backbone.js - From Rails devise auth to backbone & api? -


i want rebuild app typical rails 3.2 mvc app api + frontend (backbone) only. have no experience in building apis in rails including authenticatin:

  • what's best way authenticate devise using backbone? using auth_tokens?
  • how should make api? printing out json or use gem grape?

thanks in advance!

i can explain way :

first, install standard rails application devise. after that, create own session controller : 

class sessionscontroller < applicationcontroller    def authenticate     # method logs in , returns single_access_token token authentication.     @user = user.find_for_authentication(:email => params[:user][:email])      if @user && @user.valid_password?(params[:user][:password])       render :json => {:user => {:email => @user.email, :id => @user.id, :firsname => @user.firstname, :lastname => @user.lastname, :team_id => @user.team_id, :singleaccesstoken => @user.generate_access_token}}     else       render :json => {:errors => ["nom d'utilisateur ou mot de passe invalide"]}, :status => 401     end   end end

as can see, send request url json looking : 

{     user => {       email => "myemail@toto.com",       password => "monpass"    } }

and controller return me json user data if every thing fine, or error. on json user, return access_token used on next requests check user allowed request. made filters in application controller : 

class applicationcontroller < actioncontroller::base   protect_from_forgery    protected   def user_access_token     request.headers["http_x_user_access_token"] || request.headers["http_user_access_token"]   end    def current_user     if token = user_access_token       @user ||= user.find_by_access_token(token)     end   end    def require_user     unless current_user       render :json => {:error => "invalid access token"}, :status => 401     end   end    def require_owner     unless current_user && current_user == object.user       render :json => {:error => "unauthorized"}     end   end  end

as can see, on each next request, add access_token in html header on key : http_user_access_token

so, can check if user allowed make request.

to make api, can use rails api gem see here :

http://railscasts.com/episodes/348-the-rails-api-gem

good luck.


Comments

Post a Comment

Popular posts from this blog

java - Play! framework 2.0: How to display multiple image? -

i need display gallery of photos. here template: @(photos: list[photo]) @title = { <bold>gallery</bold> } @main(title,"photo"){ <ul class="thumbnails"> @for(photo <- photos) { <li class="span3"> <a href="#" class="thumbnail"> <img src="@photo.path" alt=""> </a> </li> } </ul> } and here controller method: public static result getphotos() { return ok(views.html.photo.gallery.render(photo.get())); } and here photo bean : @entity public class photo extends model { @id public long id; @required public string label; public string path; public photo(string path, string label) { this.path = path; this.label = label; } private static finder<long, photo> find = new finder<long, photo>( long.class, photo.class); public static list<phot...
Read more

gmail - Is there any documentation for read-only access to the Google Contacts API? -

i want read-only access user's google contacts. there stackoverflow member wanted this, , received following answer : yes, there is, use https://www.googleapis.com/auth/contacts.readonly scope , "view contacts". this exchange reference read-only access google contacts can find using google. simply using access token obtained attempt read usual google contacts api (i.e. https://www.google.com/m8/feeds ) fails insufficient permissions. similarly, using google contacts api on new target fails 404 errors (for example https://www.googleapis.com/auth/contacts.readonly/default/full ). is there documentation anywhere on how use api, or permissible way access google contacts api full read-write access?
Read more

php - Controller/JToolBar not working in Joomla 2.5 -

relevant code: jtoolbarhelper::custom('savecategories', 'save', '', 'save', false, false); ... <input type="hidden" name="controller" value="easyblogcontroller"> according can dig docs , own previous questions, should call savecategories() function in easyblogcontroller . i've tried setting value easyblog , easyblog.php (file name) current easyblogcontroller (class name). clicking on save button refreshes page. not redirect, echo or var_dump test code put in savecategories() function. var_dump ing jrequest::getvar('controller') , 'task' return correct values. creating controller object , using $controller->execute('task'); works. the values going depend on location of controller trying call, , have couple options here. typically there controller in base folder of component (likely components/com_easyblog) in file called controller.php , class name inside ...
Read more