#--
# WebROaR - Ruby Application Server - http://webroar.in/
# Copyright (C) 2009 Goonj LLC
#
# This file is part of WebROaR.
#
# WebROaR is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# WebROaR is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with WebROaR. If not, see .
#++
# Filters added to this controller apply to all controllers in the application.
# Likewise, all the methods added will be available for all controllers.
require 'digest/md5'
class ApplicationController < ActionController::Base
helper :all # include all helpers, all the time
# See ActionController::RequestForgeryProtection for details
# Uncomment the :secret if you're not using the cookie session store
protect_from_forgery #:secret => '8e99f4efee54d3b72e3b675578e1403c'
# before_filter :check_timeout
include SslRequirement if SSL_ON
private
# This method is used for the user authentication in the login process.
def user_authentication(loggedin_user)
users = YAML::load_file(USERS_FILE_PATH)
user_found = false
return false unless (loggedin_user[:name] or loggedin_user[:password])
users.each do |user|
if(loggedin_user[:name] == user['user_name'] && Digest::MD5.hexdigest(loggedin_user[:password]) == user['password'])
user_found = true
session[:user] = loggedin_user[:name]
break
end
end
return(user_found)
end
#This method is used to check the authentic user for the application.
#This method is called whenever user try to access any of the application's link.
def login_required
response.headers["Cache-Control"] = 'no-store, no-cache, must-revalidate,max-age = 0, pre-check = 0, post-check = 0'
if session[:user].nil?
session[:referer] = request.request_uri
flash[:notice] = SESSION_EXPIRE_MESSAGE
if request.xhr?()
render :text => ""
else
redirect_to root_path
end
else
return true
end
end
#This method is to add time bound session timeout.
def check_session_timeout
if session[:session_time]
if Time.now-session[:session_time] > 15.minutes
reset_session
session[:session_time] = Time.now
flash[:notice] = SESSION_EXPIRE_MESSAGE
if request.xhr?()
render :text => ""
else
redirect_to root_path
end
else
session[:session_time] = Time.now
end
else
session[:session_time] = Time.now
end
end
#This method is used to clear the flash notice messages before navigating to another action.
def clear_flash_notice
flash[:notice] = nil
end
#This method returns the array of applications if WebROaR config file contains Application specification.
def get_application_list #This method returns the array if the application present in config file
i = 0
apps = Array.new
info = YAML::load_file(CONFIG_FILE_PATH) rescue nil
if info and info['Application Specification']
while(info['Application Specification'][i])
#if info['Application Specification'][i]['analytics'].downcase == "enabled".downcase
apps << info['Application Specification'][i]['name'].gsub("<","<").gsub(">",">")
#end
i += 1
end
end
apps << SERVER_NAME
if session[:application_name].nil?
session[:application_name] = apps[0]
@application_name = apps[0]
else
@application_name = session[:application_name]
end
return apps
end
#This method returns the array of the application present in config file
def get_application_list_for_exceptions
i = 0
apps = Array.new
info = YAML::load_file(CONFIG_FILE_PATH) rescue nil
if info and info['Application Specification']
while(info['Application Specification'][i])
if info['Application Specification'][i]['type'].downcase == 'rails'
apps << info['Application Specification'][i]['name'].gsub("<","<").gsub(">",">")
end
i += 1
end
end
return apps
end
end