Add handlers are for authentication

app/controllers/application_controller.rb

@@ -5,14 +5,22 @@ class ApplicationController < ActionController::Base
 
   private
 
+  def access_token
+    request.headers['HTTP_ACCESS_TOKEN']
+  end
+
+  def api_version
+    request.headers['HTTP_API_VERSION']
+  end
+
   def current_user
     # logger.debug request.headers.inspect
     logger.debug request.headers['HTTP_ACCESS_TOKEN']
     # logger.debug request.headers['access_token']
     if session[:user_id]
       logger.warn 'Getting user because the session had a user_id.'
       @current_user ||= User.find(session[:user_id]) if session[:user_id]
-    elsif request.headers['HTTP_ACCESS_TOKEN']
+    elsif access_token
       logger.warn 'Getting user because request had an access token.'
       @urrent_user ||= User.find_by_access_token request.headers['HTTP_ACCESS_TOKEN']
     end
@@ -23,5 +31,16 @@ def current_user
     redirect_to '/logout'
   end
 
+  def require_authentication
+    unless current_user
+      unauthorized
+    end
+  end
+
+  def unauthorized
+    render nothing: true, status: 401
+  end
+
   helper_method :current_user
+  before_filter :require_authentication
 end

app/controllers/sessions_controller.rb

@@ -1,4 +1,6 @@
 class SessionsController < ApplicationController
+  skip_before_action :require_authentication, only: [:create]
+
   def create
     logger.debug env['omniauth.auth']
     user = User.from_omniauth env['omniauth.auth']

config/routes.rb

@@ -19,6 +19,7 @@
 
   # You can have the root of your site routed with "root"
   root 'sessions#show', format: 'json'
+  get 'me', to: 'sessions#show', format: 'json'
 
   match 'auth/:provider/callback', to: 'sessions#create', via: [:get, :post]
   match 'auth/failure', to: redirect('/'), via: [:get, :post]