Ruby pe Rails 4: autentificare API cu Devise

Ruby este un limbaj de programare orientat-obiect, dinamic, ușor de citit și implementat. Află cum poți implementa cod.
Scrie răspuns
Avatar utilizator
specialist it
Mesaje: 207
Membru din: 28 Iun 2017, 16:39
7
Contact:

Ruby pe Rails 4: autentificare API cu Devise

Mesaj de specialist it »

Salut,

Mai jos regăsiți un alt cod sample preluat de pe GitHub de la skozz / devise_authentication_api.rb. Citiți comentariile:

Cod: Selectaţi tot

#Session controller provides a token
#/controllers/api/sessions_controller.rb
class Api::SessionsController < Devise::SessionsController
  before_filter :authenticate_user!, :except => [:create]
  before_filter :ensure_params_exist, :except => [:destroy]
  respond_to :json

  def create
    resource = User.find_for_database_authentication(:email => params[:user_login][:email])
    return invalid_login_attempt unless resource

    if resource.valid_password?(params[:user_login][:password])
      sign_in(:user, resource)
      resource.ensure_authentication_token!
      render :json=> {:auth_token=>resource.authentication_token, :email=>resource.email}, :status => :ok
      return
    end
    invalid_login_attempt
  end

  def destroy
    resource = User.find_by_authentication_token(params[:auth_token]||request.headers["X-AUTH-TOKEN"])
    resource.authentication_token = nil
    resource.save
    sign_out(resource_name)
    render :json => {}.to_json, :status => :ok
  end

  protected
  def ensure_params_exist
    return unless params[:user_login].blank?
    render :json=>{:message=>"missing user_login parameter"}, :status=>422
  end

  def invalid_login_attempt
    render :json=> {:message=>"Error with your login or password"}, :status=>401
  end
end

#Base controller which inherited by every api controller 
#/controllers/api/base_controller.rb
class Api::BaseController < InheritedResources::Base
  before_filter :authenticate_user!
  prepend_before_filter :get_auth_token

  respond_to :xml, :json

  private
  def get_auth_token
    if auth_token = params[:auth_token].blank? && request.headers["X-AUTH-TOKEN"]
      params[:auth_token] = auth_token
    end
  end
end

#Your resources controllers
#/controllers/api/v1/products_controller.rb
module Api
  module V1
    class ProductsController < Api::BaseController
    end
  end
end

#Routes
  namespace :api, :defaults => {:format => 'json'} do
    devise_for :users
    namespace :v1 do
      resources :products
    end
  end

#*** How to get a token: well, you have to provide email and password ***
#with curl
curl -d "user_login[email][email protected]&user_login[password]=yourpassword" http://localhost:3001/api/users/sign_in --noproxy localhost
{"email":"[email protected]","success":true,"auth_token":"G3xbSrS4uqLU484eUw9h"}

#with HTTPClient
clnt = HTTPClient.new
res = clnt.post("http://localhost:3001/api/users/sign_in", {"user_login[email]" => "[email protected]", "user_login[password]" => "yourpassword"})
auth_token = JSON(res.body)["auth_token"]
=> "G3xbSrS4uqLU484eUw9h"


#*** How to get data using the token ***
#with curl
curl -H "X-AUTH-TOKEN: G3xbSrS4uqLU484eUw9h" http://localhost:3001/api/v1/products/1 --noproxy localhost --get

#with HTTPClient gem
clnt = HTTPClient.new
clnt.get("http://localhost:3001/api/v1/products/1", nil, {"X-AUTH-TOKEN" => "G3xbSrS4uqLU484eUw9h"}).content


#*** At the end, remove the access token ***
#with curl
curl -X DELETE -H "X-AUTH-TOKEN: G3xbSrS4uqLU484eUw9h" http://localhost:3001/api/users/sign_out

#with HTTPClient gem
clnt.delete("http://localhost:3001/api/users/sign_out", {"X-AUTH-TOKEN" => "G3xbSrS4uqLU484eUw9h"})


Pentru întrebări, vă stăm la dispoziție.

Autor thread: stefanciprian, Echipa Specialişti IT

Mulțumesc
Moderator și Specialist IT
Scrie răspuns