[英]How to check user logged in and make Backbone get/post to Rails backend? (+Devise)
I have a Rails backend which uses Devise, and a decoupled Backbone frontend on a separate site.我有一个使用 Devise 的 Rails 后端,以及一个单独站点上的解耦 Backbone 前端。
I'd like to have Backbone make GET
calls to the separate Rails server to my Items resource.我想让 Backbone 对单独的 Rails 服务器进行GET
调用以访问我的 Items 资源。 Based on:基于:
GET
call with some default parameters如果用户未登录,请使用一些默认参数进行GET
调用GET
call with user.attribute
as a parameter如果用户已登录,则使用user.attribute
作为参数进行GET
调用I also want to allow the user to POST
to edit account details (eg, user.attribute
).我还希望允许用户通过POST
来编辑帐户详细信息(例如, user.attribute
)。
How do I:我如何能:
POST
ing POST
时验证真实性TL;DR How to share a session between Devise and Backbone? TL;DR 如何在 Devise 和 Backbone 之间共享会话? How to make calls using that session?如何使用该会话拨打电话? Is session sharing the right structure?会话共享结构是否正确?
I've seen this answer and my understanding thus far is:我已经看到了这个答案,到目前为止我的理解是:
GET
to Devise /signin
Backbone 在GET
中将用户的登录信息传递给 Devise /signin
GET
or POST
calls, I use that session cookie and other stuff?每次 Backbone 进行GET
或POST
调用时,我都会使用那个会话 cookie 和其他东西吗? and Rails/Devise verifies it somehow和 Rails/Devise 以某种方式验证它Thanks in advance -提前致谢 -
It's best for the front end to initially assume that the user is logged in, make the request, and for the server to fail the request back with a 401, 403, or similar response code, indicating to the front end that the users is not authenticated.前端最好首先假设用户已登录,发出请求,然后服务器用 401、403 或类似的响应代码将请求失败,向前端表明用户不是认证。 The front end should then make whatever calls are necessary to authenticate the user, and then reissue the original request(s) for the user as appropriate.然后前端应该进行任何必要的调用来验证用户,然后适当地为用户重新发出原始请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.