Ember认证最佳做法? [英] Ember authentication best practices?
问题描述
以下是我至今的一些想法:
- 为了完全从服务器(Rails应用程序)中分离视图(Ember应用程序)我想使用令牌身份验证。我可能会在Rails服务器上使用Devise。
- 我需要像Ember应用程序中的before_filter等效项,我可以检查是否有当前用户,如果该用户具有身份验证令牌组。
- Rails服务器将在每次呼叫时返回当前的auth令牌。如果它返回一个空的认证令牌,Ember应用程序应该检测到这个并转换到未认证的状态,重定向到登录视图。
I怀疑我应该使用Ember状态机,但我不知道如何进行。任何人都解决了这个问题?
更新:像@DustMason在他的回答中说,看看真棒 embercasts 用于身份验证最佳做法。
- < a href =http://www.embercasts.com/episodes/client-side-authentication-part-1 =noreferrer>客户端验证第一部分
- 客户端认证第二部分
为了将视图(Ember应用程序)与服务器(Rails应用程序)完全分离,我想使用令牌身份验证。我可能会在Rails服务器上使用Devise。
有意义。
我需要类似于Ember应用程序中的before_filter等效项,我可以检查是否有当前用户,并且该用户是否具有身份验证令牌。
您可以在路由上添加一个 enter hook,这大致相当于before_filter。但是不能确定这是检查auth-token的最佳位置。
Rails服务器将在每次调用时返回当前的auth令牌。
有意义。我们使用cookie-auth并通过调用 / api / me 获取当前的用户配置文件,但是应该可以使用。
如果返回一个空的认证令牌,Ember应用程序应该检测到这个并转换到未认证的状态,重定向到登录视图。
关于这种方法的是(不像rails),保护访问特定的Ember路由并不容易。无论用户什么时候可以随时弹出JS控制台并进入他们想要的任何状态。所以,而不是认为用户只能通过身份验证才能进入这个状态考虑如果未经身份验证的用户以某种方式导航到这条路线怎么办
我怀疑我应该使用Ember状态机,但我不知道如何进行。任何人都解决了这个问题?
我们的认证需求非常简单,所以我们没有发现需要一台状态机。相反,我们在ApplicationController上有一个 isAuthenticated 属性。当用户未通过身份验证时,我们在 application.hbs 中使用此属性替换主视图与登录表单。
{{if isAuthenticated}}
{{rendertopnav}}
{{outlet} }
{{else}}
{{renderlogin}}
{{/ if}}
从ApplicationRoute,我们提取用户个人资料:
App.ApplicationRoute = Ember.Route .extend({
model:function(){
var profiles;
profiles = App.Profile.find({alias:'me'});
profiles.on( didLoad,function(){
return profiles.resolve(profiles.get(firstObject));
});
返回配置文件;
}
});
然后我们的ApplicationController根据返回的配置文件计算它的isAuthenticated属性。
Does anyone have experience creating an authentication mechanism with the new router in pre4?
Here are some of my thoughts so far:
- In order to completely separate the view (Ember app) from the server (Rails app) I want to use token authentication. I will likely use Devise on the Rails server.
- I need something like a before_filter equivalent in the Ember app where I can check if there is a current user and if that user has an authentication token set.
- The Rails server will return the current auth token on every call. If it returns a null auth token the Ember app should detect this and transition to the unauthenticated state, redirecting to the login view.
I suspect I should be using an Ember state machine for this but I'm not sure how to proceed. Anyone tackled this problem yet?
UPDATE: Like @DustMason says in his answer, check out the awesome embercasts for authentication best-practices.
In order to completely separate the view (Ember app) from the server (Rails app) I want to use token authentication. I will likely use Devise on the Rails server.
Makes sense.
I need something like a before_filter equivalent in the Ember app where I can check if there is a current user and if that user has an authentication token set.
You can add an enter hook on routes, this is roughly equivalent to a before_filter. But not sure that's the best place to check for an auth-token.
The Rails server will return the current auth token on every call.
Makes sense. We use cookie-auth and fetch current user profile by calling /api/me but either should work.
If it returns a null auth token the Ember app should detect this and transition to the unauthenticated state, redirecting to the login view.
Thing about this approach is that (unlike rails) it's not easy to "protect" access to a particular ember routes. And no matter what a user can always pop open JS console and enter whatever state they want. So instead of thinking "user can only get into this state if authenticated" consider "what if unauthenticated user somehow navigates to this route"
I suspect I should be using an Ember state machine for this but I'm not sure how to proceed. Anyone tackled this problem yet?
Our auth needs are pretty simple so we've not found the need for a state machine. Instead we have an isAuthenticated property on ApplicationController. We use this property in application.hbs to replace the main view with a login form when a user is not authenticated.
{{if isAuthenticated}}
{{render "topnav"}}
{{outlet}}
{{else}}
{{render "login"}}
{{/if}}
From ApplicationRoute, we fetch user profile:
App.ApplicationRoute = Ember.Route.extend({
model: function() {
var profiles;
profiles = App.Profile.find({ alias: 'me' });
profiles.on("didLoad", function() {
return profiles.resolve(profiles.get("firstObject"));
});
return profiles;
}
});
Then our ApplicationController computes it's isAuthenticated property based on the profile that was returned.
这篇关于Ember认证最佳做法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
