add OAuth Echo support

2 files changed, 44 insertions, 0 deletions

diff --git a/lib/aclog/exceptions.rb b/lib/aclog/exceptions.rb
index 5346cf6..4e136a1 100644
--- a/lib/aclog/exceptions.rb
+++ b/lib/aclog/exceptions.rb
@@ -5,5 +5,6 @@ module Aclog
     class UserProtected < StandardError; end
     class LoginRequired < StandardError; end
     class TweetNotFound < StandardError; end
+    class OAuthEchoUnauthorized < StandardError; end
   end
 end
diff --git a/lib/aclog/twitter_oauth_echo_authentication.rb b/lib/aclog/twitter_oauth_echo_authentication.rb
new file mode 100644
index 0000000..1a95bec
--- /dev/null
+++ b/lib/aclog/twitter_oauth_echo_authentication.rb
@@ -0,0 +1,43 @@
+require "open-uri"
+
+module Aclog
+  module TwitterOauthEchoAuthentication
+    extend self
+
+    TWITTER_PROVIDER = "https://api.twitter.com/1.1/account/verify_credentials.json"
+
+    module ControllerMethods
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+        def twitter_oauth_echo_authenticate_with(provider, options = {})
+          before_action(options) do
+            authenticate_with_twitter_oauth_echo
+          end
+        end
+      end
+
+      def authenticate_with_twitter_oauth_echo
+        provider = request.headers["X-Auth-Service-Provider"]
+        credentials = request.headers["X-Verify-Credentials-Authorization"]
+        unless provider == TWITTER_PROVIDER && credentials
+          raise Aclog::Exceptions::OAuthEchoUnauthorized
+        end
+
+        Aclog::TwitterOauthEchoAuthentication.authenticate(provider, credentials)
+      end
+    end
+
+    def authenticate(provider, credentials)
+      res = open(provider, "Authorization" => credentials)
+      status = res.status[0].to_i
+      json = JSON.parse(res.read)
+      res.close
+
+      json["id"]
+    rescue => e
+      raise Aclog::Exceptions::OAuthEchoUnauthorized
+    end
+  end
+end
+