Rails 设计-jwt session 存储
[英]Rails devise-jwt session storage
问题描述
The devise-jwt gem documentation says that if session storage is enabled, you have to skip it for jwt auth. 
devise-jwt gem 文档说,如果启用了 session 存储,则必须跳过它以进行 jwt 身份验证。 It says that you should set on devise.rb:它说你应该在 devise.rb 上设置:
config.skip_session_storage = [:http_auth, :params_auth]
And you should disable:database_authenticatable.你应该禁用:database_authenticable。 This part I quite don't understood.这部分我完全不明白。 If in my User model, I remove:database_authenticatable, my route configured for login becomes unavailable:如果在我的用户 model 中,我删除:database_authenticable,我为登录配置的路由不可用:
ActionController::RoutingError (No route matches [POST] "/login"):
User.rb用户.rb
class User < ApplicationRecord
rolify role_join_table_name: 'public.user_roles'
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
# devise :database_authenticatable,
devise :registerable,
:recoverable,
:rememberable,
:validatable,
:jwt_authenticatable,
jwt_revocation_strategy: Devise::JWT::RevocationStrategies::Null
end
devise.rb devise.rb
config.skip_session_storage = %i[http_auth params_auth]
routes.rb路线.rb
Rails.application.routes.draw do
# For details on the DSL available within this file, see https://guides.rubyonrails.org/routing.html
devise_for :users, defaults: { format: :json },
path: '',
path_names: {
sign_in: 'login',
sign_out: 'logout',
registration: 'signup'
},
controllers: {
sessions: 'users/sessions',
registrations: 'users/registrations'
}
end
What should I do to keep session, but not for jwt auth?我应该怎么做才能保留 session,而不是 jwt 身份验证?
1 个解决方案
解决方案1
1 2020-08-25 20:03:54
Well, after adapting the solution I found in this article https://blog.siliconjungles.io/devise-jwt-with-sessions-hybrid , here's the answer:好吧,在调整了我在这篇文章https://blog.siliconjungles.io/devise-jwt-with-sessions-hybrid中找到的解决方案后,答案如下:
monkeypatch: config/initializers/warden/proxy.rb猴子补丁:config/initializers/warden/proxy.rb
module Warden
class Proxy
def user(_argument = {})
if request.format.json?
return nil
end
end
end
end
And you must have separated routes for api auth and default behavior:并且您必须为 api 身份验证和默认行为分开路由:
routes.rb路线.rb
namespace :api do
namespace :v1 do
devise_scope :user do
post 'auth/signup', to: 'registrations#create'
post 'auth/signin', to: 'sessions#create'
delete 'auth/signout', to: 'sessions#destroy'
end
end
end
devise_for :users
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.