Heartbeat API with device token authentication

app/controllers/application_controller.rb

@@ -1,5 +1,20 @@
 class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
-  protect_from_forgery with: :exception
+  protect_from_forgery with: :null_session
+
+  def authenticate_device
+    authenticate_with_token || render_unauthorized
+  end
+
+  def authenticate_device
+    authenticate_or_request_with_http_token do |token, options|
+      @device = Device.find_by(access_token: token)
+      @device != nil
+    end
+  end
+
+  def render_unauthorized
+    render json: "Bad token", status: :unauthorised
+  end
 end

app/controllers/devices_controller.rb

@@ -11,7 +11,8 @@ class DevicesController < ApplicationController
                    }, 
             status: :created
     else
-      render json: { error: device.errors.full_messages }, status: :unprocessable_entity
+      render json: { error: device.errors.full_messages }, 
+              status: :unprocessable_entity
     end
   end
 

app/controllers/heartbeats_controller.rb

@@ -0,0 +1,10 @@
+class HeartbeatsController < ApplicationController
+  before_action :authenticate_device
+  respond_to :json
+  
+  def create
+    heartbeat = Heartbeat.create(device: @device)
+    render json: { next_heartbeat_time: heartbeat.next_heartbeat_time }, 
+      status: :created
+  end
+end