about summary refs log tree commit diff stats
diff options
context:
space:
mode:
-rw-r--r--app/controllers/pokeviewer/application_controller.rb2
-rw-r--r--app/controllers/pokeviewer/uploader_controller.rb13
-rw-r--r--test/dummy/app/controllers/application_controller.rb6
3 files changed, 20 insertions, 1 deletions
diff --git a/app/controllers/pokeviewer/application_controller.rb b/app/controllers/pokeviewer/application_controller.rb index 7f6b42c..e342b11 100644 --- a/app/controllers/pokeviewer/application_controller.rb +++ b/app/controllers/pokeviewer/application_controller.rb
@@ -1,5 +1,5 @@
1module Pokeviewer 1module Pokeviewer
2 class ApplicationController < ActionController::Base 2 class ApplicationController < ::ApplicationController
3 protect_from_forgery with: :exception 3 protect_from_forgery with: :exception
4 end 4 end
5end 5end
diff --git a/app/controllers/pokeviewer/uploader_controller.rb b/app/controllers/pokeviewer/uploader_controller.rb index dbef241..d72dd9a 100644 --- a/app/controllers/pokeviewer/uploader_controller.rb +++ b/app/controllers/pokeviewer/uploader_controller.rb
@@ -3,11 +3,24 @@ require_dependency "pokeviewer/application_controller"
3module Pokeviewer 3module Pokeviewer
4 class UploaderController < ApplicationController 4 class UploaderController < ApplicationController
5 skip_before_action :verify_authenticity_token 5 skip_before_action :verify_authenticity_token
6 before_action :authenticate_user_from_token!
6 7
7 def submit 8 def submit
8 ExtractSaveDataJob.perform_later params[:game].as_json 9 ExtractSaveDataJob.perform_later params[:game].as_json
9 10
10 render json: { message: "Data submitted for processing." } 11 render json: { message: "Data submitted for processing." }
11 end 12 end
13
14 private
15
16 def authenticate_user_from_token!
17 login = request.headers["X-User-Login"].presence
18 token = request.headers["X-User-Token"].presence
19
20 unless authenticate_pokeviewer(login, token)
21 head :unauthorized
22 end
23 end
24
12 end 25 end
13end 26end
diff --git a/test/dummy/app/controllers/application_controller.rb b/test/dummy/app/controllers/application_controller.rb index 1c07694..95f36f8 100644 --- a/test/dummy/app/controllers/application_controller.rb +++ b/test/dummy/app/controllers/application_controller.rb
@@ -1,3 +1,9 @@
1class ApplicationController < ActionController::Base 1class ApplicationController < ActionController::Base
2 protect_from_forgery with: :exception 2 protect_from_forgery with: :exception
3
4 protected
5
6 def authenticate_pokeviewer(login, token)
7 login == "testuser" and token == "testpass"
8 end
3end 9end