class APIController < ApplicationController layout false skip_before_filter

1. class APIController < ApplicationController
2. layout false
3.  
4. skip_before_filter :verify_authenticity_token
5.  
6. before_filter :setup_api
7. before_filter :setup_mode
8. before_filter :setup_path
9.  
10. WhiteList = Set.new( %w( ping index ) )
11. BlackList = Set.new( %w( ) )
12.  
13. def index
14. result = call(path, params)
15. respond_with(result)
16. end
17.  
18. protected
19.  
20. def call(path, params)
21. @result = api.mode(@mode).call(path, params)
22. end
23.  
24. def respond_with(object, options = {})
25. json = json_for(object)
26.  
27. status = object.status rescue (options[:status] || 200)
28. status = status.code if status.respond_to?(:code)
29.  
30. respond_to do |wants|
31. wants.json{ render :json => json, :status => status }
32. wants.html{ render :text => json, :status => status, :content_type => 'text/plain' }
33. end
34. end
35.  
36. def json_for(object)
37. if Rails.env.production?
38. ::JSON.generate(object)
39. else
40. ::JSON.pretty_generate(object, :max_nesting => 0)
41. end
42. end
43.  
44. def setup_path
45. @path = params[:path] || params[:action] || 'index'
46. unless api.route?(@path) or @path=='index'
47. render :nothing => true, :status => 404
48. end
49. end
50.  
51. def setup_mode
52. @mode = params['mode'] || (request.get? ? 'read' : 'write')
53. end
54.  
55. def path
56. @path
57. end
58.  
59. def mode
60. @mode
61. end
62.  
63. ##
64. # you'll likely want to customize this for you app as it makes a few
65. # assumptions about how to find and authenticate users
66. #
67. def setup_api
68. if white_listed?(path)
69. @api = Api.new
70. return
71. end
72.  
73. email, password = http_basic_auth_info
74.  
75. if !email.blank? and !password.blank?
76. user = User.find_by_email(email)
77. if user.password == password
78. @api = Api.new(user)
79. else
80. render(:nothing => true, :status => :unauthorized)
81. return
82. end
83. else
84. if defined?(current_user)
85. if current_user
86. @api = Api.new(current_user)
87. else
88. render(:nothing => true, :status => :unauthorized)
89. end
90. else
91. @api = Api.new
92. end
93. end
94. end
95.  
96. def api
97. @api
98. end
99.  
100. def self.white_listed?(path)
101. WhiteList.include?(path.to_s)
102. end
103.  
104. def white_listed?(path)
105. self.class.white_listed?(path)
106. end
107.  
108. def self.black_listed?(path)
109. BlackList.include?(path.to_s)
110. end
111.  
112. def black_listed?(path)
113. self.class.black_listed?(path)
114. end
115.  
116. def http_basic_auth
117. @http_basic_auth ||= (
118. request.env['HTTP_AUTHORIZATION'] ||
119. request.env['X-HTTP_AUTHORIZATION'] ||
120. request.env['X_HTTP_AUTHORIZATION'] ||
121. request.env['REDIRECT_X_HTTP_AUTHORIZATION'] ||
122. ''
123. )
124. end
125.  
126. def http_basic_auth_info
127. username, password =
128. ActiveSupport::Base64.decode64(http_basic_auth.split.last.to_s).split(/:/, 2)
129. end
130. end
131.  
132. ApiController = APIController ### rails is a bitch - shut her up