Skip to content

beno/roda-auth

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Roda plugin for Authentication

Status

This is a first stab at integrating Roda and Warden. It is by no means ready for real use.

Quick start

Install gem with

gem 'roda-auth'          #Gemfile

Create rack app

#api.ru

require 'roda/auth'

class App < Roda
  
  # plugin options, all optional
  # supports 3 auth types: :basic (default), :form, or :token
  # :user_class defaults to ::User
  # :redirect - url for login page, defaults to '/login'
  # :cookie - options hash for session cookie, see Rack::Session::Cookie
  
  plugin :auth, :form, user_class: MyUser, redirect: '/login', cookie: {secret:'secret'}
  
  route do |r|
    r.post 'login' do
      sign_in do
        redirect "/private/profile/#{current_user}"
      end
    end
    r.get 'login' do
      #render login form
    end
    r.post 'logout' do
      sign_out
    end
    r.on 'public' do
      #public content
    end
    authenticate!
    r.on 'private' do
      #private content
    end
  end

end

class MyUser

  #required - should return either a valid user or nil
  
  def self.authentic?(credentials)
    #credentials is either {'username' => 'foo', 'password' => 'bar'} or {'token' => '123'}
    if token = credentials['token']
      self.find_by_token(token) #make sure to use a safe (constant time) method of looking up tokens
    else
      self.check_password(credentials['username'], credentials['password'])
    end
  end
  
  #required when using :form strategy (for sessions)
  
  def self.find_by_id(id)
    find(id)
  end
  
  #optional - used for  generating/updating auth tokens or tracking logins
  
  def authentic!
    #call for each successful authentication request
  end
  
end
  

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages