Restructure omni services and add Chatwoot research snapshot

2026-02-21 11:11:27 +07:00
parent edea7a0034
commit b73babbbf6
7732 changed files with 978203 additions and 32 deletions
--- a/research/chatwoot/app/controllers/widgets_controller.rb
+++ b/research/chatwoot/app/controllers/widgets_controller.rb
@@ -0,0 +1,89 @@
+# TODO : Delete this and associated spec once 'api/widget/config' end point is merged
+class WidgetsController < ActionController::Base
+  include WidgetHelper
+
+  before_action :set_global_config
+  before_action :set_web_widget
+  before_action :ensure_account_is_active
+  before_action :ensure_location_is_supported
+  before_action :set_token
+  before_action :set_contact
+  before_action :build_contact
+  after_action :allow_iframe_requests
+
+  private
+
+  def set_global_config
+    @global_config = GlobalConfig.get(
+      'LOGO_THUMBNAIL',
+      'BRAND_NAME',
+      'WIDGET_BRAND_URL',
+      'DIRECT_UPLOADS_ENABLED',
+      'MAXIMUM_FILE_UPLOAD_SIZE',
+      'INSTALLATION_NAME'
+    )
+  end
+
+  def set_web_widget
+    @web_widget = ::Channel::WebWidget.find_by!(website_token: permitted_params[:website_token])
+  rescue ActiveRecord::RecordNotFound
+    Rails.logger.error('web widget does not exist')
+    render json: { error: 'web widget does not exist' }, status: :not_found
+  end
+
+  def set_token
+    @token = permitted_params[:cw_conversation]
+    @auth_token_params = if @token.present?
+                           ::Widget::TokenService.new(token: @token).decode_token
+                         else
+                           {}
+                         end
+  end
+
+  def set_contact
+    return if @auth_token_params[:source_id].nil?
+
+    @contact_inbox = ::ContactInbox.find_by(
+      inbox_id: @web_widget.inbox.id,
+      source_id: @auth_token_params[:source_id]
+    )
+
+    @contact = @contact_inbox&.contact
+  end
+
+  def build_contact
+    return if @contact.present?
+
+    @contact_inbox, @token = build_contact_inbox_with_token(@web_widget, additional_attributes)
+    @contact = @contact_inbox.contact
+  end
+
+  def ensure_account_is_active
+    render json: { error: 'Account is suspended' }, status: :unauthorized unless @web_widget.inbox.account.active?
+  end
+
+  def ensure_location_is_supported; end
+
+  def additional_attributes
+    if @web_widget.inbox.account.feature_enabled?('ip_lookup')
+      { created_at_ip: request.remote_ip }
+    else
+      {}
+    end
+  end
+
+  def permitted_params
+    params.permit(:website_token, :cw_conversation)
+  end
+
+  def allow_iframe_requests
+    if @web_widget.allowed_domains.blank?
+      response.headers.delete('X-Frame-Options')
+    else
+      domains = @web_widget.allowed_domains.split(',').map(&:strip).join(' ')
+      response.headers['Content-Security-Policy'] = "frame-ancestors #{domains}"
+    end
+  end
+end
+
+WidgetsController.prepend_mod_with('WidgetsController')