Cada sitio tiene su propia API

app/controllers/api/v1/sites_controller.rb

@@ -7,21 +7,31 @@ module Api
       http_basic_authenticate_with name: ENV['HTTP_BASIC_USER'],
                                    password: ENV['HTTP_BASIC_PASSWORD']
 
+      # Lista de nombres de dominios a emitir certificados
       def index
-        render json: Site.all.order(:name).pluck(:name) +
+        render json: sites_names + alternative_names + api_names
+      end
+
+      private
+
+      # Nombres de los sitios
+      def sites_names
+        Site.all.order(:name).pluck(:name)
+      end
+
+      # Dominios alternativos
+      def alternative_names
         DeployAlternativeDomain.all.map(&:hostname)
       end
 
-      # Detecta si se puede generar un certificado
+      # Obtener todos los sitios con API habilitada, es decir formulario
-      def allowed
+      # de contacto y/o colaboración anónima.
-        name = params[:domain].gsub(/\.#{Site.domain}\Z/, '')
+      #
-        site = Site.find_by(name: name)
+      # TODO: Optimizar
-
+      def api_names
-        if site
+        Site.where(contact: true)
-          head :ok
+            .or(Site.where(colaboracion_anonima: true))
-        else
+            .select("'api.' || name as name").map(&:name)
-          head :not_found
-        end
       end
     end
   end

config/routes.rb

@@ -16,10 +16,10 @@ Rails.application.routes.draw do
     scope module: 'api' do
       namespace :v1 do
         resources :csp_reports, only: %i[create]
-        get 'sites/allowed', to: 'sites#allowed'
         resources :sites, only: %i[index], constraints: { site_id: /[a-z0-9\-\.]+/, id: /[a-z0-9\-\.]+/ } do
           get 'invitades/cookie', to: 'invitades#cookie'
           resources :posts, only: %i[create]
+          get :'contact/cookie', to: 'contact#cookie'
           post :contact, to: 'contact#receive'
         end
       end

db/migrate/20200527221900_add_contact_to_site.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+# Los sitios pueden tener un formulario de contacto.  Pueden
+# deshabilitarlo si están recibiendo spam o un ataque.
+class AddContactToSite < ActiveRecord::Migration[6.0]
+  def change
+    add_column :sites, :contact, :boolean, default: false
+  end
+end