3 files changed, 20 insertions, 1 deletions
diff --git a/app/controllers/pokeviewer/application_controller.rb b/app/controllers/pokeviewer/application_controller.rb
index 7f6b42c..e342b11 100644
--- a/app/controllers/pokeviewer/application_controller.rb
+++ b/app/controllers/pokeviewer/application_controller.rb

@@ -1,5 +1,5 @@
 module Pokeviewer
-  class ApplicationController < ActionController::Base
+  class ApplicationController < ::ApplicationController
    protect_from_forgery with: :exception
  end
 end
diff --git a/app/controllers/pokeviewer/uploader_controller.rb b/app/controllers/pokeviewer/uploader_controller.rb
index dbef241..d72dd9a 100644
--- a/app/controllers/pokeviewer/uploader_controller.rb
+++ b/app/controllers/pokeviewer/uploader_controller.rb

@@ -3,11 +3,24 @@ require_dependency "pokeviewer/application_controller"
 module Pokeviewer
  class UploaderController < ApplicationController
    skip_before_action :verify_authenticity_token
+    before_action :authenticate_user_from_token!
    def submit
      ExtractSaveDataJob.perform_later params[:game].as_json
      render json: { message: "Data submitted for processing." }
    end
+    private
+      def authenticate_user_from_token!
+        login = request.headers["X-User-Login"].presence
+        token = request.headers["X-User-Token"].presence
+        unless authenticate_pokeviewer(login, token)
+          head :unauthorized
+        end
+      end
  end
 end
diff --git a/test/dummy/app/controllers/application_controller.rb b/test/dummy/app/controllers/application_controller.rb
index 1c07694..95f36f8 100644
--- a/test/dummy/app/controllers/application_controller.rb
+++ b/test/dummy/app/controllers/application_controller.rb

@@ -1,3 +1,9 @@
 class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception
+  protected
+    def authenticate_pokeviewer(login, token)
+      login == "testuser" and token == "testpass"
+    end
 end