Integrated auth into main app

Pokeviewer now expects the main app's ApplicationController to contain a
method called "authenticate_pokeviewer" which will return true iff the
username and token passed to it are valid. An example stub is present in
the test dummy ApplicationController.

3 files changed, 20 insertions, 1 deletions

@@ -1,5 +1,5 @@
 module Pokeviewer
-  class ApplicationController < ActionController::Base
+  class ApplicationController < ::ApplicationController
     protect_from_forgery with: :exception
   end
 end
@@ -3,11 +3,24 @@ require_dependency "pokeviewer/application_controller"
 module Pokeviewer
   class UploaderController < ApplicationController
     skip_before_action :verify_authenticity_token
+    before_action :authenticate_user_from_token!
 
     def submit
       ExtractSaveDataJob.perform_later params[:game].as_json
 
       render json: { message: "Data submitted for processing." }
     end
+
+    private
+
+      def authenticate_user_from_token!
+        login = request.headers["X-User-Login"].presence
+        token = request.headers["X-User-Token"].presence
+
+        unless authenticate_pokeviewer(login, token)
+          head :unauthorized
+        end
+      end
+
   end
 end
@@ -1,3 +1,9 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
+
+  protected
+
+    def authenticate_pokeviewer(login, token)
+      login == "testuser" and token == "testpass"
+    end
 end