classTableUsersController < ApplicationControllerdefcreate#Creating a user.@user=User.new(user_params)# If user successfully created,if@user.save#Generate a unique token and store in authorization tabletoken_string=UserAuthorizationToken.generate_auth_token@token=UserAuthorizationToken.new(token: token_string,user_id: @user.id)if@token.save#send the token, email, and user id to the client.login(@user)renderjson: {@user.email,@user.id,token: token}#client can then store the token in localStorage or use rails sessionendendend
Api controller
1) before any other methods, require that a user is logged in.
2) If logged in, proceed with controller actions (unfinished)
classApiController < ApplicationController#before accessing other API controller methods, require loginbefore_action:require_loginprivatedefrequire_loginunlesslogged_in?flash[:error]="You must be logged in to access this section"redirect_to"/login"endend
Applications Controller
1) Use Session object to verify a user.
2) Alternative, store a token in browser. (e.x. localStorage)