feat: add Party management API with RESTful endpoints and comprehensive documentation

- Introduce Party model with lifecycle states (draft, published, canceled, sold_out) - Add RESTful API endpoints under /api/v1/parties for CRUD operations - Create ApiController base with API key authentication - Implement comprehensive code comments across models and controllers - Add database migration for parties table with proper indexes - Configure API routes with namespaced versioning
2025-08-23 18:03:32 +02:00
parent 74a1c446c4
commit ef9cfd6cdf
10 changed files with 266 additions and 6 deletions
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -0,0 +1,24 @@
+# Base controller for API endpoints
+# Provides authentication and common functionality for API controllers
+class ApiController < ApplicationController
+  # Disable CSRF protection for API requests (token-based authentication instead)
+  protect_from_forgery with: :null_session
+
+  # Authenticate all API requests using API key
+  # Must be called before any API action
+  before_action :authenticate_api_key
+
+  private
+
+  # Authenticates API requests using X-API-Key header or api_key parameter
+  # Returns 401 Unauthorized if key is invalid or missing
+  def authenticate_api_key
+    # Extract API key from header or query parameter
+    api_key = request.headers["X-API-Key"] || params[:api_key]
+
+    # Validate against hardcoded key (in production, use environment variable)
+    unless api_key == "aperonight-api-key-2025"
+      render json: { error: "Unauthorized" }, status: :unauthorized
+    end
+  end
+end