completed SMS gateway project

This commit is contained in:
Min Zeya Phyo
2025-10-22 17:22:17 +08:00
commit c883fa7128
190 changed files with 16294 additions and 0 deletions

View File

View File

@@ -0,0 +1,73 @@
module ApiAuthenticatable
extend ActiveSupport::Concern
included do
before_action :authenticate_api_key!
end
private
def authenticate_api_key!
api_key = extract_api_key
return render_unauthorized("Missing API key") unless api_key
key_digest = Digest::SHA256.hexdigest(api_key)
if api_key.start_with?("gw_")
authenticate_gateway(key_digest)
else
authenticate_client_api_key(key_digest)
end
end
def authenticate_gateway(key_digest)
@current_gateway = Gateway.find_by(api_key_digest: key_digest, active: true)
unless @current_gateway
render_unauthorized("Invalid gateway API key")
end
end
def authenticate_client_api_key(key_digest)
@current_api_key = ApiKey.find_by(key_digest: key_digest, active: true)
unless @current_api_key
render_unauthorized("Invalid API key")
return
end
# Check if key has expired
if @current_api_key.expires_at.present? && @current_api_key.expires_at < Time.current
render_unauthorized("API key has expired")
return
end
@current_api_key.touch(:last_used_at)
end
def extract_api_key
auth_header = request.headers["Authorization"]
return nil unless auth_header
# Support both "Bearer token" and just "token"
auth_header.sub(/^Bearer\s+/, "")
end
def render_unauthorized(message = "Unauthorized")
render json: { error: message }, status: :unauthorized
end
def current_gateway
@current_gateway
end
def current_api_key
@current_api_key
end
def require_permission(permission)
unless @current_api_key&.can?(permission)
render json: { error: "Insufficient permissions" }, status: :forbidden
end
end
end

View File

@@ -0,0 +1,54 @@
module RateLimitable
extend ActiveSupport::Concern
private
def rate_limit_check!(key, limit:, period:)
cache_key = "rate_limit:#{key}"
count = Rails.cache.read(cache_key) || 0
if count >= limit
render_rate_limit_exceeded(period)
return false
end
Rails.cache.write(cache_key, count + 1, expires_in: period)
true
end
def rate_limit_increment(key, period:)
cache_key = "rate_limit:#{key}"
current_count = Rails.cache.read(cache_key) || 0
Rails.cache.write(cache_key, current_count + 1, expires_in: period)
end
def rate_limit_reset(key)
cache_key = "rate_limit:#{key}"
Rails.cache.delete(cache_key)
end
def render_rate_limit_exceeded(retry_after)
render json: {
error: "Rate limit exceeded",
retry_after: retry_after.to_i
}, status: :too_many_requests
end
# Rate limit based on IP address
def rate_limit_by_ip!(limit:, period:)
ip_address = request.remote_ip
rate_limit_check!("ip:#{ip_address}", limit: limit, period: period)
end
# Rate limit based on API key
def rate_limit_by_api_key!(limit:, period:)
return true unless @current_api_key
rate_limit_check!("api_key:#{@current_api_key.id}", limit: limit, period: period)
end
# Rate limit based on phone number
def rate_limit_by_phone!(phone_number, limit:, period:)
rate_limit_check!("phone:#{phone_number}", limit: limit, period: period)
end
end