chore: authorize admin only

app/controllers/api/v1/check_in_conferences_controller.rb

@@ -1,5 +1,5 @@
 class Api::V1::CheckInConferencesController < ApplicationController
-  include SecuredPublicApi
+  include SecuredAdminApi
   before_action :set_profile
 
   skip_before_action :verify_authenticity_token

app/controllers/api/v1/check_in_talks_controller.rb

@@ -1,5 +1,5 @@
 class Api::V1::CheckInTalksController < ApplicationController
-  include SecuredPublicApi
+  include SecuredAdminApi
   before_action :set_profile
 
   skip_before_action :verify_authenticity_token

app/controllers/api/v1/print_node_printers_controller.rb

@@ -1,5 +1,5 @@
 class Api::V1::PrintNodePrintersController < ApplicationController
-  include SecuredPublicApi
+  include SecuredAdminApi
   before_action :set_conference, :set_profile
 
   skip_before_action :verify_authenticity_token

app/controllers/concerns/secured_admin_api.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+module SecuredAdminApi
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :authenticate_request!, :is_admin?
+  end
+
+  private
+
+  def authenticate_request!
+    claim = verify_token
+    set_current_user_from_claim(claim[0])
+  rescue JWT::VerificationError, JWT::DecodeError
+    render(json: { errors: ['Not Authenticated'] }, status: :unauthorized)
+  end
+
+  def http_token
+    if request.headers['Authorization'].present?
+      request.headers['Authorization'].split.last
+    end
+  end
+
+  def verify_token
+    JsonWebToken.verify(http_token)
+  end
+
+  def set_current_user_from_claim(claim) # rubocop:disable Naming/AccessorMethodName
+    @current_user = {}
+    @current_user[:info] = {}
+    @current_user[:extra] = {}
+    @current_user[:extra][:raw_info] = claim
+    if claim['https://cloudnativedays.jp/userinfo'].present?
+      userinfo = claim['https://cloudnativedays.jp/userinfo']
+      @current_user[:info][:name] = userinfo['name']
+      @current_user[:info][:nickname] = userinfo['nickname']
+      @current_user[:info][:email] = userinfo['email']
+      @current_user[:info][:image] = userinfo['picture']
+    end
+    @current_user
+  end
+
+  def conference
+    @conference ||= Conference.find_by(abbr: params[:eventAbbr] || params[:event])
+  end
+
+  def set_conference
+    conference
+  end
+
+  def profile
+    @profile ||= Profile.find_by(email: @current_user[:info][:email], conference_id: conference.id)
+  end
+
+  def is_admin?
+    raise(Forbidden) unless admin?
+  end
+
+  def admin?
+    current_user[:extra][:raw_info]['https://cloudnativedays.jp/roles'].include?("#{conference.abbr.upcase}-Admin")
+  end
+end