为带有外部应用程序的模型创建Rails数据库条目
[英]Create Rails database entry for model with external application
问题描述
I am creating a Rails app that will have User and File models. 
我正在创建一个将具有User和File模型的Rails应用程序。 A user "has many" files. 用户“有很多”文件。 The catch is that the files are never created by the user explicitly through the web application. 问题是用户永远不会通过Web应用程序显式创建文件。 I am building desktop applications to monitor the filesystem (think Dropbox) and create/update File records. 我正在构建桌面应用程序以监视文件系统(例如Dropbox)并创建/更新File记录。
Is the correct way to do this to have the desktop applications make the appropriate POST requests to my Rails application and just not supply a view for creating File records in the web app. 使桌面应用程序向我的Rails应用程序发出适当的POST请求,而只是不提供用于在Web应用程序中创建File记录的视图的正确方法。
Also, would it be sufficiently secure to require a user-specific security token to be sent in the POST request made by the desktop applications to authenticate a user's file record? 另外,是否足够安全,要求在桌面应用程序发出的POST请求中发送用户特定的安全令牌以验证用户的文件记录?
1 个解决方案
解决方案1
1 已采纳 2013-04-30 06:24:24
It sounds like you're on the right track. 听起来您在正确的轨道上。 Your Rails app is essentially exposing an API that takes an uploaded file and created the associated model on the user's behalf to track the file metadata. 您的Rails应用程序实际上是在公开一个API,该API接收上传的文件并代表用户创建关联的模型以跟踪文件元数据。 You could still expose a view in your webapp to edit file metadata and delete files, perhaps. 您仍然可以在Web应用程序中公开视图以编辑文件元数据并删除文件。
Security is a whole topic of its own. 安全本身就是一个完整的话题。 At a minimum, you'll probably want all communication to happen over SSL, and expire the token on a set timeout. 至少,您可能希望所有通信都通过SSL进行,并在设置的超时时间内使令牌过期。 Devise can do this for you with their TokenAuthenticatable implementation. Devise可以通过其TokenAuthenticatable实现为您完成此任务 。 You'll probably also want to limit file upload size and throttle requests. 您可能还希望限制文件上载的大小和限制请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.