From 049f4d7f9e66535e671271d92fbd5954acc81f04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Krzysiek=20Gre=C5=84?= <k.gren@selleo.com>
Date: Tue, 25 Apr 2017 12:55:21 +0200
Subject: [PATCH] Pass auth token in header

---
 client/src/components/App.js                     |  2 +-
 client/src/store/api/client.js                   | 16 ++++++++++++++++
 server/app/concerns/custom_filter.rb             |  2 +-
 server/app/controllers/application_controller.rb |  3 ---
 server/app/controllers/authorized_controller.rb  |  5 +++++
 server/app/controllers/categories_controller.rb  |  2 +-
 server/app/controllers/comments_controller.rb    |  2 +-
 server/app/controllers/posts_controller.rb       |  2 +-
 server/app/controllers/users_controller.rb       |  2 +-
 server/config/initializers/devise_token_auth.rb  |  2 +-
 server/config/routes.rb                          |  4 +---
 server/tmp/.keep                                 |  0
 12 files changed, 29 insertions(+), 13 deletions(-)
 create mode 100644 server/app/controllers/authorized_controller.rb
 delete mode 100644 server/tmp/.keep

diff --git a/client/src/components/App.js b/client/src/components/App.js
index 9e6b23e..c285c97 100644
--- a/client/src/components/App.js
+++ b/client/src/components/App.js
@@ -9,7 +9,7 @@ export class App extends Component {
   logout = (e) => {
     e.preventDefault();
     this.props.logout(this.props.user);
-  }
+  };
 
   render() {
     const { user } = this.props;
diff --git a/client/src/store/api/client.js b/client/src/store/api/client.js
index 4f61813..12ee818 100644
--- a/client/src/store/api/client.js
+++ b/client/src/store/api/client.js
@@ -31,6 +31,22 @@ const client = axios.create({
   },
 });
 
+client.interceptors.request.use(
+  (config) => {
+    const user = JSON.parse(localStorage.getItem('user') || '{}');
+    if (user['access-token']) {
+      config.headers['x-jwt-token'] = 'Bearer';
+      config.headers['client'] = user.client;
+      config.headers['access-token'] = user['access-token'];
+      config.headers['uid'] = user.uid;
+    }
+    return config
+  },
+  (error) => {
+    return Promise.reject(error)
+  }
+);
+
 const stringifyParams = (params) => qs.stringify(params, { format: 'RFC1738', arrayFormat: 'brackets' });
 
 const withParams = (url, params) => isEmpty(params) ? url : `${url}?${stringifyParams(params)}`;
diff --git a/server/app/concerns/custom_filter.rb b/server/app/concerns/custom_filter.rb
index 64ac277..620b155 100644
--- a/server/app/concerns/custom_filter.rb
+++ b/server/app/concerns/custom_filter.rb
@@ -9,6 +9,6 @@ def custom_filter(name, opts = {})
   end
 
   def custom_filters(*names)
-    names.each { |name| ransack_filter(name, names.extract_options!) }
+    names.each { |name| custom_filter(name, names.extract_options!) }
   end
 end
diff --git a/server/app/controllers/application_controller.rb b/server/app/controllers/application_controller.rb
index 23235c0..486cee1 100644
--- a/server/app/controllers/application_controller.rb
+++ b/server/app/controllers/application_controller.rb
@@ -1,7 +1,4 @@
 class ApplicationController < ActionController::Base
-  include DeviseTokenAuth::Concerns::SetUserByToken
-  include JSONAPI::ActsAsResourceController
-
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   # protect_from_forgery with: :null_session
diff --git a/server/app/controllers/authorized_controller.rb b/server/app/controllers/authorized_controller.rb
new file mode 100644
index 0000000..a27cd84
--- /dev/null
+++ b/server/app/controllers/authorized_controller.rb
@@ -0,0 +1,5 @@
+class AuthorizedController < ActionController::Base
+  include DeviseTokenAuth::Concerns::SetUserByToken
+  include JSONAPI::ActsAsResourceController
+  before_action :authenticate_user!
+end
diff --git a/server/app/controllers/categories_controller.rb b/server/app/controllers/categories_controller.rb
index a149595..ebdb645 100644
--- a/server/app/controllers/categories_controller.rb
+++ b/server/app/controllers/categories_controller.rb
@@ -1,2 +1,2 @@
-class CategoriesController < ApplicationController
+class CategoriesController < AuthorizedController
 end
diff --git a/server/app/controllers/comments_controller.rb b/server/app/controllers/comments_controller.rb
index 7669955..8d58bc4 100644
--- a/server/app/controllers/comments_controller.rb
+++ b/server/app/controllers/comments_controller.rb
@@ -1,2 +1,2 @@
-class CommentsController < ApplicationController
+class CommentsController < AuthorizedController
 end
diff --git a/server/app/controllers/posts_controller.rb b/server/app/controllers/posts_controller.rb
index a66e6b8..722704c 100644
--- a/server/app/controllers/posts_controller.rb
+++ b/server/app/controllers/posts_controller.rb
@@ -1,2 +1,2 @@
-class PostsController < ApplicationController
+class PostsController < AuthorizedController
 end
diff --git a/server/app/controllers/users_controller.rb b/server/app/controllers/users_controller.rb
index 3e74dea..94d227b 100644
--- a/server/app/controllers/users_controller.rb
+++ b/server/app/controllers/users_controller.rb
@@ -1,2 +1,2 @@
-class UsersController < ApplicationController
+class UsersController < AuthorizedController
 end
diff --git a/server/config/initializers/devise_token_auth.rb b/server/config/initializers/devise_token_auth.rb
index af7acd7..b70738b 100644
--- a/server/config/initializers/devise_token_auth.rb
+++ b/server/config/initializers/devise_token_auth.rb
@@ -3,7 +3,7 @@
   # client is responsible for keeping track of the changing tokens. Change
   # this to false to prevent the Authorization header from changing after
   # each request.
-  # config.change_headers_on_each_request = true
+  config.change_headers_on_each_request = false
 
   # By default, users will need to re-authenticate after 2 weeks. This setting
   # determines how long tokens will remain valid after they are issued.
diff --git a/server/config/routes.rb b/server/config/routes.rb
index 0b1c0ae..e31c1b2 100644
--- a/server/config/routes.rb
+++ b/server/config/routes.rb
@@ -1,9 +1,7 @@
 Rails.application.routes.draw do
   mount_devise_token_auth_for 'User', at: 'auth'
-
-  # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
   jsonapi_resources :categories
-  jsonapi_resources :posts
   jsonapi_resources :comments
+  jsonapi_resources :posts
   jsonapi_resources :users
 end
diff --git a/server/tmp/.keep b/server/tmp/.keep
deleted file mode 100644
index e69de29..0000000