Pass auth token in header

client/src/components/App.js

@@ -9,7 +9,7 @@ export class App extends Component {
   logout = (e) => {
     e.preventDefault();
     this.props.logout(this.props.user);
-  }
+  };
 
   render() {
     const { user } = this.props;

client/src/store/api/client.js

@@ -31,6 +31,22 @@ const client = axios.create({
   },
 });
 
+client.interceptors.request.use(
+  (config) => {
+    const user = JSON.parse(localStorage.getItem('user') || '{}');
+    if (user['access-token']) {
+      config.headers['x-jwt-token'] = 'Bearer';
+      config.headers['client'] = user.client;
+      config.headers['access-token'] = user['access-token'];
+      config.headers['uid'] = user.uid;
+    }
+    return config
+  },
+  (error) => {
+    return Promise.reject(error)
+  }
+);
+
 const stringifyParams = (params) => qs.stringify(params, { format: 'RFC1738', arrayFormat: 'brackets' });
 
 const withParams = (url, params) => isEmpty(params) ? url : `${url}?${stringifyParams(params)}`;

server/app/concerns/custom_filter.rb

@@ -9,6 +9,6 @@ def custom_filter(name, opts = {})
   end
 
   def custom_filters(*names)
-    names.each { |name| ransack_filter(name, names.extract_options!) }
+    names.each { |name| custom_filter(name, names.extract_options!) }
   end
 end

server/app/controllers/application_controller.rb

@@ -1,7 +1,4 @@
 class ApplicationController < ActionController::Base
-  include DeviseTokenAuth::Concerns::SetUserByToken
-  include JSONAPI::ActsAsResourceController
-
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   # protect_from_forgery with: :null_session

server/app/controllers/authorized_controller.rb

@@ -0,0 +1,5 @@
+class AuthorizedController < ActionController::Base
+  include DeviseTokenAuth::Concerns::SetUserByToken
+  include JSONAPI::ActsAsResourceController
+  before_action :authenticate_user!
+end

server/app/controllers/categories_controller.rb

@@ -1,2 +1,2 @@
-class CategoriesController < ApplicationController
+class CategoriesController < AuthorizedController
 end

server/app/controllers/comments_controller.rb

@@ -1,2 +1,2 @@
-class CommentsController < ApplicationController
+class CommentsController < AuthorizedController
 end

server/app/controllers/posts_controller.rb

@@ -1,2 +1,2 @@
-class PostsController < ApplicationController
+class PostsController < AuthorizedController
 end

server/app/controllers/users_controller.rb

@@ -1,2 +1,2 @@
-class UsersController < ApplicationController
+class UsersController < AuthorizedController
 end

server/config/initializers/devise_token_auth.rb

@@ -3,7 +3,7 @@
   # client is responsible for keeping track of the changing tokens. Change
   # this to false to prevent the Authorization header from changing after
   # each request.
-  # config.change_headers_on_each_request = true
+  config.change_headers_on_each_request = false
 
   # By default, users will need to re-authenticate after 2 weeks. This setting
   # determines how long tokens will remain valid after they are issued.

server/config/routes.rb

@@ -1,9 +1,7 @@
 Rails.application.routes.draw do
   mount_devise_token_auth_for 'User', at: 'auth'
-
-  # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
   jsonapi_resources :categories
-  jsonapi_resources :posts
   jsonapi_resources :comments
+  jsonapi_resources :posts
   jsonapi_resources :users
 end