mirror of
https://github.com/Growstuff/growstuff.git
synced 2025-12-30 21:17:50 -05:00
02db5b8130
* feat: Add API token generation and authentication This commit introduces API token generation and authentication for write operations. - Adds a section to the user's profile edit page to generate and display an API token. - Reuses the `authentications` table to store the API token, avoiding the need for a database migration. - Implements token-based authentication for the API using the `Authorization: Token token=...` header. - Enables write operations for all API resources and ensures they are protected by the new authentication mechanism. - Adds feature and request specs to test the new functionality. * feat: Add API token generation and authentication This commit introduces API token generation and authentication for write operations. - Adds a section to the user's profile edit page to generate and display an API token. - Reuses the `authentications` table to store the API token, avoiding the need for a database migration. - Implements token-based authentication for the API using the `Authorization: Token token=...` header. - Enables write operations for all API resources and ensures they are protected by the new authentication mechanism. - Adds feature and request specs to test the new functionality. * Mark as editable * Refactor * WIP - Authentication * Implement more test coverage * Split 401 and 403 * Before Create hooks * Update harvest specs, defaulting to the first plant part - this may not be right * Update coverage * Update coverage * Rubocop * Rubocop * Rubocop * Fix coverage * For now, mark photos immutable again * Fix specs * Fix specs * Rubocop * Fix specs --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> Co-authored-by: Daniel O'Connor <daniel.oconnor@gmail.com>
44 lines
1.0 KiB
Ruby
44 lines
1.0 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
module Api
|
|
module V1
|
|
class BaseController < JSONAPI::ResourceController
|
|
abstract
|
|
protect_from_forgery with: :null_session
|
|
before_action :authenticate_member_from_token!
|
|
before_action :enforce_member_for_write_operations!, only: %i(create update destroy)
|
|
rescue_from CanCan::AccessDenied do
|
|
head :forbidden
|
|
end
|
|
|
|
def context
|
|
{
|
|
current_user: current_user,
|
|
current_ability: current_ability,
|
|
controller: self,
|
|
action: params[:action]
|
|
}
|
|
end
|
|
|
|
private
|
|
|
|
attr_reader :current_user
|
|
|
|
def enforce_member_for_write_operations!
|
|
head :unauthorized unless current_user
|
|
end
|
|
|
|
def authenticate_member_from_token!
|
|
authenticate_with_http_token do |token, _options|
|
|
auth = Authentication.find_by(token: token, provider: 'api')
|
|
if auth.present?
|
|
@current_user = auth.member
|
|
|
|
return true
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|