From b68f6cb66ec30f9e9ddd2724592e40ba0a3b22fb Mon Sep 17 00:00:00 2001
From: Kelly Rauchenberger <fefferburbia@gmail.com>
Date: Sun, 15 Oct 2017 13:06:13 -0400
Subject: Integrated auth into main app

Pokeviewer now expects the main app's ApplicationController to contain a
method called "authenticate_pokeviewer" which will return true iff the
username and token passed to it are valid. An example stub is present in
the test dummy ApplicationController.
---
 app/controllers/pokeviewer/application_controller.rb |  2 +-
 app/controllers/pokeviewer/uploader_controller.rb    | 13 +++++++++++++
 test/dummy/app/controllers/application_controller.rb |  6 ++++++
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/app/controllers/pokeviewer/application_controller.rb b/app/controllers/pokeviewer/application_controller.rb
index 7f6b42c..e342b11 100644
--- a/app/controllers/pokeviewer/application_controller.rb
+++ b/app/controllers/pokeviewer/application_controller.rb
@@ -1,5 +1,5 @@
 module Pokeviewer
-  class ApplicationController < ActionController::Base
+  class ApplicationController < ::ApplicationController
     protect_from_forgery with: :exception
   end
 end
diff --git a/app/controllers/pokeviewer/uploader_controller.rb b/app/controllers/pokeviewer/uploader_controller.rb
index dbef241..d72dd9a 100644
--- a/app/controllers/pokeviewer/uploader_controller.rb
+++ b/app/controllers/pokeviewer/uploader_controller.rb
@@ -3,11 +3,24 @@ require_dependency "pokeviewer/application_controller"
 module Pokeviewer
   class UploaderController < ApplicationController
     skip_before_action :verify_authenticity_token
+    before_action :authenticate_user_from_token!
 
     def submit
       ExtractSaveDataJob.perform_later params[:game].as_json
 
       render json: { message: "Data submitted for processing." }
     end
+
+    private
+
+      def authenticate_user_from_token!
+        login = request.headers["X-User-Login"].presence
+        token = request.headers["X-User-Token"].presence
+
+        unless authenticate_pokeviewer(login, token)
+          head :unauthorized
+        end
+      end
+
   end
 end
diff --git a/test/dummy/app/controllers/application_controller.rb b/test/dummy/app/controllers/application_controller.rb
index 1c07694..95f36f8 100644
--- a/test/dummy/app/controllers/application_controller.rb
+++ b/test/dummy/app/controllers/application_controller.rb
@@ -1,3 +1,9 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
+
+  protected
+
+    def authenticate_pokeviewer(login, token)
+      login == "testuser" and token == "testpass"
+    end
 end
-- 
cgit 1.4.1