Added User API and userkey

2019-04-08 16:41:19 +02:00 · 2019-04-08 16:41:19 +02:00 · a57848b3a6
parent 9f3de720c8
commit a57848b3a6
6 changed files with 58 additions and 4 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -2,7 +2,10 @@ class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception

  rescue_from CanCan::AccessDenied do |exception|
-    redirect_to root_path, flash: { error: message_for(exception) }
+    respond_to do |format|
+      format.json { render json: [ "Diefstal is een misdrijf." ], status: :forbidden }
+      format.html { redirect_to root_path, flash: { error: message_for(exception) } }
+    end
  end

  def after_sign_in_path_for(resource)
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -23,8 +23,21 @@
 class UsersController < ApplicationController
  load_and_authorize_resource
  before_action :init, only: :show
+  skip_load_and_authorize_resource :only => :show

  def show
+    # TODO fix this with `authorize!`
+    if params[:id] && (@user.name != params[:id] && !@user.admin?)
+      respond_to do |format|
+        format.json { render json: ["Mind your own business"] }
+        format.html { redirect_to root_url }
+      end
+    else
+      respond_to do |format|
+        format.json { render json: @user }
+        format.html {}
+      end
+    end
  end

  def update
@ -81,6 +94,17 @@ class UsersController < ApplicationController
  end

  def init
-    @user ||= current_user
+    @user ||= current_user || user_token || User.new
+  end
+
+  def user_token
+    @user_token ||= authenticate_with_http_token do |token, options|
+      User.find_by userkey: token
+    end
+  end
+
+  def reset_key
+    @user.generate_key!
+    redirect_to @user
  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -37,6 +37,7 @@ class User < ActiveRecord::Base
    where(name: auth.uid).first_or_create do |user|
      user.name = auth.uid
      user.avatar = Identicon.data_url_for auth.uid
+      user.generate_key!
    end
  end

@ -89,4 +90,18 @@ class User < ActiveRecord::Base
      user.koelkast = true
    end
  end
+
+  def generate_key
+    set_key unless self.userkey
+  end
+
+  def generate_key!
+    set_key
+    self.save
+  end
+
+  private
+  def set_key
+    self.userkey = SecureRandom.base64(16)
+  end
 end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -22,6 +22,7 @@ Rails.application.routes.draw do
    member do
      get 'quickpay'               => 'users#quickpay'
      get 'dagschotel/edit'        => 'users#edit_dagschotel', as: 'edit_dagschotel'
+      post :reset_key
    end
  end

--- a/db/migrate/20190408122720_add_api_token.rb
+++ b/db/migrate/20190408122720_add_api_token.rb
@ -0,0 +1,10 @@
+class AddApiToken < ActiveRecord::Migration
+  def change
+    add_column :users, :userkey, :string
+
+    User.all.each do |user|
+      user.generate_key
+      user.save
+    end
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20160304192839) do
+ActiveRecord::Schema.define(version: 20190408122720) do

  create_table "barcodes", force: :cascade do |t|
    t.integer  "product_id"
@ -86,7 +86,8 @@ ActiveRecord::Schema.define(version: 20160304192839) do
    t.string   "name"
    t.boolean  "private",             default: false
    t.integer  "frecency",            default: 0,     null: false
-    t.boolean  "quickpay_hidden"
+    t.boolean  "quickpay_hidden",     default: false
+    t.string   "userkey"
  end

  add_index "users", ["koelkast"], name: "index_users_on_koelkast"