stackoom
  简体   繁体   中英

How to create password protected RSS feed in rails

 原文  2009-12-27 01:36:01       ruby-on-rails

Question

Creating RSS feed in rails is easy. I need a simple way to password protect the RSS feed. I am thinking http basic authentication.

I googled but could not find any article about creating password protected RSS.

5 answers

solution1
 4  2009-12-27 23:16:51

I have this in my ApplicationController 

def xml_authorize
  if request.format == Mime::XML
    authenticate_or_request_with_http_basic do |username, password|
      username == 'foo' && password == 'bar'
    end
  end
end

Then I just apply a before_filter :xml_authorize to the actions that I want to password protect for XML requests only, but still want to serve normally with html.

Here 's where I got the inspiration from.

solution2
 2  2009-12-27 01:41:54

Just use whatever auth system you use on your regular controllers. If the user is logged, and session is alive he will be able to download the feed.

solution3
 1  2009-12-27 23:30:24

How is HTTP authentication any different on RSS feeds than other controller actions? (This is not necessarily a rhetorical question - is it actually different?)

Have you tried just using the Rails HTTP Basic Authentication methods ?

solution4
 1  2011-11-08 21:01:55

Feeds are meant to be fetched in regular intervals without user interaction. RSS-Feeds can be consumed by something different than a browser. For example, I have a phone where I can create a widget for the start screen from a rss-feed-link. Great function. Unfortunately authentication does not work for this widget. And there is no user interface to put in username and password. So the authentication need to be part of the url, with all the bad security implications...

On the other hand you don't need a session to answer a feed-request.

So the solution is a create a special key for the user, and store it in the user table. Then use it when you display the link to the rss-feed. In the feed-method, you use this key to retrieve the user, but you don't create a session. This way, even when a hacker somehow got a valid key, the hacker can only view the rss-feed, but not access the rest of your application.

If you already use some library for authentication, there may already some solution implemented for this. In Authlogic, is is the class SingleAccessToken, and you need to add a column 'single_access_token' of type string to your user table. Then authlogic creates some cryptic key when are saving the user record. You than add this key as the GET-Parameter 'user_credentials' to the url of the private rss-feed

solution5
 0  2009-12-27 09:08:32

Like knoopx said, If you use an authentication system like authlogic you should be able to specify the authentication type in the controller. You can then specify http basic authenication. Then you can, if you choose, include the authentication in the URL for the RSS Feed.

eg: 

http://username:password@example.com/rss

(sorry to break the URI up like that, but I don't have enough reputation points to post multiple links :( )

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Rails 4; How to Display an RSS Feed on HTML View? Creating a RSS feed with Rails Easiest way to create RSS feed from Rails 2.3.8 app? Rails - how to access a file that is protected by login & password? Rails Multiple RSS Feed Parsing Cache and Paginate RSS Feed in Rails How to pass image entry in atom rss feed. in rails 3.1 How to implement an rss feed to a rails application using feedjira How do I make an RSS/Atom feed in Rails 3? How do I cache a parsed RSS feed in Rails 4.0?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM