发表新帖
发表新帖

How to skip Devise authentication when using an API key?

前端 未结
关注
4 990
慢半拍i
慢半拍i 2020-12-28 10:04

I\'m using Devise on my application and would like to create a global API key that can access JSON data of anyone\'s account without having to log-in.

For example, s

相关标签:
4条回答
  • 醉话见心
    2020-12-28 10:43

    I know its been a while since this was asked, but thought I would throw in one more option that i've used in the past

    class Api::ApplicationController < ApplicationController

skip_before_filter :authenticate_user!

    This assumes that you have an application controller in your API directory that all of your api controllers inherit from. If not, you can just put the skip in each controller.

    0 讨论(0)
  • 既然无缘
    2020-12-28 10:49

    One option no one has mentioned is to have a completely separate set of controllers for the API that do not inherit from ApplicationController.

    I have seen the pattern used where API controllers live in files such as /app/controllers/api/v1/somethings.rb and are accessible via routes such as /api/v1/somethings. Each of the specific API controllers inherits from a base API controller that inherits from ActionController::Base, so does not include any of the filters defined on ApplicationController.

    0 讨论(0)
  • 北海茫月
    2020-12-28 10:54

    You can do this with your before_filter in your Controller.

    Currently, you probably have something like:

    class SomeController < ApplicationController
  before_filter :authenticate_user!
end

    Instead of calling this, you can define a different method (ideally in ApplicationController)

    class ApplicationController < ActionController::Base
  before_filter :authenticate_or_token

  private
  def authenticate_or_token
    if params[:api_key] == 1234
      @current_user = User.new(:admin => true, :any => "other", :required => "fields")
      return current_user
    end
    authenticate_user!
  end

    I would recommend using a more robust method of authentication such as OAuth, but this should work for a simple 1-key based authentication.

    0 讨论(0)
  • 野的像风
    2020-12-28 10:55

    An alternative to Gazler's would be to use an except:

    class ApplicationController < ActionController::Base
  before_filter :authenticate_user!, except: :some_json_method

  def some_json_method
    render :nothing unless params[:api_key] == '1234'

    render :json
  end
end

    This way you don't open your entire app to the key-holder (depending on your needs, whether you need that or not). If you need multiple methods opend to the key, you could probably also use something like:

    class ApplicationController < ActionController::Base
  JSON_METHODS = [method_1, method2]
  before_filter :authenticate_user!, except: JSON_METHODS
  before_filter :authenticate_token, only: JSON_METHODS

  private
  def authenticate_token
    params[:api_key] == '1234'
  end
end
    0 讨论(0)
 看不清?
提交回复
热议问题