trabajo-afectivo/app/controllers/channels_twitter_controller.rb

# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/

class ChannelsTwitterController < ApplicationController
  prepend_before_action -> { authentication_check && authorize! }, except: %i[webhook_incoming webhook_verify]
  skip_before_action :verify_csrf_token, only: %i[webhook_incoming webhook_verify]

  before_action :validate_webhook_signature!, only: :webhook_incoming

  def webhook_incoming
    @channel.process(params.permit!.to_h)
    render json: {}
  end

  def validate_webhook_signature!
    header_name     = 'x-twitter-webhooks-signature'
    given_signature = request.headers[header_name]
    raise Exceptions::UnprocessableEntity, "Missing '#{header_name}' header" if given_signature.blank?

    calculated_signature = hmac_signature_by_app(request.raw_post)
    raise Exceptions::NotAuthorized if calculated_signature != given_signature
    raise Exceptions::UnprocessableEntity, __("Missing 'for_user_id' in payload!") if params[:for_user_id].blank?

    @channel = nil
    Channel.where(area: 'Twitter::Account', active: true).each do |channel|
      next if channel.options[:user].blank?
      next if channel.options[:user][:id].to_s != params[:for_user_id].to_s

      @channel = channel
    end

    raise Exceptions::UnprocessableEntity, "No such channel for user id '#{params[:for_user_id]}'!" if !@channel

    true
  end

  def hmac_signature_by_app(content)
    external_credential = ExternalCredential.find_by(name: 'twitter')
    raise Exceptions::UnprocessableEntity, __('No such external_credential \'twitter\'!') if !external_credential

    hmac_signature_gen(external_credential.credentials[:consumer_secret], content)
  end

  def hmac_signature_gen(consumer_secret, content)
    hashed = OpenSSL::HMAC.digest('sha256', consumer_secret, content)
    hashed = Base64.strict_encode64(hashed)
    "sha256=#{hashed}"
  end

  def webhook_verify
    external_credential = Cache.read('external_credential_twitter')
    if !external_credential && ExternalCredential.exists?(name: 'twitter')
      external_credential = ExternalCredential.find_by(name: 'twitter').credentials
    end
    raise Exceptions::UnprocessableEntity, __('No external_credential in cache!') if external_credential.blank?
    raise Exceptions::UnprocessableEntity, __('No external_credential[:consumer_secret] in cache!') if external_credential[:consumer_secret].blank?
    raise Exceptions::UnprocessableEntity, __('No crc_token in verify payload from twitter!') if params['crc_token'].blank?

    render json: {
      response_token: hmac_signature_gen(external_credential[:consumer_secret], params['crc_token'])
    }
  end

  def index
    assets = {}
    external_credential_ids = []
    ExternalCredential.where(name: 'twitter').each do |external_credential|
      assets = external_credential.assets(assets)
      external_credential_ids.push external_credential.id
    end
    channel_ids = []
    Channel.where(area: 'Twitter::Account').order(:id).each do |channel|
      assets = channel.assets(assets)
      channel_ids.push channel.id
    end
    render json: {
      assets:                  assets,
      channel_ids:             channel_ids,
      external_credential_ids: external_credential_ids,
      callback_url:            ExternalCredential.callback_url('twitter'),
    }
  end

  def update
    model_update_render(Channel, params)
  end

  def enable
    channel = Channel.find_by(id: params[:id], area: 'Twitter::Account')
    channel.active = true
    channel.save!
    render json: {}
  end

  def disable
    channel = Channel.find_by(id: params[:id], area: 'Twitter::Account')
    channel.active = false
    channel.save!
    render json: {}
  end

  def destroy
    channel = Channel.find_by(id: params[:id], area: 'Twitter::Account')
    channel.destroy
    render json: {}
  end

end
Maintenance: Update copyright header. 2022-01-01 13:38:12 +00:00			`# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/`
Maintenance: Update copyright information and add a new rubocop cop to watch over it. 2021-06-01 12:20:20 +00:00
Telegram support and split of channel controllers into separate files. Thanks to @schurig 2017-02-15 02:35:22 +00:00			`class ChannelsTwitterController < ApplicationController`
Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00			`prepend_before_action -> { authentication_check && authorize! }, except: %i[webhook_incoming webhook_verify]`
Implemented issue #2023 - Twitter Account Activity API support. 2018-12-03 14:10:36 +00:00			`skip_before_action :verify_csrf_token, only: %i[webhook_incoming webhook_verify]`

			`before_action :validate_webhook_signature!, only: :webhook_incoming`

			`def webhook_incoming`
Refactoring: Utilize existing channel driver pattern for Twitter The Channel model is built around a "driver" pattern, where records may invoke a method (e.g., #fetch) and that method call then delegates to the same method in a given driver class (e.g., Channel::Driver::Twitter). Originally, the controller that handles incoming Twitter webhook events ignored this interface, directly instantiating the driver class and invoking the desired method. This commit hides this invocation behind the appropriate interface (i.e., Channel#process vs. Channel::Driver::Twitter#process). 2020-01-06 08:20:59 +00:00			`@channel.process(params.permit!.to_h)`
Implemented issue #2023 - Twitter Account Activity API support. 2018-12-03 14:10:36 +00:00			`render json: {}`
			`end`

			`def validate_webhook_signature!`
			`header_name = 'x-twitter-webhooks-signature'`
			`given_signature = request.headers[header_name]`
			`raise Exceptions::UnprocessableEntity, "Missing '#{header_name}' header" if given_signature.blank?`

			`calculated_signature = hmac_signature_by_app(request.raw_post)`
			`raise Exceptions::NotAuthorized if calculated_signature != given_signature`
Fixes #2709, fixes #2666, fixes #2665, fixes #556, fixes #3275 - Refactoring: Implement new translation toolchain based on gettext. - Translations are no longer fetched from the cloud. - Instead, they are extracted from the codebase and stored in i18n/zammad.pot. - Translations will be managed via a public Weblate instance soon. - The translated .po files are fed to the database as before. - It is now possible to change "translation" strings for en-us locally via the admin GUI. - It is no longer possible to submit local changes. 2021-11-15 15:58:19 +00:00			`raise Exceptions::UnprocessableEntity, __("Missing 'for_user_id' in payload!") if params[:for_user_id].blank?`
Implemented issue #2023 - Twitter Account Activity API support. 2018-12-03 14:10:36 +00:00
			`@channel = nil`
			`Channel.where(area: 'Twitter::Account', active: true).each do \|channel\|`
			`next if channel.options[:user].blank?`
			`next if channel.options[:user][:id].to_s != params[:for_user_id].to_s`

			`@channel = channel`
			`end`

			`raise Exceptions::UnprocessableEntity, "No such channel for user id '#{params[:for_user_id]}'!" if !@channel`

			`true`
			`end`

			`def hmac_signature_by_app(content)`
			`external_credential = ExternalCredential.find_by(name: 'twitter')`
Fixes #2709, fixes #2666, fixes #2665, fixes #556, fixes #3275 - Refactoring: Implement new translation toolchain based on gettext. - Translations are no longer fetched from the cloud. - Instead, they are extracted from the codebase and stored in i18n/zammad.pot. - Translations will be managed via a public Weblate instance soon. - The translated .po files are fed to the database as before. - It is now possible to change "translation" strings for en-us locally via the admin GUI. - It is no longer possible to submit local changes. 2021-11-15 15:58:19 +00:00			`raise Exceptions::UnprocessableEntity, __('No such external_credential \'twitter\'!') if !external_credential`
Implemented issue #2023 - Twitter Account Activity API support. 2018-12-03 14:10:36 +00:00
			`hmac_signature_gen(external_credential.credentials[:consumer_secret], content)`
			`end`

			`def hmac_signature_gen(consumer_secret, content)`
			`hashed = OpenSSL::HMAC.digest('sha256', consumer_secret, content)`
			`hashed = Base64.strict_encode64(hashed)`
			`"sha256=#{hashed}"`
			`end`

			`def webhook_verify`
Refactoring: Deprecate custom Cache implementation and wrap native Rails cache instead. 2021-05-31 13:05:54 +00:00			`external_credential = Cache.read('external_credential_twitter')`
Implemented issue #2023 - Twitter Account Activity API support. 2018-12-03 14:10:36 +00:00			`if !external_credential && ExternalCredential.exists?(name: 'twitter')`
			`external_credential = ExternalCredential.find_by(name: 'twitter').credentials`
			`end`
Fixes #2709, fixes #2666, fixes #2665, fixes #556, fixes #3275 - Refactoring: Implement new translation toolchain based on gettext. - Translations are no longer fetched from the cloud. - Instead, they are extracted from the codebase and stored in i18n/zammad.pot. - Translations will be managed via a public Weblate instance soon. - The translated .po files are fed to the database as before. - It is now possible to change "translation" strings for en-us locally via the admin GUI. - It is no longer possible to submit local changes. 2021-11-15 15:58:19 +00:00			`raise Exceptions::UnprocessableEntity, __('No external_credential in cache!') if external_credential.blank?`
			`raise Exceptions::UnprocessableEntity, __('No external_credential[:consumer_secret] in cache!') if external_credential[:consumer_secret].blank?`
			`raise Exceptions::UnprocessableEntity, __('No crc_token in verify payload from twitter!') if params['crc_token'].blank?`
Implemented issue #2023 - Twitter Account Activity API support. 2018-12-03 14:10:36 +00:00
			`render json: {`
			`response_token: hmac_signature_gen(external_credential[:consumer_secret], params['crc_token'])`
			`}`
			`end`
Telegram support and split of channel controllers into separate files. Thanks to @schurig 2017-02-15 02:35:22 +00:00
			`def index`
			`assets = {}`
Implemented issue #2023 - Twitter Account Activity API support. 2018-12-03 14:10:36 +00:00			`external_credential_ids = []`
Applied RuboCop Style/BlockDelimiters to improve readability. 2017-10-01 12:25:52 +00:00			`ExternalCredential.where(name: 'twitter').each do \|external_credential\|`
Telegram support and split of channel controllers into separate files. Thanks to @schurig 2017-02-15 02:35:22 +00:00			`assets = external_credential.assets(assets)`
Implemented issue #2023 - Twitter Account Activity API support. 2018-12-03 14:10:36 +00:00			`external_credential_ids.push external_credential.id`
Applied RuboCop Style/BlockDelimiters to improve readability. 2017-10-01 12:25:52 +00:00			`end`
Telegram support and split of channel controllers into separate files. Thanks to @schurig 2017-02-15 02:35:22 +00:00			`channel_ids = []`
Applied RuboCop Style/BlockDelimiters to improve readability. 2017-10-01 12:25:52 +00:00			`Channel.where(area: 'Twitter::Account').order(:id).each do \|channel\|`
Telegram support and split of channel controllers into separate files. Thanks to @schurig 2017-02-15 02:35:22 +00:00			`assets = channel.assets(assets)`
			`channel_ids.push channel.id`
Applied RuboCop Style/BlockDelimiters to improve readability. 2017-10-01 12:25:52 +00:00			`end`
Telegram support and split of channel controllers into separate files. Thanks to @schurig 2017-02-15 02:35:22 +00:00			`render json: {`
Updated rubocop - applied custom Layout/AlignHash style. 2018-12-19 17:31:51 +00:00			`assets: assets,`
			`channel_ids: channel_ids,`
Implemented issue #2023 - Twitter Account Activity API support. 2018-12-03 14:10:36 +00:00			`external_credential_ids: external_credential_ids,`
Updated rubocop - applied custom Layout/AlignHash style. 2018-12-19 17:31:51 +00:00			`callback_url: ExternalCredential.callback_url('twitter'),`
Telegram support and split of channel controllers into separate files. Thanks to @schurig 2017-02-15 02:35:22 +00:00			`}`
			`end`

			`def update`
			`model_update_render(Channel, params)`
			`end`

			`def enable`
			`channel = Channel.find_by(id: params[:id], area: 'Twitter::Account')`
			`channel.active = true`
			`channel.save!`
			`render json: {}`
			`end`

			`def disable`
			`channel = Channel.find_by(id: params[:id], area: 'Twitter::Account')`
			`channel.active = false`
			`channel.save!`
			`render json: {}`
			`end`

			`def destroy`
			`channel = Channel.find_by(id: params[:id], area: 'Twitter::Account')`
			`channel.destroy`
			`render json: {}`
			`end`

			`end`