controller.rb

class BackchannelController < ApplicationController
  skip_before_action :authenticate!

  before_action :authenticate_internal_api!

  # POST /backchannel/event
  def backchannel_event
    organization_id = params[:organization_id]
    report_id = params[:report_id]
    execution_id = params[:execution_id]
    event = params[:event]
    timings = params[:timings]

    organization = Organization.find(params[:organization_id])
    message = {
      type: event,
      execution_id: params[:execution_id],
      timings: timings
    }
    message[:report_id] = report_id if report_id != -1
    message[:rows] = params[:rows] if params[:rows] != -1
    message[:columns] = params[:columns] if params[:columns] != -1
    message[:error_message] = params[:error_message] if params[:error_message] != -1

    render nothing: true, status: 200
  end

  private

  def authenticate_internal_api!
    token = request.headers['Internal-Token']
    render nothing: true, status: 401 if token.blank? || token != Settings.internal_api_token
  end
end