Added authentication and api connector service

Author: tsoganov

.gitignore

@@ -41,3 +41,6 @@ TODO
 
 /app/assets/builds/*
 !/app/assets/builds/.keep
+
+# Ignore application configuration
+/config/application.yml

Gemfile

@@ -42,6 +42,8 @@ gem "thruster", require: false
 
 gem 'cancancan'
 gem 'devise'
+gem 'faraday'
+gem 'figaro'
 
 gem 'font-awesome-sass', '~> 5.15.1'
 

Gemfile.lock

@@ -122,8 +122,16 @@ GEM
     erubi (1.13.1)
     et-orbi (1.2.11)
       tzinfo
+    faraday (2.13.2)
+      faraday-net_http (>= 2.0, < 3.5)
+      json
+      logger
+    faraday-net_http (3.4.1)
+      net-http (>= 0.5.0)
     ffi (1.17.2-aarch64-linux-gnu)
     ffi (1.17.2-x86_64-linux-gnu)
+    figaro (1.3.0)
+      thor (>= 0.14.0, < 2)
     font-awesome-sass (5.15.1)
       sassc (>= 1.11)
     fugit (1.11.1)
@@ -151,6 +159,7 @@ GEM
     jbuilder (2.13.0)
       actionview (>= 5.0.0)
       activesupport (>= 5.0.0)
+    json (2.12.2)
     kamal (2.7.0)
       activesupport (>= 7.0)
       base64 (~> 0.2)
@@ -176,6 +185,8 @@ GEM
     mini_mime (1.1.5)
     minitest (5.25.5)
     msgpack (1.8.0)
+    net-http (0.6.0)
+      uri
     net-imap (0.5.9)
       date
       net-protocol
@@ -359,6 +370,8 @@ DEPENDENCIES
   dartsass-rails (~> 0.5.1)
   debug
   devise
+  faraday
+  figaro
   font-awesome-sass (~> 5.15.1)
   importmap-rails
   jbuilder

app/controllers/application_controller.rb

@@ -13,9 +13,9 @@ class ApplicationController < ActionController::Base
   protected
 
   def configure_permitted_parameters
-    added_attrs = [:username, :email, :password, :password_confirmation, :remember_me]
+    added_attrs = %i[username email password password_confirmation remember_me]
     devise_parameter_sanitizer.permit :sign_up, keys: added_attrs
-    devise_parameter_sanitizer.permit :sign_in, keys: [:login, :password]
+    devise_parameter_sanitizer.permit :sign_in, keys: %i[username password]
     devise_parameter_sanitizer.permit :account_update, keys: added_attrs
   end
 end

app/controllers/users/sessions_controller.rb

@@ -3,25 +3,64 @@
 class Users::SessionsController < Devise::SessionsController
   # before_action :configure_sign_in_params, only: [:create]
 
-  # GET /resource/sign_in
-  # def new
-  #   super
-  # end
-
   # POST /resource/sign_in
-  # def create
-  #   super
-  # end
+  def create
+    username = params[:user][:username]
+    password = params[:user][:password]
 
-  # DELETE /resource/sign_out
-  # def destroy
-  #   super
-  # end
+    # Validate input
+    if username.blank? || password.blank?
+      flash.now[:alert] = t('devise.failure.invalid', authentication_keys: 'username')
+      render :new, status: :unauthorized
+      return
+    end
+
+    user = User.find_by(username: username)
+
+    if user&.valid_password?(password) && user&.admin?
+      sign_in(user)
+      redirect_after_sign_in(user)
+    else
+      api_authenticate_user(username, password)
+    end
+  end
 
   # protected
 
   # If you have extra params to permit, append them to the sanitizer.
   # def configure_sign_in_params
   #   devise_parameter_sanitizer.permit(:sign_in, keys: [:attribute])
   # end
+
+  private
+
+  def api_authenticate_user(username, password)
+    auth_service = AuthenticationService.new
+    response = auth_service.authenticate_user(username, password)
+
+    unless response[:success]
+      flash.now[:alert] = response[:message]
+      render :new, status: :unauthorized
+      return
+    end
+
+    user = User.find_or_initialize_by(username: response[:username])
+    if user.new_record?
+      user.email = response[:registrar_email]
+      user.role = 'user'
+      user.password = password
+      user.save!
+    end
+
+    sign_in(user)
+    redirect_after_sign_in(user)
+  end
+
+  def redirect_after_sign_in(user)
+    if user.admin?
+      redirect_to admin_dashboard_path, notice: "Welcome back, #{user.username}!"
+    else
+      redirect_to root_path, notice: "Welcome back, #{user.username}!"
+    end
+  end
 end

app/models/user.rb

@@ -2,7 +2,7 @@ class User < ApplicationRecord
   # Include default devise modules. Others available are:
   # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
   devise :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :validatable
+         :recoverable, :rememberable, :validatable, :trackable
 
   validates :username, presence: true, uniqueness: { case_sensitive: false }
 
@@ -13,4 +13,16 @@ class User < ApplicationRecord
   def set_default_role
     self.role ||= 'user'
   end
+
+  def first_sign_in?
+    sign_in_count == 1
+  end
+
+  def last_sign_in_ip_address
+    last_sign_in_ip
+  end
+
+  def current_sign_in_ip_address
+    current_sign_in_ip
+  end
 end

app/services/api_connector.rb

@@ -0,0 +1,161 @@
+# frozen_string_literal: true
+
+# Base class for API services with HTTP client and error handling
+class ApiConnector
+  # Class-level configuration
+  class << self
+    attr_accessor :timeout, :max_retries, :retry_delay, :logging
+  end
+
+  # Default configuration
+  self.timeout = 10
+  self.max_retries = 3
+  self.retry_delay = 1
+  self.logging = Rails.env.development?
+
+  def initialize
+    @connection = build_connection
+  end
+
+  # Generic method to make API requests with error handling
+  def make_request(method, url, options = {})
+    return error_response('API endpoint not configured') unless url
+
+    begin
+      response = @connection.send(method) do |req|
+        req.url url
+        req.headers['Content-Type'] = 'application/json'
+
+        # Add custom headers
+        options[:headers]&.each { |key, value| req.headers[key] = value }
+
+        # Add body for POST/PUT requests
+        req.body = options[:body] if options[:body]
+      end
+
+      handle_response(response)
+    rescue Faraday::TimeoutError => e
+      handle_timeout_error(e)
+    rescue Faraday::ConnectionFailed => e
+      handle_connection_error(e)
+    rescue Faraday::Error => e
+      handle_faraday_error(e)
+    rescue StandardError => e
+      handle_generic_error(e)
+    end
+  end
+
+  def handle_response(response)
+    case response.status
+    when 200
+      success_response(response.body)
+    when 401
+      error_response('Invalid credentials')
+    when 403
+      error_response('Access denied')
+    when 404
+      error_response('Service not found')
+    when 422
+      error_response('Invalid data')
+    when 500..599
+      error_response('Service error')
+    else
+      error_response('Unexpected response from service')
+    end
+  end
+
+  private
+
+  def build_connection
+    Faraday.new do |faraday|
+      faraday.request :url_encoded
+      faraday.request :json
+      faraday.response :json
+      faraday.adapter Faraday.default_adapter
+
+      # Configure timeout
+      faraday.options.timeout = self.class.timeout
+      faraday.options.open_timeout = self.class.timeout
+
+      # Configure logging if enabled
+      if self.class.logging
+        faraday.response :logger, Rails.logger, { headers: false, bodies: false }
+      end
+    end
+  end
+
+  def generate_api_token(username, password)
+    # Generate a token based on username and password
+    # You can customize this method based on your API requirements
+
+    # Get token generation method from configuration
+    token_method = ENV['API_TOKEN_METHOD'] || 'base64'
+
+    case token_method
+    when 'hmac'
+      generate_hmac_token(username, password)
+    when 'base64'
+      generate_base64_token(username, password)
+    when 'simple'
+      generate_simple_token(username, password)
+    else
+      generate_base64_token(username, password) # Default to base64
+    end
+  end
+
+  def generate_hmac_token(username, password)
+    # Using HMAC for secure token generation
+    secret_key = ENV['API_SECRET_KEY'] || 'default_secret_key'
+    timestamp = Time.current.to_i
+    token_data = "#{username}:#{password}:#{timestamp}"
+    OpenSSL::HMAC.hexdigest('SHA256', secret_key, token_data)
+  end
+
+  def generate_base64_token(username, password)
+    # Base64 encoded token
+    token_data = "#{username}:#{password}"
+    Base64.strict_encode64(token_data)
+  end
+
+  def generate_simple_token(username, password)
+    # Simple concatenation (less secure, but simple)
+    timestamp = Time.current.to_i
+    "#{username}:#{password}:#{timestamp}"
+  end
+
+  def handle_timeout_error(error)
+    Rails.logger.error "API Connector timeout: #{error.message}" if self.class.logging
+    error_response('Service timeout')
+  end
+
+  def handle_connection_error(error)
+    Rails.logger.error "API Connector connection failed: #{error.message}" if self.class.logging
+    error_response('Cannot connect to service')
+  end
+
+  def handle_faraday_error(error)
+    Rails.logger.error "API Connector Faraday error: #{error.message}" if self.class.logging
+    error_response('Network error')
+  end
+
+  def handle_generic_error(error)
+    Rails.logger.error "API Connector error: #{error.message}"
+    error_response('Service temporarily unavailable')
+  end
+
+  def success_response(data)
+    {
+      success: true,
+      data: data,
+      message: 'Operation successful'
+    }
+  end
+
+  def error_response(message)
+    {
+      success: false,
+      message: message,
+      data: nil
+    }
+  end
+end

app/services/authentication_service.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+# Service for handling user authentication via external API
+class AuthenticationService < ApiConnector
+  def initialize
+    # Use authentication-specific API URL
+    @api_url = ENV['BASE_URL'] + ENV['AUTH_API_URL']
+    super
+  end
+
+  # Authenticate user via API using GET request
+  def authenticate_user(username, password)
+    # Generate API token from username and password
+    api_token = generate_api_token(username, password)
+    headers = { 'Authorization' => "Basic #{api_token}" }
+
+    # Use base class make_request method with error handling
+    result = make_request(:get, @api_url, { headers: headers })
+
+    # Handle authentication-specific response processing
+    if result[:success]
+      handle_auth_success(result[:data])
+    else
+      result
+    end
+  end
+
+  private
+
+  def handle_auth_success(data)
+    # Check if the response has the expected structure
+    if data.is_a?(Hash) && data['code'] == 1000
+      success_auth_response(data['data'])
+    else
+      # If not the expected structure, treat as direct data
+      success_auth_response(data)
+    end
+  end
+
+  def success_auth_response(data)
+    {
+      success: true,
+      user_id: data['id'],
+      username: data['username'],
+      roles: data['roles'],
+      uuid: data['uuid'],
+      registrar_name: data['registrar_name'],
+      registrar_reg_no: data['registrar_reg_no'],
+      registrar_email: data['registrar_email'],
+    }
+  end
+end

app/views/common/_header.html.erb

@@ -3,7 +3,7 @@
         <nav class="menu--portal">
             <a href="https://internet.ee"><span><%= t('.open_portal') %></span></a>
             <a href="https://auction.internet.ee/"><%= t('.auction_portal') %></a>
-            <a href="https://registrar.internet.ee" class="active"><span><%= t('.registrar_portal') %></span></a>
+            <a href="https://registrar.internet.ee"><span><%= t('.registrar_portal') %></span></a>
             <a href="https://registrant.internet.ee"><span><%= t('.registrant_portal') %></span></a>
         </nav>
         <%= render 'common/menu_language' %>