带有WebBrick的Sinatra和带有Rack::Auth::Basic的OpenSSL/HTTPS
我已经阅读了有关创建OpenSSL证书以及使用它和Sinatra运行Webbrick服务器的教程和文档。这是所有的工作-并感谢以前的帖子在这方面。然而,现在我尝试将其与我的应用程序集成,我似乎丢失了解析请求并允许我从凭据中提取经过身份验证的用户名的“before do”代码。所以,我的基本问题是-如何在WebBrick与Sinatra一起运行的情况下同时使用Rack::Auth::basic和HTTPS。在此方面的任何帮助都将不胜感激带有WebBrick的Sinatra和带有Rack::Auth::Basic的OpenSSL/HTTPS,https,openssl,sinatra,yaml,rack,Https,Openssl,Sinatra,Yaml,Rack,我已经阅读了有关创建OpenSSL证书以及使用它和Sinatra运行Webbrick服务器的教程和文档。这是所有的工作-并感谢以前的帖子在这方面。然而,现在我尝试将其与我的应用程序集成,我似乎丢失了解析请求并允许我从凭据中提取经过身份验证的用户名的“before do”代码。所以,我的基本问题是-如何在WebBrick与Sinatra一起运行的情况下同时使用Rack::Auth::basic和HTTPS。在此方面的任何帮助都将不胜感激 #!/usr/local/bin/ruby require
#!/usr/local/bin/ruby
require 'sinatra'
require 'webrick'
require 'webrick/https'
require 'openssl'
require 'yaml'
# basic authentication provided through Rack:Auth
configure do
puts "configure do ran"
# load password file - might move to DB at some point
@@config = YAML.load_file(File.join(Dir.pwd, 'config', 'users.yml'))
use Rack::Auth::Basic, "Restricted Area" do |u, p|
puts "use Rack::Auth::Basic"
[u, p] == [u, @@config[:users][u][:password]]
end
end
before do
puts "before do ran"
@auth ||= Rack::Auth::Basic::Request.new(request.env)
puts "auth username: " + @auth.username.to_s
# set the user name for processing in the post or get
@myuser = @auth.username.to_s
end
class MyServer < Sinatra::Base
get '/' do
# code would do something with @myuser here
"Hello, world!"
end
end
pkey = cert = cert_name = nil
begin
pkey = OpenSSL::PKey::RSA.new(File.open("private_key.pem").read)
cert = OpenSSL::X509::Certificate.new(File.open("certificate.pem").read)
end
webrick_options = {
:Port => 8443,
:Logger => WEBrick::Log::new($stderr, WEBrick::Log::DEBUG),
:DocumentRoot => "/ruby/htdocs",
:SSLEnable => true,
:SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
:SSLCertificate => cert,
:SSLPrivateKey => pkey,
:SSLCertName => [ [ "CN",WEBrick::Utils::getservername ] ],
:app => MyServer
}
Rack::Server.start webrick_options
#/usr/local/bin/ruby
需要“sinatra”
需要“webrick”
需要“webrick/https”
需要“openssl”
需要“yaml”
#通过机架提供的基本身份验证:Auth
配置do
将“配置运行”
#加载密码文件-可能在某个时候移动到DB
@@config=YAML.load_文件(file.join(Dir.pwd,'config','users.yml'))
使用Rack::Auth::Basic,“受限区域”do | u,p|
放入“使用机架::验证::基本”
[u,p]=[u,@@config[:users][u][:password]]
结束
结束
在做之前
把“在跑之前”
@auth | |=Rack::auth::Basic::Request.new(Request.env)
将“auth username:”+@auth.username.to_
#设置要在post或get中处理的用户名
@myuser=@auth.username.to\s
结束
类MyServer8443,
:Logger=>WEBrick::Log::new($stderr,WEBrick::Log::DEBUG),
:DocumentRoot=>“/ruby/htdocs”,
:SSLEnable=>true,
:SSLVerifyClient=>OpenSSL::SSL::VERIFY\u NONE,
:SSLCertificate=>cert,
:SSLPrivateKey=>pkey,
:SSLCertName=>[[“CN”,WEBrick::Utils::getservername]],
:app=>MyServer
}
机架::服务器。启动webrick\u选项
再次感谢您对此的任何想法。如上面的评论所示,以下内容似乎很好
#!/usr/local/bin/ruby
require 'sinatra'
require 'webrick'
require 'webrick/https'
require 'openssl'
require 'yaml'
# basic authentication provided through Rack:Auth
configure do
puts "configure do ran"
# load password file - might move to DB at some point
@@config = YAML.load_file(File.join(Dir.pwd, 'config', 'users.yml'))
use Rack::Auth::Basic, "Restricted Area" do |u, p|
puts "use Rack::Auth::Basic"
[u, p] == [u, @@config[:users][u][:password]]
end
end
before do
puts "before do ran"
@auth ||= Rack::Auth::Basic::Request.new(request.env)
puts "auth username: " + @auth.username.to_s
# set the user name for processing in the post or get
@myuser = @auth.username.to_s
end
class MyServer < Sinatra::Base
get '/' do
# code would do something with @myuser here
"Hello, world!"
end
end
pkey = cert = cert_name = nil
begin
pkey = OpenSSL::PKey::RSA.new(File.open("private_key.pem").read)
cert = OpenSSL::X509::Certificate.new(File.open("certificate.pem").read)
end
webrick_options = {
:Port => 8443,
:Logger => WEBrick::Log::new($stderr, WEBrick::Log::DEBUG),
:DocumentRoot => "/ruby/htdocs",
:SSLEnable => true,
:SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
:SSLCertificate => cert,
:SSLPrivateKey => pkey,
:SSLCertName => [ [ "CN",WEBrick::Utils::getservername ] ],
:app => MyServer
}
Rack::Server.start webrick_options
class MyServer < Sinatra::Base
# basic authentication provided through Rack:Auth
configure do
puts "Configure do ran"
# require SSL
use Rack::SslEnforcer
set :session_secret, 'asdfa2342923422f1adc05c837fa234230e3594b93824b00e930ab0fb94b'
use Rack::Session::Cookie, :key => '_rack_session',
:path => '/',
:expire_after => 2592000, # In seconds
:secret => session_secret
# load password file - might move to DB at some point
@@config = YAML.load_file(File.join(Dir.pwd, 'config', 'users.yml'))
use Rack::Auth::Basic, "Restricted Area" do |u, p|
puts "use Rack::Auth::Basic"
[u, p] == [u, @@config[:users][u][:password]]
end
end
before do
puts "Before do ran"
@auth ||= Rack::Auth::Basic::Request.new(request.env)
puts "auth username: " + @auth.username.to_s
# set the user name for processing in the post or get
@myuser = @auth.username.to_s
end
get '/' do
# code would do something with @myuser here
"Hello, world!"
end
end
classmyserver“\u Rack\u Session”,
:path=>“/”,
:expire_after=>2592000,#秒
:secret=>session\u secret
#加载密码文件-可能在某个时候移动到DB
@@config=YAML.load_文件(file.join(Dir.pwd,'config','users.yml'))
使用Rack::Auth::Basic,“受限区域”do | u,p|
放入“使用机架::验证::基本”
[u,p]=[u,@@config[:users][u][:password]]
结束
结束
在做之前
把“在跑之前”
@auth | |=Rack::auth::Basic::Request.new(Request.env)
将“auth username:”+@auth.username.to_
#设置要在post或get中处理的用户名
@myuser=@auth.username.to\s
结束
获取“/”do
#代码将在这里使用@myuser执行某些操作
“你好,世界!”
结束
结束
进一步研究,将“configure do”和“before do”移到server类中似乎是可行的。此外,我还向代码中添加了Rack::SslEnforcer——虽然web服务器只运行https,但我不确定是否需要这样做。