module Dunlop module Ember class ApplicationController < ActionController::Base protect_from_forgery with: :exception before_action :authenticate_user_from_token! before_action :authenticate_user! def ember_path app_globals = {} if adapter_name = params[:adapter].to_s.scan(/\w+/).first.presence app_index = Rails.root.join("public/adapters/#{adapter_name}/app/index.html") return render text: 'unauthorized, no adapter engine', status: 403 unless adapter = Panda.adapters[adapter_name] #app_globals = adapter.settings # load through request instead. More stable then changing environments unless Rails.application.config.try(:loose_ember_app_authorization) return render text: 'unauthorized, no adapter engine', status: 403 unless current_user.admin? or authorize!(:read, adapter.engine) end else app_index = Rails.root.join('public/app/index.html') end Rails.logger.info "Loading ember app for path '#/#{params[:rest]}' adapter: '#{params[:adapter].presence || 'main_app'}'" if app_index.exist? index_html = app_index.read.to_s app_globals[:flash] = flash.to_h if flash.present? index_html.sub! 'app_globals={}', "app_globals=#{app_globals.to_json}" if app_globals.present? render html: index_html.html_safe else render html: "App file #{app_index} not found".html_safe end end rescue_from CanCan::AccessDenied do if request.format.json? head 403 else render 'application/403', status: 403 end end private def authenticate_user_from_token! # https://romulomachado.github.io/2015/09/28/using-ember-simple-auth-with-devise.html authenticate_with_http_token do |token, options| user_email = options[:email].presence user = user_email && User.find_by_email(user_email) if user && Devise.secure_compare(user.authentication_token, token) sign_in user, store: false end end end end end end