From 94a13ffca2c5179c94c5364da89aa5196c2ad5dc Mon Sep 17 00:00:00 2001
From: Pete Matsyburka <pete.matsy@gmail.com>
Date: Tue, 26 Dec 2023 01:19:28 +0200
Subject: [PATCH] do not use devise strategy for api auth

---
 app/controllers/api/api_base_controller.rb | 11 +++++++++++
 config/initializers/devise.rb              |  6 +-----
 lib/auth_with_token_strategy.rb            | 19 -------------------
 3 files changed, 12 insertions(+), 24 deletions(-)
 delete mode 100644 lib/auth_with_token_strategy.rb

diff --git a/app/controllers/api/api_base_controller.rb b/app/controllers/api/api_base_controller.rb
index acaef82f..0b1e7c64 100644
--- a/app/controllers/api/api_base_controller.rb
+++ b/app/controllers/api/api_base_controller.rb
@@ -33,6 +33,17 @@ module Api
       result
     end
 
+    def authenticate_user!
+      @current_user ||=
+        if request.headers['X-Auth-Token'].present?
+          sha256 = Digest::SHA256.hexdigest(request.headers['X-Auth-Token'])
+
+          User.joins(:access_token).find_by(access_token: { sha256: })
+        end
+
+      render json: { error: 'Not authenticated' }, status: :unauthorized unless current_user
+    end
+
     def current_account
       current_user&.account
     end
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 00d04479..ca340260 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -1,9 +1,5 @@
 # frozen_string_literal: true
 
-require_relative '../../lib/auth_with_token_strategy'
-
-Warden::Strategies.add(:auth_token, AuthWithTokenStrategy)
-
 Devise.otp_allowed_drift = 60.seconds
 
 # Assuming you have not yet modified this file, each configuration option below
@@ -279,7 +275,7 @@ Devise.setup do |config|
   #
   config.warden do |manager|
     # manager.intercept_401 = false
-    manager.default_strategies(scope: :user).unshift(:auth_token)
+    # manager.default_strategies(scope: :user).unshift(:auth_token)
   end
 
   # ==> Mountable engine configurations
diff --git a/lib/auth_with_token_strategy.rb b/lib/auth_with_token_strategy.rb
deleted file mode 100644
index 2238f073..00000000
--- a/lib/auth_with_token_strategy.rb
+++ /dev/null
@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-
-class AuthWithTokenStrategy < Devise::Strategies::Base
-  def valid?
-    request.headers['X-Auth-Token'].present?
-  end
-
-  def authenticate!
-    sha256 = Digest::SHA256.hexdigest(request.headers['X-Auth-Token'])
-
-    user = User.joins(:access_token).find_by(access_token: { sha256: })
-
-    if user
-      success!(user)
-    else
-      fail!('Invalid token')
-    end
-  end
-end