do not use devise strategy for api auth

docusealco · Dec 25, 2023 · 94a13ff · 94a13ff
1 parent 64c8707
commit 94a13ff
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 24 deletions.
diff --git a/app/controllers/api/api_base_controller.rb b/app/controllers/api/api_base_controller.rb
@@ -33,6 +33,17 @@ def paginate(relation)
       result
     end
 
+    def authenticate_user!
+      @current_user ||=
+        if request.headers['X-Auth-Token'].present?
+          sha256 = Digest::SHA256.hexdigest(request.headers['X-Auth-Token'])
+
+          User.joins(:access_token).find_by(access_token: { sha256: })
+        end
+
+      render json: { error: 'Not authenticated' }, status: :unauthorized unless current_user
+    end
+
     def current_account
       current_user&.account
     end

diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
@@ -1,9 +1,5 @@
 # frozen_string_literal: true
 
-require_relative '../../lib/auth_with_token_strategy'
-
-Warden::Strategies.add(:auth_token, AuthWithTokenStrategy)
-
 Devise.otp_allowed_drift = 60.seconds
 
 # Assuming you have not yet modified this file, each configuration option below
@@ -279,7 +275,7 @@
   #
   config.warden do |manager|
     # manager.intercept_401 = false
-    manager.default_strategies(scope: :user).unshift(:auth_token)
+    # manager.default_strategies(scope: :user).unshift(:auth_token)
   end
 
   # ==> Mountable engine configurations

diff --git a/lib/auth_with_token_strategy.rb b/lib/auth_with_token_strategy.rb