设计和简单令牌验证的子域身份验证
问题描述:
我很难搞清楚如何正确子域我的API。我希望它住在api.mydomain.com。我在我的hosts文件中添加了127.0.0.1 api.mydomain.com
。 我一直坚持如何构建身份验证模块,以及如何真正实现身份验证。我使用Devise与Simple Token Authentication宝石。设计和简单令牌验证的子域身份验证
我的控制器的文件夹结构如下:
├── controllers
├── api
│ ├── api_controller.rb
│ └── v1
│ ├── emails_controller.rb
│ ├── entries_controller.rb
│ ├── exception_controller.rb
│ ├── registrations_controller.rb
│ ├── sessions_controller.rb
│ └── timelines_controller.rb
├── application_controller.rb
├── concerns
我的路线方案:
namespace :api, path: '/', constraints: {subdomain: 'api'} do
namespace :v1 do
devise_for :users, :skip => [:sessions, :registrations, :passwords]
devise_scope :user do
post 'login' => 'sessions#create', :as => :login
delete 'logout' => 'sessions#destroy', :as => :logout
post 'register' => 'registrations#create', :as => :register
delete 'delete_account' => 'registrations#destroy', :as => :delete_account
end
resources :timelines do
resources :entries
end
end
end
我自SessionsController被定义为:
class API::V1::SessionsController < Devise::SessionsController
...
end
,所以是我的自定义注册控制器。 但运行我的测试时:
it 'creates a new user with correct credentials' do
post 'http://api.mydomain.com:3000/v1/register', format: :json, :user => {email: '[email protected]', password: 'TestPass123', password_confirmation: 'TestPass123', username: 'testuser'}
...
end
我得到以下错误:
Failure/Error: post 'http://api.mydomain.com:3000/v1/register', format: :json, :user => {email: '[email protected]', password: 'TestPass123', password_confirmation: 'TestPass123', username: 'testuser'}
AbstractController::ActionNotFound:
Could not find devise mapping for path "/v1/register".
This may happen for two reasons:
1) You forgot to wrap your route inside the scope block. For example:
devise_scope :user do
get "/some/route" => "some_devise_controller"
end
2) You are testing a Devise controller bypassing the router.
If so, you can explicitly tell Devise which mapping to use:
@request.env["devise.mapping"] = Devise.mappings[:user]
难道我连这样的权利?你应该认证版本吗?对不同解决方案的建议更是值得欢迎。
答
原来,这条线
devise_for :users, :skip => [:sessions, :registrations, :passwords]
需要是命名空间块等这样的外部:
devise_for :users, :skip => [:sessions, :registrations, :passwords]
constraints subdomain: 'api' do
namespace :api, path: '/', defaults: { format: :json } do
namespace :v1 do
devise_scope :user do
post 'login' => 'sessions#create', :as => :login
delete 'logout' => 'sessions#destroy', :as => :logout
post 'register' => 'registrations#create', :as => :register
delete 'delete_account' => 'registrations#destroy', :as => :delete_account
end
resources :timelines do
resources :entries
end
end
end
end