Created
November 5, 2014 22:00
-
-
Save aponcz/84c1fa0772c68fb4a391 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module API | |
module V1 | |
class InvalidRequestError < StandardError; end | |
class UnprocessableEntityError < StandardError; end | |
class Unauthorized < StandardError; end | |
class APIController < ApplicationController | |
respond_to :json | |
rescue_from StandardError, with: :render_server_error unless Rails.env.development? or Rails.env.test? | |
rescue_from API::V1::InvalidRequestError, with: :render_invalid_request | |
rescue_from API::V1::UnprocessableEntityError, with: :render_unprocessable_entry | |
rescue_from API::V1::Unauthorized, with: :render_unauthorized_error | |
skip_before_filter :verify_authenticity_token | |
protected | |
def current_user | |
@user | |
end | |
def render_invalid_request(e) | |
render json: { success: false, error: e.message }, status: 400 | |
end | |
def render_server_error(e) | |
Airbrake.notify e | |
render json: { success: false, errors: [{error: "Unexpected Server Error (#{e.message})"}] }, status: 500 | |
end | |
def render_unprocessable_entry(e) | |
render json: { success: false, error: e.message }, status: :unprocessable_entity | |
end | |
def render_unauthorized_error(e) | |
render json: { success: false, error: e.message }, status: 401 | |
end | |
def authenticate_user_from_token! | |
raise API::V1::Unauthorized, "API key cannot be blank" unless params[:api_key].present? | |
@user = User.active.where("api_key = ?", params[:api_key]).first | |
raise API::V1::Unauthorized, "API key invalid" unless @user | |
raise API::V1::Unauthorized, "User not confirmed" if @user.locked_out? | |
end | |
end | |
end | |
end | |
class API::V1::ProductsController < API::V1::APIController | |
before_filter :authenticate_user_from_token!, only: [:share] | |
def share | |
validate_share_request | |
if params[:provider] == 'Facebook' | |
Resque.enqueue(Social::Facebook::ShareProductWorker, @user.id, @product.id, params[:message]) | |
elsif params[:provider] == 'Twitter' | |
Resque.enqueue(Social::Twitter::ShareProductWorker, @user.id, @product.id, params[:message]) | |
end | |
render :status => 202 | |
end | |
private | |
def validate_share_request | |
raise API::V1::InvalidRequestError, 'Invalid provider parameter' unless Authentication.permitted_providers.include? params[:provider] | |
raise API::V1::InvalidRequestError, 'Invalid message parameter' unless params[:message] and params[:message].length > 0 | |
@product = Product.active.where(id: params[:product_id]).first | |
raise API::V1::InvalidRequestError, 'Product does not exist' unless @product | |
auth = Authentication.where(user: @user, provider: params[:provider]).first | |
raise API::V1::InvalidRequestError, 'Authentication does not exist' unless auth | |
raise API::V1::InvalidRequestError, 'Authentication invalid, please update Authentication' if auth.invalid_at | |
if params[:provider] == 'Facebook' and !(auth.has_permission? 'publish_actions') | |
raise API::V1::InvalidRequestError, 'Social permission not granted' | |
end | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment