西纳特拉 - API - 验证 [英] Sinatra - API - Authentication
问题描述
我们将开发在西纳特拉有点API应用程序。什么都可以,以确保API调用的验证选项?
We going to develop a little API application in Sinatra. What are the authentication options available to secure the API calls?
推荐答案
西纳特拉没有内置的身份验证支持。有一些宝石可用的,但大多数是专为用户认证(即,用于一个网站)。对于一个API,他们似乎有点小题大做。这是很容易使自己的。简单地检查每个路线的请求参数来查看它们是否包含一个有效的API密钥,如果没有,则返回401错误。
Sinatra has no built-in authentication support. There are some gems available, but most are designed for user authentication (i.e. for a website). For an API, they seem like overkill. It’s easy enough to make your own. Simply check the request params in each of your routes to see if they contain a valid API key, and if not, return a 401 error.
helpers do
def valid_key? (key)
false
end
end
get "/" do
error 401 unless valid_key?(params[:key])
"Hello, world."
end
# $ irb -r open-uri
# >> open("http://yourapp.com/api/?key=123")
# OpenURI::HTTPError: 401 Unauthorized
没什么,来电后错误
如果会发生你的 valid_key
方法返回false? - 错误
通话停止
内部,它停止从这个请求。
Nothing after the call to error
will happen if your valid_key?
method returns false — error
calls halt
internally, which stops the request from continuing.
当然,这不是理想的每条路线的开始重复检查。相反,你可以创建一个小的扩展,增加了条件,你的路线:
Of course, it’s not ideal to repeat the check at the beginning of each route. Instead, you can create a small extension that adds conditions to your routes:
class App < Sinatra::Base
register do
def check (name)
condition do
error 401 unless send(name) == true
end
end
end
helpers do
def valid_key?
params[:key].to_i % 2 > 0
end
end
get "/", :check => :valid_key? do
[1, 2, 3].to_json
end
end
如果你只是想在所有的航线验证,使用之前
处理程序:
If you just want authentication on all your routes, use a before
handler:
before do
error 401 unless params[:key] =~ /^xyz/
end
get "/" do
{"e" => mc**2}.to_json
end
这篇关于西纳特拉 - API - 验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!