Use a static user authorization token for now. Create the stubs for GET and POST API calls.

app/controllers/reposts_controller.rb

@@ -29,22 +29,28 @@ class RepostsController < ApplicationController
     # ...
   end
 
-  # TODO rework from file handling to use of 'reposts' model.
+  # TODO: to secure the cronjob call test for 'InvokationPassword' header.
+  #       store this password in client.yml for comparison
+  # crontab: curl -H 'InvokationPassword: ...' http://localhost/reposts/new
   def new
-    # retrieve latest repost
-    # TODO: select max(postid) from reposts;
-    #history = YAML.load('history.yml', :safe => true)
-    #lastrepostid = history["lastrepost"]
-    #latestid = lastrepostid
-    # fetch all mentions since last one
-    ## API - fetch( since_id=previous max_id )
+    # get user auth token
+    access_token = Repost.obtain_user_token
+
+    # retrieve latest reposts. this uses the real ADN stream.
+    # TODO: do so: select max(postid) from reposts;
+
+    # retrieve new mentions.
+    # TODO restrict to: fetch( since_id=previous max_id )
+    res = Repost.get_mentions_stream(access_token)
+
+    # TODO: res.body contains the mentions in JSON. Proceed from there.
     #new_mentions.each do | post |
-      ## API - repost(post)
+      ## API - repost(post) # http://developers.app.net/docs/resources/post/reposts/
+      #repost_uri = "https://alpha-api.app.net/stream/0/posts/" + post.id + "/repost"
       #latestid = post.id
     #end
-    
-    # store latest repost for next time
+
+    # store all reposts locally for later reuse.
     # TODO insert into reposts values("karlsruher", post.id, latestid)
-    redirect_to ERB::Util.url_encode("https://account.app.net/oauth/authenticate?client_id=aeTtXn6khX4XwvqHYH4J3xzzjDQmW5TJ&response_type=code&redirect_uri=https://alpha.app.net/karlsruher&scope=stream")
   end
 end

app/models/repost.rb

@@ -1,2 +1,58 @@
+require 'uri'
+require 'net/https'
+
 class Repost < ActiveRecord::Base
+  # Returns the user auth token.
+  # FIXME Eventually, this needs to be reworked to use the real auth workflow.
+  # FIXME see http://developers.app.net/docs/authentication/flows/web/#server-side-flow
+  def self.obtain_user_token
+    config = YAML.load_file('config/client.yml')
+    config["user_token"]
+  end
+
+  # Get authorized user's stream. The topmost post should be the latest repost.
+  # http://developers.app.net/docs/resources/post/streams/#retrieve-posts-created-by-a-user
+  def self.get_user_posts(access_token)
+    uri = "https://alpha-api.app.net/stream/0/users/me/posts"
+    self.make_api_call(uri, access_token)
+  end
+
+
+  # http://developers.app.net/docs/resources/post/streams/#retrieve-posts-mentioning-a-user
+  def self.get_mentions_stream(access_token)
+    uri = "https://alpha-api.app.net/stream/0/users/me/mentions"
+    self.make_api_get_call(uri, access_token)
+  end
+
+
+  def self.make_api_get_call(uri_string, access_token)
+    # uri = URI("https://alpha-api.app.net/stream/0/users/me/mentions")
+    uri = URI(uri_string)
+    http = Net::HTTP.new(uri.host, uri.port)
+    http.use_ssl = true
+    headers = {
+      'Authorization' => "Bearer " + access_token
+    }
+    response = http.get(uri.path, headers)
+    return response
+  end
+
+  def self.make_api_post_call(uri_string, form_data, access_token)
+    # uri = URI('https://alpha-api.app.net/stream/0/posts')
+    uri = URI(uri_string)
+    http = Net::HTTP.new(uri.host, uri.port)
+    http.use_ssl = true
+    headers = {
+      'Authorization' => "Bearer " + access_token
+    }
+    path = uri.path.empty? ? "/" : uri.path
+    response = http.post(path, form_data, headers)
+    case response
+    when Net::HTTPSuccess, Net::HTTPRedirection
+      puts "=== response OK"
+    else
+      # / value = " + response.value
+      puts "=== response NOT OK" 
+    end
+  end
 end

config/client.yml_sample

@@ -1,2 +1,3 @@
 client_id: place your (public) client id here.
 client_secret: place your (private) client secret here.
+user_token: place your (temporary) user authorization token here.