-
-
Save squadette/7f9fb7c68f01cd6231f9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @@ -10,8 +10,31 @@ class ApplicationController < ActionController::Base | |
| before_filter :initiate_handover | |
| before_filter -> { request.format = "html" unless params[:format] } | |
| + skip_before_action :verify_authenticity_token, if: :check_api_token | |
| + | |
| protected | |
| + def check_api_token | |
| + return false if prevent_api_token_access | |
| + | |
| + return false if request.format.to_sym != :json | |
| + | |
| + uuid = request.headers["X-API-Token"] | |
| + | |
| + return false if uuid.blank? | |
| + | |
| + api_token = ApiToken.find_by(uuid: uuid, active: true) | |
| + raise ActionController::NotAuthorized if !api_token | |
| + | |
| + sign_in(api_token.user) | |
| + | |
| + return true | |
| + end | |
| + | |
| + def prevent_api_token_access | |
| + false | |
| + end | |
| + |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment