7 files changed, 46 insertions, 17 deletions

diff --git a/app/controllers/v1/certs_controller.rb b/app/controllers/v1/certs_controller.rb
index b6d1d0b..68d6586 100644
--- a/app/controllers/v1/certs_controller.rb
+++ b/app/controllers/v1/certs_controller.rb
@@ -1,4 +1,4 @@
-class V1::CertsController < ApplicationController
+class V1::CertsController < ApiController
 
   before_filter :require_login, :unless => :anonymous_certs_allowed?
 
diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/v1/configs_controller.rb
new file mode 100644
index 0000000..accdf5a
--- /dev/null
+++ b/app/controllers/v1/configs_controller.rb
@@ -0,0 +1,34 @@
+class V1::ConfigsController < ApiController
+  include ControllerExtension::JsonFile
+
+  before_filter :require_login
+  before_filter :sanitize_filename, only: :show
+  before_filter :fetch_file, only: :show
+
+  def index
+    render json: {services: service_paths}
+  end
+
+  def show
+    send_file
+  end
+
+  SERVICES = {
+    soledad: "soledad-service.json",
+    eip: "eip-service.json",
+    smtp: "smtp-service.json"
+  }
+
+  protected
+
+  def service_paths
+    Hash[SERVICES.map{|k,v| [k,"/1/configs/#{v}"] } ]
+  end
+
+  def sanitize_filename
+    @filename = params[:id].downcase
+    @filename += '.json' unless @filename.ends_with?('.json')
+    access_denied unless SERVICES.values.include? name
+    @filename = Rails.root.join('public', '1', 'config', @filename)
+  end
+end
diff --git a/app/controllers/v1/messages_controller.rb b/app/controllers/v1/messages_controller.rb
index 85156b7..a9b93a9 100644
--- a/app/controllers/v1/messages_controller.rb
+++ b/app/controllers/v1/messages_controller.rb
@@ -1,10 +1,7 @@
 module V1
-  class MessagesController < ApplicationController
+  class MessagesController < ApiController
 
-    skip_before_filter :verify_authenticity_token
-    before_filter :require_token
-
-    respond_to :json
+    before_filter :require_login
 
     def index
       render json: current_user.messages
diff --git a/app/controllers/v1/services_controller.rb b/app/controllers/v1/services_controller.rb
index 594940e..114870f 100644
--- a/app/controllers/v1/services_controller.rb
+++ b/app/controllers/v1/services_controller.rb
@@ -1,6 +1,4 @@
-class V1::ServicesController < ApplicationController
-
-  respond_to :json
+class V1::ServicesController < ApiController
 
   def show
     respond_with current_user.effective_service_level
diff --git a/app/controllers/v1/sessions_controller.rb b/app/controllers/v1/sessions_controller.rb
index d88fcdc..a343d9b 100644
--- a/app/controllers/v1/sessions_controller.rb
+++ b/app/controllers/v1/sessions_controller.rb
@@ -1,8 +1,7 @@
 module V1
-  class SessionsController < ApplicationController
+  class SessionsController < ApiController
 
-    skip_before_filter :verify_authenticity_token
-    before_filter :require_token, only: :destroy
+    before_filter :require_login, only: :destroy
 
     def new
       @session = Session.new
diff --git a/app/controllers/v1/smtp_certs_controller.rb b/app/controllers/v1/smtp_certs_controller.rb
index 377a49c..fa53b26 100644
--- a/app/controllers/v1/smtp_certs_controller.rb
+++ b/app/controllers/v1/smtp_certs_controller.rb
@@ -1,4 +1,4 @@
-class V1::SmtpCertsController < ApplicationController
+class V1::SmtpCertsController < ApiController
 
   before_filter :require_login
   before_filter :require_email_account
diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb
index abaefd8..bfa04fc 100644
--- a/app/controllers/v1/users_controller.rb
+++ b/app/controllers/v1/users_controller.rb
@@ -1,10 +1,10 @@
 module V1
-  class UsersController < UsersBaseController
+  class UsersController < ApiController
+    include ControllerExtension::FetchUser
 
-    skip_before_filter :verify_authenticity_token
     before_filter :fetch_user, :only => [:update]
     before_filter :require_admin, :only => [:index]
-    before_filter :require_token, :only => [:update]
+    before_filter :require_login, :only => [:index, :update]
     before_filter :require_registration_allowed, only: :create
 
     respond_to :json
@@ -29,11 +29,12 @@ module V1
       respond_with @user
     end
 
+    protected
+
     def require_registration_allowed
       unless APP_CONFIG[:allow_registration]
         head :forbidden
       end
     end
-
   end
 end