError;end`

			`rescue_from AccessDenied, :with => :on_access_denied`

			`def on_access_denied`
Upgrade to Rails 6.1.7.4 This one was pretty straightforward yaay! Main thing was the change from `render file` to `render template` in a couple places, oh and a thing with complex `order()` clauses. 2023-08-02 17:55:32 -07:00			`render template: 'public/403.html', :layout => false, :status => :forbidden`
restructure backend of closet hanger quantity updates 2011-07-15 13:15:57 -07:00			`end`
simplify closet hangers view, replace user_is?(@user) with !public_perspective? 2011-07-20 09:39:18 -07:00
neomail link on closets 2011-07-20 12:16:22 -07:00			`def redirect_back!(default=:back)`
			`redirect_to(params[:return_to] \|\| default)`
			`end`
i18n for outfits#new (and layouts#application), including caching 2012-12-29 22:46:36 -08:00
			`def set_locale`
			`I18n.locale = infer_locale \|\| I18n.default_locale`
			`end`
infer locale from params, then cookies, then Accept-Language header 2013-01-11 09:07:11 -08:00
			`def valid_locale?(locale)`
locale metadata, including hidden locales for item loading and selection 2013-01-17 20:16:34 -08:00			`locale && I18n.usable_locales.include?(locale.to_sym)`
infer locale from params, then cookies, then Accept-Language header 2013-01-11 09:07:11 -08:00			`end`
Signup and settings page for OpenNeo ID accounts Hey nice!! Note that I removed an account delete button from the settings page. You can still send a DELETE request to the right endpoint to do it, but it's not gonna delete all the associated records, and I wanna think a bit about how to handle that better before exposing that button. 2023-08-06 17:26:56 -07:00
			`def configure_permitted_parameters`
			`# Devise will automatically permit the authentication key (username) and`
			`# the password, but we need to let the email field through ourselves.`
			`devise_parameter_sanitizer.permit(:sign_up, keys: [:email])`
			`devise_parameter_sanitizer.permit(:account_update, keys: [:email])`
			`end`
Login/logout returns you to the same page In the login case, we save the `return_to` parameter in the session, because login can be a multi-step process. In the logout case, we just read it directly from the form params. Note that you could end up in a weird scenario where an old return_to value sticks around for a bit? But we have the sense to delete it when we use it on a successful sign-in, and most links to the login page come with a `return_to` param which should reset it. So, you'd have to 1) have started but not finished a sign-in, 2) during the same session, and 3) get to the login page by an unusual means. Probably fine! 2023-08-06 18:24:23 -07:00
			`def save_return_to_path`
			`if params[:return_to]`
			`Rails.logger.debug "Saving return_to path: #{params[:return_to].inspect}"`
			`session[:devise_return_to] = params[:return_to]`
			`end`
			`end`

			`def after_sign_in_path_for(user)`
			`return_to = session.delete(:devise_return_to)`
			`Rails.logger.debug "Using return_to path: #{return_to.inspect}"`
			`return_to \|\| root_path`
			`end`

			`def after_sign_out_path_for(user)`
			`return_to = params[:return_to]`
			`Rails.logger.debug "Using return_to path: #{return_to.inspect}"`
			`return_to \|\| root_path`
			`end`
rails 3 2010-05-14 15:12:31 -07:00			`end`
image mode 2011-06-27 12:33:34 -07:00