api stuffs (#1069)

* Update restful_controller.rb

* Update tokens_controller.rb

* /tokens/new form

* thats all

app/controllers/api/v2/restful_controller.rb

@@ -5,7 +5,6 @@ module Api
       include Pundit
       include PunditExtra
 
-      protect_from_forgery with: :exception
       snorlax_used_rest!
 
       before_action :load_resource, only: [:show, :update, :destroy]
@@ -46,7 +45,7 @@ module Api
       end
 
       def current_user
-        token_user || doorkeeper_user || super
+        token_user || doorkeeper_user
       end
 
       def load_resource

app/controllers/api/v2/tokens_controller.rb

@@ -2,6 +2,8 @@
 module Api
   module V2
     class TokensController < RestfulController
+      protect_from_forgery
+
       def searchable_columns
         [:description]
       end
@@ -18,6 +20,12 @@ module Api
         create_action
         respond_with_resource
       end
+
+      private
+
+      def current_user
+        token_user || doorkeeper_user || method(:current_user).super_method.super_method.call
+      end
     end
   end
 end

app/controllers/tokens_controller.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+class TokensController < ApplicationController
+  before_action :require_user, only: [:new]
+
+  def new
+    @token = Token.new(user: current_user)
+    render :new, layout: false
+  end
+end

app/views/tokens/new.html.erb

@@ -0,0 +1,5 @@
+<%= form_for @token, url: '/api/v2/tokens', method: :post do |form| %>
+  <h4>Request new API Token</h4>
+  <%= form.text_field :description, placeholder: "Token description..." %>
+  <%= form.submit %>
+<% end %>

config/routes.rb

@@ -89,6 +89,8 @@ Metamaps::Application.routes.draw do
     end
   end
 
+  resources :tokens, only: [:new]
+
   devise_for :users, skip: :sessions, controllers: {
     registrations: 'users/registrations',
     passwords: 'users/passwords',