SECRET_KEY = Rails.application.secrets.secret_key_base.to_s
def encode(payload, exp = 24.hours.from_now)
payload[:exp] = exp.to_i
JWT.encode(payload, SECRET_KEY)
end
def decode(token)
decoded = JWT.decode(token, SECRET_KEY)[0]
HashWithIndifferentAccess.new decoded
end
def authorize_request
header = request.headers['Authorization']
header = header.split(' ').last if header
begin
@decoded = decode(header)
@current_user = User.find(@decoded[:id])
rescue ActiveRecord::RecordNotFound => e
render json: { errors: e.message }, status: :unauthorized
rescue JWT::DecodeError => e
render json: { errors: e.message }, status: :unauthorized
end
end
end
class VolunteersController < ApplicationController
before_action :set_volunteer, only: %i[ show update destroy ]
before_action :authorize_request, except: [:show]
before_action :set_event, only: %i[index, create]
# GET events/event_id/volunteers
def index
@volunteers = Volunteer.where(event: @event)
render json: @volunteers
end
# GET /volunteers/1
def show
render json: @volunteer
end
# POST /volunteers
def create
@volunteer = Volunteer.new(volunteer_params)
@volunteer.user = current_user
@volunteer.event = @event
if @volunteer.save
render json: @volunteer, status: :created, location: @volunteer
else
render json: @volunteer.errors, status: :unprocessable_entity
end
end
# PATCH/PUT /volunteers/1
def update
if @volunteer.update(volunteer_params)
render json: @volunteer
else
render json: @volunteer.errors, status: :unprocessable_entity
end
end
# DELETE /volunteers/1
def destroy
@volunteer.destroy
end
private
# Use callbacks to share common setup or constraints between actions.
def set_event
@event = Event.find(params[:event_id])
end
def set_volunteer
@volunteer = Volunteer.find(params[:id])
end
# Only allow a list of trusted parameters through.
def volunteer_params
params.require(:volunteer).permit(:first_name, :last_name, :email, :message)
end
end