Using authlogic_api for Rails REST API access

Question

I am writing a Rails back-end API for a Steam game that is only accessed via REST calls, so no user-specific authentication is required. I am trying to implement the authlogic_a

Answer 1

Solved this by following the Authlogic example, and just substituting a ClientAccount model for the User model. So in my Application controller I have:

before_filter :require_client

def require_client
  unless current_client
    store_location
    render :text => 'Authentication failed', :status => 401
    return false
  end
end

def require_no_client
  if current_client
    store_location
    render :text => 'Client session already exists', :status => 401
    return false
  end
end

def current_client_session
  return @current_client_session if defined?(@current_client_session)
  @current_client_session = ClientSession.find
end

def current_client
  return @current_client if defined?(@current_client)
  @current_client = current_client_session && current_client_session.record
end

The ClientAccount model acts_as_authentic, and the ClientSession model handles creating and destroying the sessions for Authlogic (authenticate_with ClientAccount):

class ClientSessionsController < ApplicationController
  before_filter :require_no_client, :only => [:new, :create]
  before_filter :require_client, :only => :destroy

  def new
    @client_session = ClientSession.new
  end

  def create
    @client_session = ClientSession.new(params[:client_session])
    if @client_session.save
      redirect_back_or_default account_url
    else
      render :action => :new
    end
  end

  def destroy
    current_client_session.destroy
    redirect_back_or_default new_client_session_url
  end
end

This solution has worked well, as we're able to generate different API key/signature combos for different clients, which gives us additional usage data. The only "gotcha" is if you're doing something like a multipart file upload, since the POST hash uses the raw POST data.