25 lines
906 B
Ruby
Executable File
25 lines
906 B
Ruby
Executable File
# Base controller for API endpoints
|
|
# Provides authentication and common functionality for API controllers
|
|
class ApiController < ApplicationController
|
|
# Disable CSRF protection for API requests (token-based authentication instead)
|
|
protect_from_forgery with: :null_session
|
|
|
|
# Authenticate all API requests using API key
|
|
# Must be called before any API action
|
|
before_action :authenticate_api_key
|
|
|
|
private
|
|
|
|
# Authenticates API requests using X-API-Key header or api_key parameter
|
|
# Returns 401 Unauthorized if key is invalid or missing
|
|
def authenticate_api_key
|
|
# Extract API key from header or query parameter
|
|
api_key = request.headers["X-API-Key"] || params[:api_key]
|
|
|
|
# Validate against hardcoded key (in production, use environment variable)
|
|
unless api_key == "aperonight-api-key-2025"
|
|
render json: { error: "Unauthorized" }, status: :unauthorized
|
|
end
|
|
end
|
|
end
|