gpt4 book ai didi

ruby-on-rails - 如何使用带有 ActionCable 的 devise_token_auth 来验证用户?

转载 作者:行者123 更新时间:2023-12-04 05:52:24 25 4
gpt4 key购买 nike

我有一个带有 devise_token_auth gem 的 Rails 5 API认证。

现在我想要为经过身份验证的用户进行个人聊天。我没有 Assets ,因为我使用 API 并且前端在 native 应用程序中,我想要 native 应用程序消息传递。

那么我如何使用 devise_token_auth gem 验证用户以使用 action cable 进行个人消息传递

最佳答案

Rails 5 API 通常不支持 cookie。见:http://guides.rubyonrails.org/api_app.html#creating-a-new-application .

如果您首先在您站点的某处进行常见的 HTTP 身份验证(使用 devise_token_auth gem),那么您将获得 3 个身份验证 header - access_token , client , uid .

在这种情况下,您可以使用以下 3 个身份验证 header 对 Websockets 连接使用基本身份验证(根据 https://devcenter.heroku.com/articles/websocket-security#authentication-authorization):

调用(我使用 Chrome Simple WebSocket Client ):

ws://localhost:3000/cable/?access-token=ZigtvvcKK7B7rsF_20bGHg&client=TccPxBrirWOO9k5fK4l_NA&uid=client1@example.com

然后处理:
# Be sure to restart your server when you modify this file. Action Cable runs in an EventMachine loop that does not support auto reloading.
module ApplicationCable
class Connection < ActionCable::Connection::Base
identified_by :current_user

def connect

params = request.query_parameters()

access_token = params["access-token"]
uid = params["uid"]
client = params["client"]

self.current_user = find_verified_user access_token, uid, client
logger.add_tags 'ActionCable', current_user.email
end


protected

def find_verified_user token, uid, client_id # this checks whether a user is authenticated with devise

user = User.find_by email: uid
# http://www.rubydoc.info/gems/devise_token_auth/0.1.38/DeviseTokenAuth%2FConcerns%2FUser:valid_token%3F
if user && user.valid_token?(token, client_id)
user
else
reject_unauthorized_connection
end
end
end
end

这类似于常见的 Websockets auth https://rubytutorial.io/actioncable-devise-authentication/

这样的身份验证可能就足够了。我相信是 不是 还需要在 channel 订阅和发送到服务器的每个 Websocket 消息上进行身份验证:

http://guides.rubyonrails.org/action_cable_overview.html#server-side-components-connections

For every WebSocket accepted by the server, a connection object is instantiated. This object becomes the parent of all the channel subscriptions that are created from there on. The connection itself does not deal with any specific application logic beyond authentication and authorization.



因此,如果您的连接是 identified_by :current_user ,您可以稍后访问 current_user在您的任何地方 FooChannel < ApplicationCable::Channel !例子:
class AppearanceChannel < ApplicationCable::Channel
def subscribed

stream_from "appearance_channel"

if current_user

ActionCable.server.broadcast "appearance_channel", { user: current_user.id, online: :on }

current_user.online = true

current_user.save!

end


end

def unsubscribed

if current_user

# Any cleanup needed when channel is unsubscribed
ActionCable.server.broadcast "appearance_channel", { user: current_user.id, online: :off }

current_user.online = false

current_user.save!

end


end

end

PS我你想在Rails 5 API中使用cookies,你可以打开它:

http://guides.rubyonrails.org/api_app.html#other-middleware

配置/应用程序.rb
config.middleware.use ActionDispatch::Cookies

http://guides.rubyonrails.org/api_app.html#adding-other-modules

Controller /api/application_controller.rb
class Api::ApplicationController < ActionController::API

include ActionController::Cookies
...

关于ruby-on-rails - 如何使用带有 ActionCable 的 devise_token_auth 来验证用户?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39741120/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com