开发者

Warden vs Rack::Auth::Basic. Doing HTTP-Basic-Auth in Ruby-Framework

开发者 https://www.devze.com 2023-01-14 10:52 出处:网络
I want to create a WebService in Ruby (Sinatra, Padrino, maybe Ramaze... don\'t know yet...), but I definitely want to secure it...

I want to create a WebService in Ruby (Sinatra, Padrino, maybe Ramaze... don't know yet...), but I definitely want to secure it...

It will be the backeend for an Iphone-App, so I think SSL-Secured HTTP-Basic-Auth will be fine.

I've been looking around at several authentication Frameworks and came across warden... Seems to be pretty well documented, and devise is build on top of it... So can't be that bad...

But... seemd to me a little bit overkill, for what I need...

Then I found this Code-Snipplet:

  def protected!
    unless authorized?
      response['WWW-Authenticate'] = %(Basic realm="Testing HTTP Auth")
      throw(:halt, [401, "Not authorized\n"])
    end
  end

  def authorized?
    @auth ||=  Rack::Auth::Basic::Request.new(request.env)
    @auth.provided? && @auth.basic? && @auth.credentials && @auth.cr开发者_如何学Pythonedentials == ['admin', 'admin']
  end

Looks if I just don't need more than that atm... Or can any of you guys provide a nice Example of Warden + HTTP-Basic Auth? Or explain me more benefits of using warden?

Thanks in advance!!! :)


Not completey sure what you are trying to achieve here. However we have a Rails app where we use Warden (+ devise) combined with HTTP-Basic-Auth using middleware to hide our staging instance. This is what we put into config/environments/staging.rb:

  config.middleware.insert_after(::Rack::Lock, "::Rack::Auth::Basic", "Not for public eyes") do |u, p|
u == 'admin' && p == 'secret'
  end

This works side by side with our Warden authentication rules.

0

精彩评论

暂无评论...
验证码 换一张
取 消