Ruby Sinatra-使用身份验证保护路由 [英] Ruby Sinatra - Protecting routes with authentication

问题描述

我有一个Ruby类，该类基本上如下对用户进行LDAP目录身份验证. DirectoryUser类使用net/ldap gem执行此操作.调用该类时，如果用户通过了身份验证，则返回"true"，否则返回"false".

I have a Ruby class that basically authenticates a user to an LDAP directory as follows. The DirectoryUser class is using the net/ldap gem to do this. When called the class returns either a 'true' if the user is authenticated or 'false' if not.

>>DirectoryUser.authenticate('user', 'password')
  #True

我想使用此机制在一个基本的Sinatra应用程序中为多个用户保护我的路线.

I want to use this mechanism to protect my routes in a basic Sinatra application for multiple users.

1. 是否有遵循最佳实践的推荐方法?
2. 有人可以证明如何实现这一目标吗?

我当时想只设置一个变量并检查该变量的状态，然后才允许访问路由.但是，我不禁想到这里可能会缺少一些安全隐患！

I was thinking of just setting a variable and checking the status of the variable before allowing access to the route. However, I can't help thinking there are some security implications that I could be missing here!

推荐答案

它在 Sinatra常见问题解答中.

基本上，您需要创建一个辅助方法，如果用户未通过身份验证，该方法将引发异常.

Basically you need to create a helper method that will throw an exception if the user is not authenticated.

这篇关于Ruby Sinatra-使用身份验证保护路由的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！