app/controllers/uploader_controller.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

class UploaderController < ApplicationController
  skip_before_action :verify_authenticity_token
  before_action :authenticate_user_from_token!

  def submit
    ExtractSaveDataJob.perform_later params[:game].as_json

    render json: { message: "Data submitted for processing." }
  end

  private

    def authenticate_user_from_token!
      login = request.headers["X-User-Login"].presence
      token = request.headers["X-User-Token"].presence

      unless login == Rails.application.credentials.uploader_username
        head :unauthorized
      end

      unless ActiveSupport::SecurityUtils.secure_compare(
        ::Digest::SHA256.hexdigest(Rails.application.credentials.uploader_token),
        ::Digest::SHA256.hexdigest(token))
        head :unauthorized
      end
    end

end