Spree::Api::BaseController.class_eval do
  before_action :check_device

  private

  def check_device
    return unless current_api_user
    return unless mobile?

    device_uid = request.headers['Device-Uid']
    user_device = device_service.find_user_device(current_api_user, device_uid)

    user_device.touch && return if user_device.present? # rubocop:disable Rails/SkipsModelValidations
    raise CanCan::AccessDenied
  end

  def mobile?
    request.headers['X-OS'] =~ /iOS|Android/i
  end

  def device_service
    Spree::DeviceService.instance
  end
end