class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
before_action :validate_session, except: [ :nothing ]
# TODO: use devise or rails or whatever to implement a real session system
# for now just make hashes of data and store metadata by token
@@sessions = {}
rescue_from Exception do |exception|
if Rails.env.development?
error = {message:exception.message}
error[:application_trace] = Rails.backtrace_cleaner.clean(exception.backtrace)
error[:full_trace] = exception.backtrace
puts error
render :text => error, :status => 500
else
render :text => "Internal server error.", :status => 500
end
end
def nothing
render :nothing => 'true'
end
protected
def json_request?
request.format == 'application/json'
end
def validate_session
# look for the magic cookie
session_key = cookies[:hws_token]
@current_session = @@sessions[session_key]
head 403 and return false if @current_session.nil?
if @current_session[:expires] < DateTime.current
puts 'Expiring session ' + @current_session
@current_session = nil
@@sessions.delete(session_key)
redirect_to login, status: 403 and return false
end
# TODO: check other metadata
end
end