diff options
-rw-r--r-- | app/controllers/pokeviewer/application_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/pokeviewer/uploader_controller.rb | 13 | ||||
-rw-r--r-- | test/dummy/app/controllers/application_controller.rb | 6 |
3 files changed, 20 insertions, 1 deletions
diff --git a/app/controllers/pokeviewer/application_controller.rb b/app/controllers/pokeviewer/application_controller.rb index 7f6b42c..e342b11 100644 --- a/app/controllers/pokeviewer/application_controller.rb +++ b/app/controllers/pokeviewer/application_controller.rb | |||
@@ -1,5 +1,5 @@ | |||
1 | module Pokeviewer | 1 | module Pokeviewer |
2 | class ApplicationController < ActionController::Base | 2 | class ApplicationController < ::ApplicationController |
3 | protect_from_forgery with: :exception | 3 | protect_from_forgery with: :exception |
4 | end | 4 | end |
5 | end | 5 | end |
diff --git a/app/controllers/pokeviewer/uploader_controller.rb b/app/controllers/pokeviewer/uploader_controller.rb index dbef241..d72dd9a 100644 --- a/app/controllers/pokeviewer/uploader_controller.rb +++ b/app/controllers/pokeviewer/uploader_controller.rb | |||
@@ -3,11 +3,24 @@ require_dependency "pokeviewer/application_controller" | |||
3 | module Pokeviewer | 3 | module Pokeviewer |
4 | class UploaderController < ApplicationController | 4 | class UploaderController < ApplicationController |
5 | skip_before_action :verify_authenticity_token | 5 | skip_before_action :verify_authenticity_token |
6 | before_action :authenticate_user_from_token! | ||
6 | 7 | ||
7 | def submit | 8 | def submit |
8 | ExtractSaveDataJob.perform_later params[:game].as_json | 9 | ExtractSaveDataJob.perform_later params[:game].as_json |
9 | 10 | ||
10 | render json: { message: "Data submitted for processing." } | 11 | render json: { message: "Data submitted for processing." } |
11 | end | 12 | end |
13 | |||
14 | private | ||
15 | |||
16 | def authenticate_user_from_token! | ||
17 | login = request.headers["X-User-Login"].presence | ||
18 | token = request.headers["X-User-Token"].presence | ||
19 | |||
20 | unless authenticate_pokeviewer(login, token) | ||
21 | head :unauthorized | ||
22 | end | ||
23 | end | ||
24 | |||
12 | end | 25 | end |
13 | end | 26 | end |
diff --git a/test/dummy/app/controllers/application_controller.rb b/test/dummy/app/controllers/application_controller.rb index 1c07694..95f36f8 100644 --- a/test/dummy/app/controllers/application_controller.rb +++ b/test/dummy/app/controllers/application_controller.rb | |||
@@ -1,3 +1,9 @@ | |||
1 | class ApplicationController < ActionController::Base | 1 | class ApplicationController < ActionController::Base |
2 | protect_from_forgery with: :exception | 2 | protect_from_forgery with: :exception |
3 | |||
4 | protected | ||
5 | |||
6 | def authenticate_pokeviewer(login, token) | ||
7 | login == "testuser" and token == "testpass" | ||
8 | end | ||
3 | end | 9 | end |