app/controllers/concerns/workhorse_authorization.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

# frozen_string_literal: true

module WorkhorseAuthorization
  extend ActiveSupport::Concern
  include WorkhorseRequest

  included do
    skip_before_action :verify_authenticity_token, only: %i[authorize]
    before_action :verify_workhorse_api!, only: %i[authorize]
  end

  def authorize
    set_workhorse_internal_api_content_type

    authorized = uploader_class.workhorse_authorize(
      has_length: false,
      maximum_size: maximum_size.to_i)

    render json: authorized
  rescue SocketError
    render json: _("Error uploading file"), status: :internal_server_error
  end

  private

  def file_is_valid?(file)
    return false unless file.is_a?(::UploadedFile)

    file_extension_allowlist.include?(File.extname(file.original_filename).downcase.delete('.'))
  end

  def uploader_class
    raise NotImplementedError
  end

  def maximum_size
    raise NotImplementedError
  end

  def file_extension_allowlist
    ImportExportUploader::EXTENSION_ALLOWLIST
  end
end