Ruby 仅在一页上显示Sinatra基本HTTP验证
你知道如何让Sinatra HTTP auth在模块化Sinatra应用程序中只显示在一个页面上吗?Vicky Chijwani的评论是正确的,你应该提供更多信息(注意!),但这里有一个答案 你可以用几种方法。如果我们假设您的身份验证方法被称为Ruby 仅在一页上显示Sinatra基本HTTP验证,ruby,sinatra,Ruby,Sinatra,你知道如何让Sinatra HTTP auth在模块化Sinatra应用程序中只显示在一个页面上吗?Vicky Chijwani的评论是正确的,你应该提供更多信息(注意!),但这里有一个答案 你可以用几种方法。如果我们假设您的身份验证方法被称为protected: class MyApp < Sinatra::Base # assumed for all examples get "/only-this-page-has-auth" do protected! "On
protected代码>:
class MyApp < Sinatra::Base # assumed for all examples
get "/only-this-page-has-auth" do
protected!
"Only admin allowed!"
end
get "/this-wont-have-auth" do
"Everybody can access this"
end
end
或者,如果您打算从中使用Sinatra::Namespace
(可能是一种更高级的用法,但我经常使用它,因为我发现它是一种很好的方法),并且受保护的页面现在将位于“/admin/只有此页面具有auth”
添加到@iain-answer中,因为您已经询问了HTTP-Auth(我假设是Basic-Auth)
classmyapp
最好的方法是使用:
文档非常棒:
require "sinatra"
require "sinatra/basic_auth"
# Specify your authorization logic
authorize do |username, password|
username == "john" && password == "doe"
end
# Set protected routes
protect do
get "/admin" do
"Restricted page that only admin can access"
end
end
使用起来很简单你的问题不清楚。请,以便其他用户能够有效地帮助您。好东西,+1。我还建议将[“自定义用户名”、“秘密密码”]
更改为[ENV[“自定义用户名”]、ENV[“秘密密码”]]
,并将它们加载到服务器环境中,这样密码就不会在代码中传递,也不会通过源代码控制等方式传递。实际上,我将代码更改为硬编码值以使其变得简单。提到它更有意义:)。
namespace "/admin" do
before do
protected!
end
get "/only-this-page-has-auth" do
"Only admin allowed!"
end
end
get "/this-wont-have-auth" do
"Everybody can access this"
end
class MyApp < Sinatra::Base
def authorized?
@auth ||= Rack::Auth::Basic::Request.new(request.env)
@auth.provided? && @auth.basic? && @auth.credentials && @auth.credentials == ["CUSTOM_USERNAME","SECRET_PASSWORD"]
end
def protected!
unless authorized?
response['WWW-Authenticate'] = %(Basic realm="Restricted Area")
throw(:halt, [401, "Oops... we need your login name & password\n"])
end
end
get "/protected_content" do
protected!
"in secure"
end
get "/" do
"anyone can access"
end
end
require "sinatra"
require "sinatra/basic_auth"
# Specify your authorization logic
authorize do |username, password|
username == "john" && password == "doe"
end
# Set protected routes
protect do
get "/admin" do
"Restricted page that only admin can access"
end
end