58 lines
1.5 KiB
Ruby
58 lines
1.5 KiB
Ruby
require_dependency 'carto/oauth_provider/errors'
|
|
require_dependency 'carto/oauth_provider/scopes/scopes'
|
|
|
|
module Carto
|
|
class OauthAccessToken < ActiveRecord::Base
|
|
include OauthProvider::Scopes
|
|
|
|
ACCESS_TOKEN_EXPIRATION_TIME = 1.hour
|
|
|
|
belongs_to :oauth_app_user, inverse_of: :oauth_access_tokens
|
|
belongs_to :api_key, inverse_of: :oauth_access_token, dependent: :destroy
|
|
|
|
validates :oauth_app_user, presence: true
|
|
|
|
validates :scopes, scopes: true
|
|
|
|
before_create :create_api_key, unless: :skip_api_key_creation
|
|
after_create :rename_api_key, unless: :skip_api_key_creation
|
|
|
|
scope :expired, -> { where('created_at < ?', Time.now - ACCESS_TOKEN_EXPIRATION_TIME) }
|
|
|
|
attr_accessor :skip_api_key_creation
|
|
|
|
def expires_in
|
|
created_at + ACCESS_TOKEN_EXPIRATION_TIME - Time.now
|
|
end
|
|
|
|
def user
|
|
oauth_app_user.user
|
|
end
|
|
|
|
def ownership_role_name
|
|
oauth_app_user.ownership_role_name
|
|
end
|
|
|
|
private
|
|
|
|
def create_api_key
|
|
grants = [{ type: 'apis', apis: [] }]
|
|
scopes.each do |s|
|
|
scope = OauthProvider::Scopes.build(s)
|
|
scope.add_to_api_key_grants(grants, user)
|
|
end
|
|
|
|
self.api_key = oauth_app_user.user.api_keys.create_oauth_key!(
|
|
name: "oauth_authorization #{SecureRandom.uuid}",
|
|
grants: grants,
|
|
ownership_role_name: ownership_role_name
|
|
)
|
|
end
|
|
|
|
def rename_api_key
|
|
# Rename after creation so we have the ID
|
|
api_key.update!(name: "oauth_authorization #{id}")
|
|
end
|
|
end
|
|
end
|