30f3ecc6ad
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com> This commit refactors the entire application to replace the 'parties' concept with 'events'. All controllers, models, views, and related files have been updated to reflect this change. The parties table has been replaced with an events table, and all related functionality has been updated accordingly.
25 lines
906 B
Ruby
Executable File
25 lines
906 B
Ruby
Executable File
# Base controller for API endpoints
|
|
# Provides authentication and common functionality for API controllers
|
|
class ApiController < ApplicationController
|
|
# Disable CSRF protection for API requests (token-based authentication instead)
|
|
protect_from_forgery with: :null_session
|
|
|
|
# Authenticate all API requests using API key
|
|
# Must be called before any API action
|
|
before_action :authenticate_api_key
|
|
|
|
private
|
|
|
|
# Authenticates API requests using X-API-Key header or api_key parameter
|
|
# Returns 401 Unauthorized if key is invalid or missing
|
|
def authenticate_api_key
|
|
# Extract API key from header or query parameter
|
|
api_key = request.headers["X-API-Key"] || params[:api_key]
|
|
|
|
# Validate against hardcoded key (in production, use environment variable)
|
|
unless api_key == "aperonight-api-key-2025"
|
|
render json: { error: "Unauthorized" }, status: :unauthorized
|
|
end
|
|
end
|
|
end
|