From e0e01a54459574b19c37b07b02c0b1cb8da8dfbd Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Mon, 23 Dec 2024 16:36:27 -0300
Subject: [PATCH 1/3] fix: optimizar api de sitios #18074

---
 app/controllers/api/v1/sites_controller.rb | 24 ++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/app/controllers/api/v1/sites_controller.rb b/app/controllers/api/v1/sites_controller.rb
index 05abc38a..384a8e4f 100644
--- a/app/controllers/api/v1/sites_controller.rb
+++ b/app/controllers/api/v1/sites_controller.rb
@@ -9,22 +9,30 @@ module Api
 
       # Lista de nombres de dominios a emitir certificados
       def index
-        render json: alternative_names + api_names + www_names
+        render json: alternative_names.concat(api_names).concat(www_names)
       end
 
       private
 
+      # @param query [ActiveRecord::Relation]
+      # @return [Array<String>]
+      def hostname_of(query)
+        query.pluck(Arel.sql("values->>'hostname'")).compact.uniq
+      end
+
       def canonicalize(name)
         name.end_with?('.') ? name[0..-2] : "#{name}.#{Site.domain}"
       end
 
       def subdomain?(name)
-        name.end_with? ".#{Site.domain}"
+        @@subdomain ||= ".#{Site.domain}"
+
+        name.end_with? @subdomain
       end
 
       # Dominios alternativos
       def alternative_names
-        (DeployAlternativeDomain.all.map(&:hostname) + DeployLocalizedDomain.all.map(&:hostname)).map do |name|
+        hostname_of(DeployAlternativeDomain.all).concat(hostname_of(DeployLocalizedDomain)).map do |name|
           canonicalize name
         end.reject do |name|
           subdomain? name
@@ -33,12 +41,12 @@ module Api
 
       # Obtener todos los sitios con API habilitada, es decir formulario
       # de contacto y/o colaboración anónima.
-      #
-      # TODO: Optimizar
       def api_names
         Site.where(contact: true)
             .or(Site.where(colaboracion_anonima: true))
-            .select("'api.' || name as name").map(&:name).map do |name|
+            .pluck(:name).map do |name|
+              "api.#{name}"
+            end.map do |name|
               canonicalize name
             end.reject do |name|
               subdomain? name
@@ -47,8 +55,8 @@ module Api
 
       # Todos los dominios con WWW habilitado
       def www_names
-        Site.where(id: DeployWww.all.pluck(:site_id)).select("'www.' || name as name").map(&:name).map do |name|
-          canonicalize name
+        Site.where(id: DeployWww.all.pluck(:site_id)).pluck(:name).map do |name|
+          canonicalize "www.#{name}"
         end
       end
     end

From a833eeb7ebc083219cf22eaafcf9fb88825c8240 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Mon, 23 Dec 2024 17:08:55 -0300
Subject: [PATCH 2/3] fix: no emitir certificados para subdominios directos

porque ya se hacen por wildcard
---
 app/controllers/api/v1/sites_controller.rb | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/app/controllers/api/v1/sites_controller.rb b/app/controllers/api/v1/sites_controller.rb
index 384a8e4f..f13376fa 100644
--- a/app/controllers/api/v1/sites_controller.rb
+++ b/app/controllers/api/v1/sites_controller.rb
@@ -6,6 +6,8 @@ module Api
     class SitesController < BaseController
       http_basic_authenticate_with name: ENV['HTTP_BASIC_USER'],
                                    password: ENV['HTTP_BASIC_PASSWORD']
+      SUBDOMAIN = ".#{Site.domain}"
+      PARTS = Site.domain.split('.').count
 
       # Lista de nombres de dominios a emitir certificados
       def index
@@ -24,13 +26,17 @@ module Api
         name.end_with?('.') ? name[0..-2] : "#{name}.#{Site.domain}"
       end
 
+      # Es un subdominio directo del dominio principal
+      #
+      # @param name [String]
+      # @return [Bool]
       def subdomain?(name)
-        @@subdomain ||= ".#{Site.domain}"
-
-        name.end_with? @subdomain
+        name.end_with?(SUBDOMAIN) && name.split('.').count == (PARTS + 1)
       end
 
       # Dominios alternativos
+      #
+      # @return [Array<String>]
       def alternative_names
         hostname_of(DeployAlternativeDomain.all).concat(hostname_of(DeployLocalizedDomain)).map do |name|
           canonicalize name
@@ -41,6 +47,8 @@ module Api
 
       # Obtener todos los sitios con API habilitada, es decir formulario
       # de contacto y/o colaboración anónima.
+      #
+      # @return [Array<String>]
       def api_names
         Site.where(contact: true)
             .or(Site.where(colaboracion_anonima: true))

From ac1797402808aa90242188dea26cf5a8b52e3c10 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Mon, 23 Dec 2024 17:09:17 -0300
Subject: [PATCH 3/3] =?UTF-8?q?fix:=20solo=20pedir=20contrase=C3=B1a=20en?=
 =?UTF-8?q?=20producci=C3=B3n?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/api/v1/sites_controller.rb | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/app/controllers/api/v1/sites_controller.rb b/app/controllers/api/v1/sites_controller.rb
index f13376fa..995a6ab6 100644
--- a/app/controllers/api/v1/sites_controller.rb
+++ b/app/controllers/api/v1/sites_controller.rb
@@ -4,11 +4,14 @@ module Api
   module V1
     # API para sitios
     class SitesController < BaseController
-      http_basic_authenticate_with name: ENV['HTTP_BASIC_USER'],
-                                   password: ENV['HTTP_BASIC_PASSWORD']
       SUBDOMAIN = ".#{Site.domain}"
       PARTS = Site.domain.split('.').count
 
+      if Rails.env.production?
+        http_basic_authenticate_with name: ENV['HTTP_BASIC_USER'],
+                                    password: ENV['HTTP_BASIC_PASSWORD']
+      end
+
       # Lista de nombres de dominios a emitir certificados
       def index
         render json: alternative_names.concat(api_names).concat(www_names)