Commit 514540a
Changed files (2)
app
controllers
app/controllers/api/controller.rb
@@ -2,10 +2,36 @@ class Api::Controller < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :null_session
+ before_action :authenticate!
- def current_session
+ protected
+
+ def current_session(session_id = auth_token[:session_id])
+ @current_session ||= UserSession.authenticate(session_id)
end
def current_user
+ @current_user ||= User.find(current_session.try(:user_id))
+ rescue ActiveRecord::RecordNotFound
+ nil
+ end
+
+ private
+
+ def authenticate!
+ return if current_user.present?
+ return render json: { errors: ['Not Authenticated'] }, status: :unauthorized
+ rescue JWT::VerificationError, JWT::DecodeError
+ return render json: { errors: ['Not Authenticated'] }, status: :unauthorized
+ end
+
+ def auth_token
+ @auth_token ||= JsonWebToken.decode(http_token)
+ end
+
+ def http_token
+ if request.headers['Authorization'].present?
+ request.headers['Authorization'].split(' ').last
+ end
end
end
app/controllers/api/sessions_controller.rb
@@ -1,4 +1,6 @@
class Api::SessionsController < Api::Controller
+ skip_before_action :authenticate!
+
def create
user_session = User.login(params[:username], params[:password])
token = tokenize(user_session.access(request))