Merge branch 'master' into 12513-make-dashboard-fast-again

[arvados.git] / services / api / app / middlewares / arvados_api_token.rb

diff --git a/services/api/app/middlewares/arvados_api_token.rb b/services/api/app/middlewares/arvados_api_token.rb
index 2bee50cc7f83316a7b7d07da856f52610524bfb7..5eb756b9fa3609519a1fa63f8c3a1a9021ed190c 100644 (file)
--- a/services/api/app/middlewares/arvados_api_token.rb
+++ b/services/api/app/middlewares/arvados_api_token.rb
@@ -1,16 +1,17 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 # Perform api_token checking very early in the request process.  We want to do
 # this in the Rack stack instead of in ApplicationController because
 # websockets needs access to authentication but doesn't use any of the rails
 # active dispatch infrastructure.
-require 'db_current_time'
-
 class ArvadosApiToken
-  include DbCurrentTime
 
   # Create a new ArvadosApiToken handler
   # +app+  The next layer of the Rack stack.
   def initialize(app = nil, options = nil)
-    @app = app if app.respond_to?(:call)
+    @app = app.respond_to?(:call) ? app : nil
   end
 
   def call env
@@ -27,14 +28,14 @@ class ArvadosApiToken
     params = request.params
     remote_ip = env["action_dispatch.remote_ip"]
 
-    Thread.current[:request_starttime] = db_current_time
+    Thread.current[:request_starttime] = Time.now
     user = nil
     api_client = nil
     api_client_auth = nil
     supplied_token =
       params["api_token"] ||
       params["oauth_token"] ||
-      env["HTTP_AUTHORIZATION"].andand.match(/OAuth2 ([a-z0-9]+)/).andand[1]
+      env["HTTP_AUTHORIZATION"].andand.match(/OAuth2 ([a-zA-Z0-9]+)/).andand[1]
     if supplied_token
       api_client_auth = ApiClientAuthorization.
         includes(:api_client, :user).
@@ -53,11 +54,6 @@ class ArvadosApiToken
     Thread.current[:api_client_uuid] = api_client.andand.uuid
     Thread.current[:api_client] = api_client
     Thread.current[:user] = user
-    if api_client_auth
-      api_client_auth.last_used_at = db_current_time
-      api_client_auth.last_used_by_ip_address = remote_ip.to_s
-      api_client_auth.save validate: false
-    end
 
     @app.call env if @app
   end