mirror of https://github.com/docusealco/docuseal
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
59 lines
1.5 KiB
59 lines
1.5 KiB
# frozen_string_literal: true
|
|
|
|
class McpController < ActionController::API
|
|
before_action :authenticate_user!
|
|
before_action :verify_mcp_enabled!
|
|
|
|
before_action do
|
|
authorize!(:manage, :mcp)
|
|
end
|
|
|
|
def call
|
|
return head :ok if request.raw_post.blank?
|
|
|
|
body = JSON.parse(request.raw_post)
|
|
|
|
result = Mcp::HandleRequest.call(body, current_user, current_ability)
|
|
|
|
if result
|
|
render json: result
|
|
else
|
|
head :accepted
|
|
end
|
|
rescue CanCan::AccessDenied
|
|
render json: { jsonrpc: '2.0', id: nil, error: { code: -32_603, message: 'Forbidden' } }, status: :forbidden
|
|
rescue JSON::ParserError
|
|
render json: { jsonrpc: '2.0', id: nil, error: { code: -32_700, message: 'Parse error' } }, status: :bad_request
|
|
end
|
|
|
|
private
|
|
|
|
def authenticate_user!
|
|
render json: { error: 'Not authenticated' }, status: :unauthorized unless current_user
|
|
end
|
|
|
|
def verify_mcp_enabled!
|
|
return if Docuseal.multitenant?
|
|
|
|
return if AccountConfig.exists?(account_id: current_user.account_id,
|
|
key: AccountConfig::ENABLE_MCP_KEY,
|
|
value: true)
|
|
|
|
render json: { error: 'MCP is disabled' }, status: :forbidden
|
|
end
|
|
|
|
def current_user
|
|
@current_user ||= user_from_api_key
|
|
end
|
|
|
|
def user_from_api_key
|
|
token = request.headers['Authorization'].to_s[/\ABearer\s+(.+)\z/, 1]
|
|
|
|
return if token.blank?
|
|
|
|
sha256 = Digest::SHA256.hexdigest(token)
|
|
|
|
User.joins(:mcp_tokens).active.find_by(mcp_tokens: { sha256:, archived_at: nil })
|
|
end
|
|
end
|