Feature: Access tokens for API access (#604)

Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com>

app/controllers/api/base_controller.rb

@@ -1,9 +1,16 @@
 class Api::BaseController < ApplicationController
+  include AccessTokenAuthHelper
   respond_to :json
-  before_action :authenticate_user!
+  before_action :authenticate_access_token!, if: :authenticate_by_access_token?
+  before_action :validate_bot_access_token!, if: :authenticate_by_access_token?
+  before_action :authenticate_user!, unless: :authenticate_by_access_token?
 
   private
 
+  def authenticate_by_access_token?
+    request.headers[:api_access_token].present?
+  end
+
   def set_conversation
     @conversation ||= current_account.conversations.find_by(display_id: params[:conversation_id])
   end

app/controllers/api/v1/accounts/widget/inboxes_controller.rb

@@ -1,4 +1,4 @@
-class Api::V1::Widget::InboxesController < Api::BaseController
+class Api::V1::Accounts::Widget::InboxesController < Api::BaseController
   before_action :authorize_request
   before_action :set_web_widget_channel, only: [:update]
   before_action :set_inbox, only: [:update]