vdaubry · September 18, 2015 00:53
diff --git a/base_controller.rb b/base_controller.rb
 class Api::V1::BaseController < ActionController::Base
  before_filter :allow_cors
  
  def allow_cors
    headers["Access-Control-Allow-Origin"] = "*"
    headers["Access-Control-Allow-Methods"] = %w{GET POST PUT DELETE}.join(",")
    headers["Access-Control-Allow-Headers"] = %w{Origin Accept Content-Type X-Requested-With X-CSRF-Token X-API-Auth-Token}.join(",")
  end

  def options
    head(:ok)
  end
  
  def authenticate_user!
    render status: 401, json: { message: "Bad credentials" } unless current_user
  end
  
  def current_user
    Authentication::Token.user(token: params[:auth_token])
  end
 end
diff --git a/credential.rb b/credential.rb
 module Oauth::Twitter
  class Credential
    def initialize(token:, secret:)
      @client = Twitter::REST::Client.new do |config|
        config.consumer_key        = ENV["TWITTER_OAUTH_API_ID"]
        config.consumer_secret     = ENV["TWITTER_OAUTH_API_SECRET"]
        config.access_token        = token
        config.access_token_secret = secret
      end
    end

    def verify
      begin
        client.verify_credentials.id
      rescue Twitter::Error::Unauthorized => e
      end
    end

    private
    attr_reader :client
  end
 end
diff --git a/sessions_controller.rb b/sessions_controller.rb
 class Api::V1::SessionsController < Api::V1::BaseController
  
  def create
    token = params[:auth_token]
    secret = params[:auth_secret]
    if token.blank? || secret.blank?
      return render status: 422, json: {error: "Missing oauth token"}
    end
    
    credential = Oauth::Twitter::Credential.new(token: token, secret: secret)
    twitter_id = credential.verify
    return render status: 401, json: {error: "Bad credentials"} if twitter_id.nil? 
    
    auth_provider = AuthenticationProvider.where(uid: twitter_id).first
    return render status: 401, json: {error: "Your twitter credentials are valid but no corresponding user was found on Linkastor. Please register on our website first"} if auth_provider.nil? 
    
    @user = auth_provider.user
    token = Authentication::Token.new(user: @user).create
    
    render json: @user, token: token
  end
 end
diff --git a/token.rb b/token.rb
 module Authentication
  class Token
    def initialize(user:)
      @user = user
    end
    
    def create
      token = SecureRandom.hex
      auth_key = Authentication::Token.key(token: token)
      $redis.set(auth_key, @user.id)
      $redis.expire(auth_key, Rails.application.config.api_session_expiration)
      token
    end
    
    def self.user(token:)
      return if token.nil?
      
      user_id = $redis.get(self.key(token: token))
      User.find(user_id) if user_id.present?
    end
    
    private
      def self.key(token:)
        "authentication_"+token
      end
  end
 end
	class Api::V1::BaseController < ActionController::Base
	before_filter :allow_cors

	def allow_cors
	headers["Access-Control-Allow-Origin"] = "*"
	headers["Access-Control-Allow-Methods"] = %w{GET POST PUT DELETE}.join(",")
	headers["Access-Control-Allow-Headers"] = %w{Origin Accept Content-Type X-Requested-With X-CSRF-Token X-API-Auth-Token}.join(",")
	end

	def options
	head(:ok)
	end

	def authenticate_user!
	render status: 401, json: { message: "Bad credentials" } unless current_user
	end

	def current_user
	Authentication::Token.user(token: params[:auth_token])
	end
	end
	module Oauth::Twitter
	class Credential
	def initialize(token:, secret:)
	@client = Twitter::REST::Client.new do \|config\|
	config.consumer_key = ENV["TWITTER_OAUTH_API_ID"]
	config.consumer_secret = ENV["TWITTER_OAUTH_API_SECRET"]
	config.access_token = token
	config.access_token_secret = secret
	end
	end

	def verify
	begin
	client.verify_credentials.id
	rescue Twitter::Error::Unauthorized => e
	end
	end

	private
	attr_reader :client
	end
	end
	class Api::V1::SessionsController < Api::V1::BaseController

	def create
	token = params[:auth_token]
	secret = params[:auth_secret]
	if token.blank? \|\| secret.blank?
	return render status: 422, json: {error: "Missing oauth token"}
	end

	credential = Oauth::Twitter::Credential.new(token: token, secret: secret)
	twitter_id = credential.verify
	return render status: 401, json: {error: "Bad credentials"} if twitter_id.nil?

	auth_provider = AuthenticationProvider.where(uid: twitter_id).first
	return render status: 401, json: {error: "Your twitter credentials are valid but no corresponding user was found on Linkastor. Please register on our website first"} if auth_provider.nil?

	@user = auth_provider.user
	token = Authentication::Token.new(user: @user).create

	render json: @user, token: token
	end
	end
	module Authentication
	class Token
	def initialize(user:)
	@user = user
	end

	def create
	token = SecureRandom.hex
	auth_key = Authentication::Token.key(token: token)
	$redis.set(auth_key, @user.id)
	$redis.expire(auth_key, Rails.application.config.api_session_expiration)
	token
	end

	def self.user(token:)
	return if token.nil?

	user_id = $redis.get(self.key(token: token))
	User.find(user_id) if user_id.present?
	end

	private
	def self.key(token:)
	"authentication_"+token
	end
	end
	end