app/controllers/eis_billing/base_controller.rb
module EisBilling
class BaseController < ApplicationController
protect_from_forgery with: :null_session
skip_authorization_check # Temporary solution
# skip_before_action :verify_authenticity_token # Temporary solution
before_action :authorized
INITIATOR = 'billing'.freeze
def encode_token(payload)
JWT.encode(payload, ENV['secret_word'])
end
def auth_header
# { Authorization: 'Bearer <token>' }
request.headers['Authorization']
end
def decoded_token
return unless auth_header
token = auth_header.split(' ')[1]
begin
JWT.decode(token, billing_secret_key, true, algorithm: 'HS256')
rescue JWT::DecodeError
nil
end
end
def accessable_service
return decoded_token[0]['initiator'] == INITIATOR if decoded_token
false
end
def logged_in?
!!accessable_service
end
def authorized
render json: { message: 'Access denied' }, status: :unauthorized unless logged_in?
end
def billing_secret_key
ENV['billing_secret']
end
def logger
Rails.logger
end
end
end