如何在Rails API中将devise-jwt与devise一起用于登录,注册和注销 [英] How to use devise-jwt with devise for signin, signup and signout in rails api
问题描述
我正在使用 devise-jwt 为后端使用rails并做出反应前端部分.
I am using rails for the backend using devise-jwt and react for the frontend part.
我正在关注 https://github.com/waiting-for-dev/devise-jwt/blob/master/README.md
我的route.rb文件包含:
my routes.rb file contains:
Rails.application.routes.draw do
# remove this in production
require 'sidekiq/web'
mount Sidekiq::Web => '/sidekiq'
namespace :api, defaults: { format: 'json' } do
namespace :v1 do
devise_for :users, :controllers => {sessions: 'api/v1/sessions', registrations: 'api/v1/registrations'}
end
end
end
我的registrations_controller.rb(app/controllers/api/registrations_controller.rb)
my registrations_controller.rb (app/controllers/api/registrations_controller.rb)
class Api::V1::RegistrationsController < Devise::RegistrationsController
respond_to :json, :controllers => {sessions: 'sessions', registrations: 'registrations'}
before_action :sign_up_params, if: :devise_controller?, on: [:create]
def create
build_resource(sign_up_params)
if resource.save
render :json => resource, serializer: Api::V1::UserSerializer, meta: { message: 'Sign up success', token: request.headers["Authorization"] }, :status => :created
else
render :json => resource, adapter: :json_api, serializer: ActiveModel::Serializer::ErrorSerializer, meta: { message: 'Sign up success' }, :status => :created
end
end
protected
def sign_up_params
params.require(:sign_up).permit(:first_name, :last_name, :mobile, :email, :password, :password_confirmation)
end
end
我的sessions_controller.rb(app/controllers/api/sessions_controller.rb)
my sessions_controller.rb (app/controllers/api/sessions_controller.rb)
class Api::SessionsController < Devise::SessionsController
respond_to :json
end
我的application_controller.rb(app/controllers/application_controller.rb)
my application_controller.rb (app/controllers/application_controller.rb)
class ApplicationController < ActionController::Base
end
基本上,下一步将是获得令牌的下一步.我很困惑.我将如何获得访问令牌并在前端反应部分中使用它进行身份验证.
Basically what will be the next step to acees the token. I am confused. How will i get the acess token and use it to authenticate in the frontend react part.
推荐答案
假设您已在服务器端进行了设置,则响应将包括一个 Authorization Header (授权标头).
Assuming you have your server-side setup the response will include an Authorization Header.
在前端,您将请求登录并具有回调以捕获响应:
On the front-end you'll make request to sign in and have a callback to catch the response:
window.fetch(LOGIN_URL, dataWithLoginInfo).then(response => {
const jwt = response.headers.get('Authorization').split('Bearer ')[1];
window.sessionStorage.setItem('jwt', jwt);
}).catch(handleError)
接下来发出带有 Authorization 标头的请求:
Next make the requests with the Authorization header included:
const token = window.sessionStorage.getItem('jwt')
const headers = { Authorization: `Bearer ${token}` }
或在解码后在您的应用中使用它:
or use it in your app after you decode it:
import jwt from 'jsonwebtoken';
const decodedToken = jwt.decode(window.sessionStorage.getItem('jwt'));
if (decodedToken.isAdmin) {
return <AdminPage />;
} else {
return <NotAdminPage />;
}
您将使用类似 https://www.npmjs.com/package/jwt-decode 或 https://www.npmjs.com/package/jsonwebtoken 解码令牌并从令牌中读取信息,例如ID,角色,权限等.
You'll use something like https://www.npmjs.com/package/jwt-decode or https://www.npmjs.com/package/jsonwebtoken to decode the token and read the information from it like id, roles, permissions, etc.
You really need to follow a tutorial like: https://auth0.com/blog/secure-your-react-and-redux-app-with-jwt-authentication/ or http://jasonwatmore.com/post/2017/12/07/react-redux-jwt-authentication-tutorial-example. Then have some local expert take a look at all your code.
这篇关于如何在Rails API中将devise-jwt与devise一起用于登录,注册和注销的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
