add OAuth Echo support

5 files changed, 34 insertions, 15 deletions

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 0ed7cf0..3579533 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,5 +1,7 @@
 # -*- coding: utf-8 -*-
 class ApplicationController < ActionController::Base
+  include Aclog::TwitterOauthEchoAuthentication::ControllerMethods
+
   protect_from_forgery
   before_filter :set_format, :check_session
   after_filter :xhtml
@@ -14,17 +16,21 @@ class ApplicationController < ActionController::Base
   end
 
   def authorized_to_show?(user)
-    case
-    when (not user.protected?)
-      true
-    when (not session[:user_id])
-      false
-    when user.id == session[:user_id]
-      true
-    when session[:account].following?(user)
-      true
+    return true if not user.protected?
+
+    if session[:user_id]
+      return session[:account].following?(user.id)
+    elsif request.headers["X-Verify-Credentials-Authorization"]
+      # OAuth Echo
+      user_id = authenticate_with_twitter_oauth_echo
+      account = Account.find_by(user_id: user_id)
+      if account
+        return account.following?(user.id)
+      else
+        return false
+      end
     else
-      false
+      return false
     end
   end
 
diff --git a/app/controllers/errors_controller.rb b/app/controllers/errors_controller.rb
index 4169eab..1755e05 100644
--- a/app/controllers/errors_controller.rb
+++ b/app/controllers/errors_controller.rb
@@ -20,6 +20,8 @@ class ErrorsController < ApplicationController
       render "error", status: 403
     when Aclog::Exceptions::LoginRequired
       render "error", status: 403
+    when Aclog::Exceptions::OAuthEchoUnauthorized
+      render "error", status: 401
     when ActionController::RoutingError
       render "error", status: 404
     else
diff --git a/app/models/account.rb b/app/models/account.rb
index 7eab2e8..e7f98ee 100644
--- a/app/models/account.rb
+++ b/app/models/account.rb
@@ -48,8 +48,12 @@ class Account < ActiveRecord::Base
     end
   end
 
-  def following?(target_user)
-    client.friendship?(user_id, target_user.id)
+  def following?(target_user_id)
+    client.friendship?(user_id, target_user_id)
+  end
+
+  def followed_by?(source_user_id)
+    client.friendship?(source_user_id, user_id)
   end
 end
 
diff --git a/app/views/errors/error.html.haml b/app/views/errors/error.html.haml
index 6714aec..46fd2fb 100644
--- a/app/views/errors/error.html.haml
+++ b/app/views/errors/error.html.haml
@@ -11,10 +11,14 @@
     ユーザーは非公開です。
   - when Aclog::Exceptions::LoginRequired
     このページの表示にはログインが必要です。
+  - when Aclog::Exceptions::OAuthEchoUnauthorized
+    OAuth Echo 認証に失敗しました。
   - when ActionController::RoutingError
     このページは存在しません。
   - else
     - if response.status == 404
-      Not Found (Unknown)
+      Not Found (Unknown):
+      = @exception.class
     - else
-      Internal Error (Unknown)
+      Internal Error (Unknown):
+      = @exception.class
diff --git a/app/views/errors/error.json.jbuilder b/app/views/errors/error.json.jbuilder
index 41e8ea2..b3dbb77 100644
--- a/app/views/errors/error.json.jbuilder
+++ b/app/views/errors/error.json.jbuilder
@@ -11,14 +11,17 @@ json.error do |json|
     json.message "ユーザーは非公開です。"
   when Aclog::Exceptions::LoginRequired
     json.message "このページの表示にはログインが必要です。"
+  when Aclog::Exceptions::OAuthEchoUnauthorized
+    json.message "OAuth Echo 認証に失敗しました。"
   when ActionController::RoutingError
     json.message "このページは存在しません。"
   else
+    json.exception @exception.class
     if response.status == 404
       json.message "Not Found (Unknown)"
     else
       json.message "Internal Error (Unknown)"
     end
   end
-  # json.exception @exception.class.to_s
 end
+