在 Rails 中验证网站所有权 [英] Validate website ownership in rails

问题描述

有关类似主题的最近讨论，请查看this 提出问题.

For a more recent discussion about a similar topic check this question out.

验证特定用户是否拥有网站所有权的最佳方法是什么?

What's the best way to validate whether a particular user has ownership of a website?

假设您有这个模型:

class User < ActiveRecord::Base
   has_many :websites
end

为了确保用户确实拥有该网站，我考虑进行电子邮件验证.示例:用户将 example.com 列为他们的网站，并向 username@example.com 发送电子邮件.如果用户从 example.com 发送响应消息，则该网站是有效的.

In order to make sure the User does indeed own that website I thought about doing email validations. Example: user lists example.com as their website and an email gets sent to username@example.com. If a user sends a response message from example.com the website is validate.

问题在于，如果有一个网站，一大群人可以从具有该域名的网站(例如 gmail.com)发送电子邮件.我不希望用户将 Gmail 注册为他们的个人网站.

The problem with this is if there was a website where a large group of people could send an email from a website with that domain name, like gmail.com. I wouldn't want a user to register gmail as their personal website.

因此似乎最好的方法是让用户在 HTML 中嵌入一些代码，而 Rails 应用程序确保该代码在那里.

Thus it seems the best way to do it is to have the user to embed some code in the HTML and the rails applications makes sure that that code is there.

你会怎么做?

推荐答案

这是您可以使用 RESTful 风格的 google 子域方法验证域的方法.您将允许用户创建站点记录，该记录将保持未验证状态，直到用户稍后单击链接/按钮以验证域(以允许 DNS 传播).

This is is how you could validate a domain using the google subdomain approach in a RESTful style. You will allow a user to create a Site record, which will remain unverified until the user later clicks a link/button to verify the domain at a later time (to allow DNS propagation).

此代码未经测试，但可以帮助您入门.

This code is untested but will get you started.

型号:

class Site < ActiveRecord::Base
  # schema
  # create_table "sites", :force => true do |t|
  #  t.string   "domain"
  #  t.string   "cname"
  #  t.integer  "user_id"
  #  t.boolean  "verified"
  #  t.datetime "created_at"
  #  t.datetime "updated_at"
  # end

  require "resolv"

  YOUR_DOMAIN = "example.com"

  belongs_to :user
  before_create :generate_cname

  attr_accessible :domain
  …

  # Validate unless already validated
  def validate!
    validate_cname unless self.verifed == true
  end

  protected

  # Generate a random string for cname
  def generate_cname
    chars = ('a'..'z').to_a
    self.cname = 10.times.collect { chars[rand(chars.length)] }.join
  end

  # Sets verifed to true if there is a CNAME record matching the cname attr and it points to this site.
  def validate_cname
    Resolv::DNS.open do |domain|
      @dns = domain.getresources("#{cname}.#{domain}", Resolv::DNS::Resource::IN::CNAME)
     self.verified = !@dns.empty? && @dns.first.name.to_s == YOUR_DOMAIN
    end
  end

end

控制器

class SitesController < ActionController::Base
  # Usual RESTful controller actions
  # …

  def validate
    @site = current_user.sites.find(params[:id])
    @site.validate!

    respond_to do |format|
      if @site.save && @site.verified
        flash[:notice] = 'Site verified!'
        format.html { redirect_to(@site) }
        format.xml  { head :ok }
      else
        flash[:Error] = 'Site verification failed!'
        format.html { redirect_to(@site) }
        format.xml  { render :status => :unprocessable_entity }
      end
    end

  end
end

把它放在routes.rb:

Put this in routes.rb:

map.resources :sites, :member => { :validate => :put }

我将把实现这些视图留给您作为练习.

I'll leave implementing the views as an exercise for you.

这篇关于在 Rails 中验证网站所有权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！