1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
class Api < Grape::API
content_type :json, "application/json"
default_format :json
formatter :json, Grape::Formatter::Rabl
error_formatter :json, ->(message, backtrace, options, env) do
{ error: { message: message } }.to_json
end
rescue_from ActiveRecord::RecordNotFound, Aclog::Exceptions::NotFound, rescue_subclasses: true do
error_response message: "That page does not exists.", status: 404
end
rescue_from Aclog::Exceptions::Forbidden, rescue_subclasses: true do
error_response message: "You do not have permission to access this page.", status: 403
end
rescue_from Aclog::Exceptions::OAuthEchoError, rescue_subclasses: true do
error_response message: "Invalid OAuth Echo data.", status: 401
end
rescue_from :all
helpers TwitterOauthEchoAuthentication
helpers do
def session
env[Rack::Session::Abstract::ENV_SESSION_KEY]
end
def current_user
@_current_user ||= begin
if session.key?(:api_user_id)
User.find(session[:api_user_id])
elsif headers["X-Verify-Credentials-Authorization"]
user_id = authenticate_with_twitter_oauth_echo
session[:api_user_id] = user_id
User.find(user_id)
end
end
end
def permitted_to_see?(user_or_tweet)
user_or_tweet.is_a?(User) ?
!user_or_tweet.protected? || current_user.try(:permitted_to_see?, user_or_tweet) :
!user_or_tweet.user.protected? || current_user.try(:permitted_to_see?, user_or_tweet.user)
end
end
mount ApiTweets
mount ApiUsers
route :any, "*path", ignore: true do
raise Aclog::Exceptions::NotFound
end
end
|
