0

Hi I am creating an application that uses devise for sessions however when I attempt to create a post that belongs to the current user I get this error, I don't understand why and when I tried to hardcode the user_id, I still get the error, any help will be appreciated

Completed 401 Unauthorized in 1ms (ActiveRecord: 0.0ms | Allocations: 224)

CreatePosts.js

import React, { useState } from 'react'
import { AiOutlinePicture } from "react-icons/ai";
import { BiArrowBack } from "react-icons/bi";

const CreatePost = ({setShowPost, currUser}) => {

  

   const handleSubmit = (e) => {

       e.preventDefault()

       const formData = new FormData();

       formData.append("post[description]", e.target.description.value);


       formData.append("post[image]", e.target.image.files[0] );

       formData.append("post[user_id]", currUser.id );



       


       postData(formData)
     
   }



   const postData = (formData) => {


    fetch('http://localhost:3000/posts', {
      method: "POST",
      body: formData,
    }).then((response) => response.json())
    .then((data) => {
      
      console.log(data);
      

    }).catch((error) => console.log(error));

   };

   

  return (
    <div className='postCreateBackground'>

      
      <div className='x' onClick = {() => setShowPost(false)}>X</div>
      
     
      <h1>Choose a photo to post</h1>

      < AiOutlinePicture className='createPic'/>

      <form onSubmit={(e) => handleSubmit(e)} className = "postForm">
        <input type = "file" name = "image" id = "image" />

        <textarea type = "text" name = "description" id = "description" 
         placeholder='add description' className='secondInput' />
     

        <button type = "submit" className='firstSubmitButton'>Submit</button>
      </form>
      </div>

     

     
          

  
  )
}

export default  CreatePost

user.rb

class User < ApplicationRecord
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :validatable,
         :jwt_authenticatable, jwt_revocation_strategy: JwtDenylist


         has_many :posts, foreign_key: :user_id, dependent: :destroy
end

posts_controller.rb

class PostsController < ApplicationController
  include ActiveStorage::SetCurrent

  before_action :authenticate_user!
  before_action :set_post, only: %i[ show update destroy ]

  # GET /posts
  def index
    @posts = Post.all

    render json: @posts.map { |post| post.as_json(include: :image).merge(image: post.image.url) }
  end

  # GET /posts/1
  def show
    render json: @post.as_json(include: :image).merge(
      image: @post.image.url
    )
  end

  # POST /posts
  def create
    @post = current_user.posts.build post_params

    if @post.save
      render json: @post, status: :created, location: @post
    else
      render json: @post.errors, status: :unprocessable_entity
    end
  end

  # PATCH/PUT /posts/1
  def update
    if @post.update(post_params)
      render json: @post
    else
      render json: @post.errors, status: :unprocessable_entity
    end
  end

  # DELETE /posts/1
  def destroy
    @post.destroy
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_post
      @post = current_user.posts.find params[:id]
    end

    # Only allow a list of trusted parameters through.
    def post_params
      params.require(:post).permit(:description, :image, :user_id)
    end
end
CoolGuy
  • 99
  • 7
  • 1
    I imagine you are missing the authenticity token that's required for the CSRF protection https://guides.rubyonrails.org/security.html#cross-site-request-forgery-csrf, check this, you might need to adapt it to react but it shows you where to get the token and how to add that https://stackoverflow.com/questions/7560837/proper-way-to-send-an-authenticity-token-with-ajax-to-rails – arieljuod Mar 17 '23 at 02:58

0 Answers0