41 lines
1.1 KiB
Ruby
41 lines
1.1 KiB
Ruby
module Api
|
|
module V1
|
|
class BaseController < ApplicationController
|
|
before_filter :verify_server
|
|
respond_to :json
|
|
skip_before_filter :verify_authenticity_token
|
|
|
|
private
|
|
def authorize_client
|
|
verify_client || render_unauthorized
|
|
end
|
|
|
|
def verify_server
|
|
restrict_access || render_server_unauthorized
|
|
end
|
|
|
|
def restrict_access
|
|
authenticate_or_request_with_http_token do |token, options|
|
|
ApiKey.pluck(:access_token).include?(token)
|
|
end
|
|
end
|
|
|
|
def render_server_unauthorized
|
|
self.headers['WWW-Authenticate'] = 'Token realm="Application"'
|
|
render json: 'Invalid Authorization Token', status: 401
|
|
end
|
|
|
|
def verify_client
|
|
site_token = request.headers[:HTTP_X_SITETOKEN]
|
|
site_id = request.headers[:HTTP_X_SITEID]
|
|
client_status = Client.where(site_token: site_token).where(site_id: site_id).present?
|
|
end
|
|
|
|
def render_unauthorized
|
|
self.headers['WWW-Authenticate'] = 'Token realm="Application"'
|
|
render json: 'Bad credentials', status: 401
|
|
end
|
|
end
|
|
end
|
|
end
|