team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit (history cleared)
CI / test (3.4.1) (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Robbie Paul
2026-04-29 11:21:39 +01:00
commit 298610b5f6
277 changed files with 30877 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/controllers/api/v1/mobile_controller.rb
+33
View File
@@ -0,0 +1,33 @@
# frozen_string_literal: true
class Api::V1::MobileController < ApplicationController
skip_before_action :authenticated
before_action :mobile_request?
respond_to :json
def show
if params[:class]
model = params[:class].classify.constantize
respond_with model.find(params[:id]).to_json
end
end
def index
if params[:class]
model = params[:class].classify.constantize
respond_with model.all.to_json
else
respond_with nil.to_json
end
end
private
def mobile_request?
if session[:mobile_param]
session[:mobile_param] == "1"
else
request.user_agent =~ /ios|android/i
end
end
end
app/controllers/api/v1/users_controller.rb
+56
View File
@@ -0,0 +1,56 @@
# frozen_string_literal: true
class Api::V1::UsersController < ApplicationController
skip_before_action :authenticated
before_action :valid_api_token
before_action :extrapolate_user
respond_to :json
def index
respond_with @user.admin ? User.all : @user
end
def show
respond_with @user.as_json
end
private
def valid_api_token
authenticate_or_request_with_http_token do |token, options|
# TODO :add some functionality to check if the HTTP Header is valid
if !identify_user(token)
redirect_to root_url
else
true
end
end
end
def identify_user(token = "")
# We've had issues with URL encoding, etc. causing issues so just to be safe
# we will go ahead and unescape the user's token
unescape_token(token)
@clean_token =~ /(.*?)-(.*)/
id = $1
hash = $2
check_hash(id, hash)
end
def check_hash(id, hash)
digest = OpenSSL::Digest::SHA1.hexdigest("#{ACCESS_TOKEN_SALT}:#{id}")
hash == digest
end
# We had some issues with the token and url encoding...
# this is an attempt to normalize the data.
def unescape_token(token = "")
@clean_token = CGI::unescape(token)
end
# Added a method to make it easy to figure out who the user is.
def extrapolate_user
@user = User.find_by_id(@clean_token.split("-").first)
end
end