Heartbeat API with device token authentication

2025-12-06 10:14:59 +00:00 · 2015-11-09 16:19:50 +05:30
parent b51d535cfe
commit 7a2e2c15d2
5 changed files with 51 additions and 2 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,5 +1,20 @@
 class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
-  protect_from_forgery with: :exception
+  protect_from_forgery with: :null_session
+
+  def authenticate_device
+    authenticate_with_token || render_unauthorized
+  end
+
+  def authenticate_device
+    authenticate_or_request_with_http_token do |token, options|
+      @device = Device.find_by(access_token: token)
+      @device != nil
+    end
+  end
+
+  def render_unauthorized
+    render json: "Bad token", status: :unauthorised
+  end
 end
--- a/app/controllers/devices_controller.rb
+++ b/app/controllers/devices_controller.rb
@@ -11,7 +11,8 @@ class DevicesController < ApplicationController
                   }, 
            status: :created
    else
-      render json: { error: device.errors.full_messages }, status: :unprocessable_entity
+      render json: { error: device.errors.full_messages }, 
+              status: :unprocessable_entity
    end
  end

--- a/app/controllers/heartbeats_controller.rb
+++ b/app/controllers/heartbeats_controller.rb
@@ -0,0 +1,10 @@
+class HeartbeatsController < ApplicationController
+  before_action :authenticate_device
+  respond_to :json
+  
+  def create
+    heartbeat = Heartbeat.create(device: @device)
+    render json: { next_heartbeat_time: heartbeat.next_heartbeat_time }, 
+      status: :created
+  end
+end
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,5 +1,8 @@
 Rails.application.routes.draw do
  devise_for :admin_users, ActiveAdmin::Devise.config
+
+  post 'heartbeats', to: 'heartbeats#create', :defaults => { :format => :json }
+  
  ActiveAdmin.routes(self)
  # The priority is based upon order of creation: first created -> highest priority.
  # See how all your routes lay out with "rake routes".
--- a/spec/controllers/heartbeats_controller_spec.rb
+++ b/spec/controllers/heartbeats_controller_spec.rb
@@ -0,0 +1,20 @@
+require 'rails_helper'
+
+RSpec.describe HeartbeatsController, type: :controller do
+  let(:heartbeat) {FactoryGirl.create(:heartbeat)}
+  
+  before(:each) do
+    request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Token.encode_credentials(heartbeat.device.access_token)
+  end
+  
+  describe "POST #create" do
+    it "Respond with next heartbeat time" do
+      post :create, format: :json
+      expect(response).to have_http_status(:created)
+      expect(JSON.parse(response.body)["next_heartbeat_time"]).to 
+        match(heartbeat.next_heartbeat_time) 
+    end
+  end
+
+
+end