如何使用Rails，Devise和Backbone.js的令牌身份验证？ [英] How use token authentication with Rails, Devise and Backbone.js?

问题描述

我正在使用PhoneGap，jQuery Mobile和Backbone.js在客户端构建一个移动应用程序，其中Rails 3 JSON API运行在服务器端。

我知道如何在认证后从服务器获取令牌，但是我不知道如何将token_auth键/值附加到Backbone.js将对我的服务器进行的所有AJAX请求。 p>

这是我现在的流程：

1. 用户键入一些表单字段和命中登录


2. Backbone使用电子邮件和密码信息创建一个新的Player对象。


3. 我运行一个Player.authenticate来设置令牌AUTHENTICATION_TOKEN


4. 此后的所有请求都应该附加auth_token =+ AUTHENTICATION_TOKEN

查看 http://documentcloud.github.com/backbone/#Sync 可能覆盖AJAX调用 - 但这似乎是非常极端的这个简单的任务。

有没有人有运行Devise token_authentication和Backbone.js的经验？

解决方案

为什么不将其附加到所有的jquery ajax请求中。它将通过jQuery将auth_token添加到所有的ajax调用。当直接使用jQuery ajax（或这样做的libs）时，这可能是有用的。但是这可能是一个安全问题（当你有其他网站的ajax调用...）。

  // this是未测试的
 $ .ajaxSetup（{beforeSend：function（xhr，settings）{
 
 //只是因为auth_token是一个私人信息
 if（！settings.crossDomain）{ 
 
 //解析数据对象
 var dataobj = JSON.parse（xhr.data）; 
 
 //向数据对象添加身份验证令
 dataobj.auth_token = AUTHENTICATION_TOKEN; 
 
 //将数据对象保存到jqXHR对象中
 xhr.data = JSON.stringify（dataobj）; 
 
} 
}}）; 
  

---

另一种方法可能是将该令牌写入标题并在服务器端处理它：

  //这不美丽
 $ .ajaxSetup（{headers：{ auth_token：AUTHENTICATION_TOKEN}}）; 
  

I'm trying to build a mobile application with PhoneGap, jQuery Mobile and Backbone.js on the client-side - with a Rails 3 JSON API running server-side.

I know how to fetch the token from the server after being authenticated, but I don't know how to append the "token_auth" key/value to all the AJAX-requests Backbone.js will make to my server.

Here's my flow at the moment:

1. User types in some form fields and hits "Log in"
2. Backbone creates a new Player object with the email and password info.
3. I run a Player.authenticate that sets the token to AUTHENTICATION_TOKEN
4. All requests after this should append "auth_token=" + AUTHENTICATION_TOKEN

I've looked at http://documentcloud.github.com/backbone/#Sync for maybe overriding the AJAX calls - but that seems quite extreme for this simple task.

Does anyone have any experience with running Devise token_authentication and Backbone.js?

解决方案

Why don't append it to all of your jquery ajax requests. It will add the auth_token to all of your ajax calls over jQuery. That might be useful when working directly with jQuery ajax (or libs that do so). But this might be a security issue as well (when you have ajax calls to other sites...).

// this is untested
$.ajaxSetup({ beforeSend : function(xhr, settings){ 

  // just because the auth_token is a private information
  if(!settings.crossDomain) {

    // parse data object
    var dataobj = JSON.parse(xhr.data);

    // add authentication token to the data object
    dataobj.auth_token = AUTHENTICATION_TOKEN;

    // save the dataobject into the jqXHR object
    xhr.data = JSON.stringify(dataobj); 

  }
}});

---

Another approach may be to write that token into the header and process it on the server side:

// thats not beautiful
$.ajaxSetup({ headers : { "auth_token" : AUTHENTICATION_TOKEN } });

这篇关于如何使用Rails，Devise和Backbone.js的令牌身份验证？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！