class Api::V1::ApiController < ::ActionController::API before_action :authenticate_user after_filter :cors_set_access_control_headers skip_before_filter :authenticate_user, :only => [:route_options] def route_options cors_preflight_check end private def authenticate_user set_hash if @instance_hash.nil? render :json => {errors: "User is not logged in, register or log in"} , status: :unauthorized end end def authenticate_password if current_user.nil? return true end if !current_user.authenticate(params[:user][:password]) return true else return false end end def set_hash #["current_owner","current_token"] Make this true to check for email also @instance_hash = ::Arcadex::Authentication.get_instance(params,request,"Auth-Token") #@instance_hash = ::Arcadex::Authentication.authenticate_owner_with_index(params,request,"Auth-Token","Email","email") end def current_user if !@instance_hash.nil? return @instance_hash["current_owner"] else return nil end end def current_token if !@instance_hash.nil? return @instance_hash["current_token"] else return nil end end def cors_set_access_control_headers response.headers['Access-Control-Allow-Origin'] = '*' response.headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, PATCH, DELETE, OPTIONS' response.headers['Access-Control-Allow-Headers'] = '*, Origin, Content-Type, Accept, Authorization, Token, Auth-Token, Email' response.headers['Access-Control-Expose-Headers'] = '*' response.headers['Access-Control-Max-Age'] = "1728000" end def cors_preflight_check #if request.method == 'OPTIONS' request.headers['Access-Control-Allow-Origin'] = '*' request.headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, PATCH, DELETE, OPTIONS' request.headers['Access-Control-Allow-Headers'] = '*, X-Requested-With, X-Prototype-Version, Token, Auth-Token, Email' request.headers['Access-Control-Max-Age'] = '1728000' render :text => '', :content_type => 'text/plain' #end end end