X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/c38e4bf4a0f76550300386bbabf4bdda943e56c1..94d19ae567dc7723129ee2f00576023aaee18fc7:/app/controllers/api_controller.rb diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index e829a1732..cb3d71d49 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -1,76 +1,30 @@ class ApiController < ApplicationController - - before_filter :authorize - after_filter :compress_output - - def map - response.headers["Content-Type"] = 'application/xml' - # Figure out the bbox - bbox = params['bbox'] - unless bbox and bbox.count(',') == 3 - render :nothing => true, :status => 400 - return - end - - bbox = bbox.split(',') - - min_lon = bbox[0].to_f - min_lat = bbox[1].to_f - max_lon = bbox[2].to_f - max_lat = bbox[3].to_f - - # get all the nodes - nodes = Node.find(:all, :conditions => ['latitude > ? AND longitude > ? AND latitude < ? AND longitude < ? AND visible = 1', min_lat, min_lon, max_lat, max_lon]) - - node_ids = nodes.collect {|node| node.id } - segments = Array.new - if node_ids.length > 0 - node_ids_sql = "(#{node_ids.join(',')})" - # get the referenced segments - segments = Segment.find_by_sql "select * from segments where node_a in #{node_ids_sql} or node_b in #{node_ids_sql}" - end - # see if we have nay missing nodes - segments_nodes = segments.collect {|segment| segment.node_a } - segments_nodes += segments.collect {|segment| segment.node_b } - - segments_nodes.uniq! - - missing_nodes = segments_nodes - node_ids - - # get missing nodes if there are any - nodes += Node.find(missing_nodes) if missing_nodes.length > 0 - - doc = XML::Document.new - doc.encoding = 'UTF-8' - root = XML::Node.new 'osm' - root['version'] = API_VERSION - root['generator'] = 'OpenStreetMap server' - doc.root = root - - # get ways - # find which ways are needed - segment_ids = segments.collect {|segment| segment.id } - ways = Array.new - if segment_ids.length > 0 - way_segments = WaySegment.find_by_segment_id(segment_ids) - way_ids = way_segments.collect {|way_segment| way_segment.id } - - ways = Way.find(segment_ids) + skip_before_action :verify_authenticity_token + + def authorize(realm = "Web Password", errormessage = "Couldn't authenticate you") + # make the current_user object from any auth sources we have + setup_user_auth + + # handle authenticate pass/fail + unless current_user + # no auth, the user does not exist or the password was wrong + response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\"" + render :plain => errormessage, :status => :unauthorized + return false end + end - nodes.each do |node| - root << node.to_xml_node() + def deny_access(_exception) + if current_token + set_locale + report_error t("oauth.permissions.missing"), :forbidden + elsif current_user + head :forbidden + else + realm = "Web Password" + errormessage = "Couldn't authenticate you" + response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\"" + render :plain => errormessage, :status => :unauthorized end - - segments.each do |segment| - root << segment.to_xml_node() - end - - ways.each do |way| - root << way.to_xml_node() - end - - render :text => doc.to_s - end end