I have a node client that would POST :user models from a json.list off my local machine to a POST/PATCH API that I run on production server using Rails.
Before I roll out the Rails API online just want to ensure that all such POST requests be rejected unless they're originating from my computer alone. I am okay with a hack-ey patch-y solution because this is a temporary thing and I will switch the rails api off immediately after the list is completely deposited.
Any quick answers?
This is what my rails api looks like right now:
class Api::UsersController < Api::ApiController
include ActionController::HttpAuthentication::Basic::ControllerMethods
# before_action :authenticate
def create
request.body.rewind
localParams = ActiveSupport::JSON.decode(URI.decode(request.body.read))
logger.debug "New user: #{localParams.inspect}"
user = User.find_by_username(localParams["username"])
if !user.nil?
if !user.api_key?
user.generate_api_key
user.save!
end
render json: { key: user.api_key, username: user.username, email: user.email }, status: 200
else
user = User.new(localParams)
if user.save!
render json: { key: user.api_key, username: user.username, email: user.email }, status: 200
else
logger.debug "Error: #{user.errors.inspect}"
render json: user.errors, status: :unprocessable_entity
end
end
end
protected
end
via marvindanig
No comments:
Post a Comment