0

I am a bit confused on this. I am a bit new to rails API's. When a user visits www.example.com/products - he should still be able to view the normal webpage, but if he requests www.example.com/products.json, he should authenticate with a token, otherwise it should be denied access. in a normal rails app, we can either GET /pins or /pins.JSON by default like below:

But what if I want to authenticate only GET /pins.JSON or anything for that matter something.JSON ? is this possible somehow?

I did have a look at rails_api gem to some tutorials suggest creating rails app with rails_api, which creates the entire app as an API without normal webpage access.

Can anyone please suggest if its possible the way I want? 

class PinsController < ApplicationController
      before_action :set_pin, only: [:show, :edit, :update, :destroy]
      before_action :authenticate_user! , except: [:index, :show]
      before_action :correct_user , only: [:edit, :udpate, :destroy]

      # GET /pins
      # GET /pins.json
      def index
        @pins = Pin.all.order("created_at DESC").paginate(:page => params[:page])
      end

      def show
      end

      def new
        @pin = current_user.pins.build
      end

      def edit
      end

      # POST /pins
      # POST /pins.json
      def create
        @pin = current_user.pins.build(pin_params)
        respond_to do |format|
          if @pin.save
            format.html { redirect_to @pin, notice: 'Pin was successfully created.' }
            format.json { render :show, status: :created, location: @pin }
          else
            format.html { render :new }
            format.json { render json: @pin.errors, status: :unprocessable_entity }
          end
        end
      end

      # PATCH/PUT /pins/1
      # PATCH/PUT /pins/1.json
      def update
        respond_to do |format|
          if @pin.update(pin_params)
            format.html { redirect_to @pin, notice: 'Pin was successfully updated.' }
            format.json { render :show, status: :ok, location: @pin }
          else
            format.html { render :edit }
            format.json { render json: @pin.errors, status: :unprocessable_entity }
          end
        end
      end

      # DELETE /pins/1
      # DELETE /pins/1.json
      def destroy
        @pin.destroy
        respond_to do |format|
          format.html { redirect_to pins_url, notice: 'Pin was successfully destroyed.' }
          format.json { head :no_content }
        end
      end

      private

        def set_pin
          @pin = Pin.find(params[:id])
        end

        def correct_user
        @pin = current_user.pins.find_by(id: params[:id])
        redirect_to pins_path, notice: "Not authorized to edit this pin" if @pin.nil?
        end


        # Never trust parameters from the scary internet, only allow the white list through.
        def pin_params
          params.require(:pin).permit(:description, :image)
        end
    end
Improve this question

1 Answer 1

Reset to default
1

the simplest way is to create a before_filter :authenticate_json and there enforce authentication in case json is requested

before_filter :authenticate_json

def authenticate_json
  if request.path_parameters[:format] == 'json'
    authenticate!
  end
end
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.