Skip to content

Instantly share code, notes, and snippets.

@vdaubry vdaubry/base_controller.rb
Last active Sep 18, 2015

Embed
What would you like to do?
Sample token authentication
class Api::V1::BaseController < ActionController::Base
before_filter :allow_cors
def allow_cors
headers["Access-Control-Allow-Origin"] = "*"
headers["Access-Control-Allow-Methods"] = %w{GET POST PUT DELETE}.join(",")
headers["Access-Control-Allow-Headers"] = %w{Origin Accept Content-Type X-Requested-With X-CSRF-Token X-API-Auth-Token}.join(",")
end
def options
head(:ok)
end
def authenticate_user!
render status: 401, json: { message: "Bad credentials" } unless current_user
end
def current_user
Authentication::Token.user(token: params[:auth_token])
end
end
module Oauth::Twitter
class Credential
def initialize(token:, secret:)
@client = Twitter::REST::Client.new do |config|
config.consumer_key = ENV["TWITTER_OAUTH_API_ID"]
config.consumer_secret = ENV["TWITTER_OAUTH_API_SECRET"]
config.access_token = token
config.access_token_secret = secret
end
end
def verify
begin
client.verify_credentials.id
rescue Twitter::Error::Unauthorized => e
end
end
private
attr_reader :client
end
end
class Api::V1::SessionsController < Api::V1::BaseController
def create
token = params[:auth_token]
secret = params[:auth_secret]
if token.blank? || secret.blank?
return render status: 422, json: {error: "Missing oauth token"}
end
credential = Oauth::Twitter::Credential.new(token: token, secret: secret)
twitter_id = credential.verify
return render status: 401, json: {error: "Bad credentials"} if twitter_id.nil?
auth_provider = AuthenticationProvider.where(uid: twitter_id).first
return render status: 401, json: {error: "Your twitter credentials are valid but no corresponding user was found on Linkastor. Please register on our website first"} if auth_provider.nil?
@user = auth_provider.user
token = Authentication::Token.new(user: @user).create
render json: @user, token: token
end
end
module Authentication
class Token
def initialize(user:)
@user = user
end
def create
token = SecureRandom.hex
auth_key = Authentication::Token.key(token: token)
$redis.set(auth_key, @user.id)
$redis.expire(auth_key, Rails.application.config.api_session_expiration)
token
end
def self.user(token:)
return if token.nil?
user_id = $redis.get(self.key(token: token))
User.find(user_id) if user_id.present?
end
private
def self.key(token:)
"authentication_"+token
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.