Ruby Sinatra-使用身份验证保护路由 [英] Ruby Sinatra - Protecting routes with authentication
问题描述
我有一个Ruby类,该类基本上如下对用户进行LDAP目录身份验证. DirectoryUser
类使用net/ldap gem执行此操作.调用该类时,如果用户通过了身份验证,则返回"true",否则返回"false".
I have a Ruby class that basically authenticates a user to an LDAP directory as follows. The DirectoryUser
class is using the net/ldap gem to do this. When called the class returns either a 'true' if the user is authenticated or 'false' if not.
>>DirectoryUser.authenticate('user', 'password')
#True
我想使用此机制在一个基本的Sinatra应用程序中为多个用户保护我的路线.
I want to use this mechanism to protect my routes in a basic Sinatra application for multiple users.
- 是否有遵循最佳实践的推荐方法?
- 有人可以证明如何实现这一目标吗?
我当时想只设置一个变量并检查该变量的状态,然后才允许访问路由.但是,我不禁想到这里可能会缺少一些安全隐患!
I was thinking of just setting a variable and checking the status of the variable before allowing access to the route. However, I can't help thinking there are some security implications that I could be missing here!
推荐答案
基本上,您需要创建一个辅助方法,如果用户未通过身份验证,该方法将引发异常.
Basically you need to create a helper method that will throw an exception if the user is not authenticated.
这篇关于Ruby Sinatra-使用身份验证保护路由的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!