2014-02-13 06:51:23 +00:00
|
|
|
module Api
|
|
|
|
|
module V1
|
|
|
|
|
class BaseController < ApplicationController
|
|
|
|
|
before_filter :restrict_access
|
|
|
|
|
respond_to :json
|
|
|
|
|
skip_before_filter :verify_authenticity_token
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def current_resource_owner
|
|
|
|
|
User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
private
|
|
|
|
|
def authorize_client
|
|
|
|
|
verify_client || render_unauthorized
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def restrict_access
|
|
|
|
|
authenticate_or_request_with_http_token do |token, options|
|
2014-02-13 08:58:01 +00:00
|
|
|
ApiKey.pluck(:access_token).include?(token)
|
|
|
|
|
end
|
2014-02-13 06:51:23 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def verify_client
|
|
|
|
|
site_token = request.headers[:HTTP_X_SITETOKEN]
|
|
|
|
|
site_id = request.headers[:HTTP_X_SITEID]
|
2014-02-13 08:58:01 +00:00
|
|
|
client_status = Client.where(site_token: site_token).where(site_id: site_id).present?
|
2014-02-13 06:51:23 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def render_unauthorized
|
|
|
|
|
self.headers['WWW-Authenticate'] = 'Token realm="Application"'
|
|
|
|
|
render json: 'Bad credentials', status: 401
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
