当前位置: 文江博客话题详情

Rack::Auth 与基本 HTTP 身份验证相同吗?

发布于 2024-12-02 01:41:00 字数 665 浏览 1 评论 0原文

我使用以下代码限制对 Sinatra 应用程序设置页面的访问,代码来自 Sinatra 文档< /a>.

helpers do 
  def protected!
    unless authorized?
      response['WWW-Authenticate'] = %(Basic realm="Access restricted")
      throw(:halt, [401, "Login incorrect\n"])
    end
  end

  def authorized?
    @auth ||=  Rack::Auth::Basic::Request.new(request.env)
    @auth.provided? && @auth.basic? && @auth.credentials && @auth.credentials == ['admin', 'admin']
  end
end

before "/admin" do
  protected!
end

Rack::Auth 与 .htaccess 基本身份验证相同吗?

我还可以或应该做些什么来确保它的安全吗?

原文

I'm restricting access to the settings page of my Sinatra app with the following code, from the Sinatra docs.

helpers do 
  def protected!
    unless authorized?
      response['WWW-Authenticate'] = %(Basic realm="Access restricted")
      throw(:halt, [401, "Login incorrect\n"])
    end
  end

  def authorized?
    @auth ||=  Rack::Auth::Basic::Request.new(request.env)
    @auth.provided? && @auth.basic? && @auth.credentials && @auth.credentials == ['admin', 'admin']
  end
end

before "/admin" do
  protected!
end

Is Rack::Auth identical to .htaccess basic auth?

Is there anything else I could or should do to secure it?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

小红帽 2024-12-09 01:41:00

是的,是一样的。您可以使用摘要式身份验证,或者如果您想坚持使用基本身份验证,您可以确保它使用 SSL。

基本和摘要示例:

https://github.com/ sinatra/sinatra-book-contrib/blob/master/middleware/rack_auth_basic_and_digest.md

HTTPS 与基本示例应用程序:

./config.ru

require 'rubygems'
require 'sinatra'
require 'haml'

require './app'

run App

./app.rb

class App < Sinatra::Application

  configure do
    set :haml, :format => :html5
    set :root, File.dirname(__FILE__)
    # more config stuff, db, mailers, file storage etc...
  end

end

# HELPERS
require 'helpers/helpers'

# CONTROLLER
require 'controller/admin'

./helpers/helpers.rb

module Sinatra
  module RegexpRouteFilter
    def before_with_regexp(pattern, &blk)
      before do
        instance_eval(&blk) if request.path =~ pattern
      end
    end
  end

  register RegexpRouteFilter
end

class App < Sinatra::Application
  helpers do
    def protected!
      unless authorized?
        response['WWW-Authenticate'] = %(Basic realm="Testing HTTP Auth")
        throw(:halt, [401, "Not authorized\n"])
      end
    end

    def authorized?
      @auth ||=  Rack::Auth::Basic::Request.new(request.env)
      @auth.provided? && @auth.basic? && @auth.credentials && @auth.credentials == ['user', 'pass']
    end
  end

  before_with_regexp(/^\/admin/) do
    if settings.environment == :production
      unless (@env['HTTP_X_FORWARDED_PROTO'] || @env['rack.url_scheme']) == 'https'
        redirect "https://#{request.env['HTTP_HOST']}#{request.env["REQUEST_PATH"]}"
      end
    end
    protected!
  end
end

./controller/admin.rb

class App < Sinatra::Application

  get '/admin' do
    haml :"admin/index"
  end

end

./views/admin/index.haml

%h1 Admin
%p Welcome!

然后使用 霰弹枪宝石 shotgun config.ru -p 4567

Yes it's the same. You could use Digest auth or if you want to stick with Basic you could make sure it uses SSL.

Basic and Digest example:

https://github.com/sinatra/sinatra-book-contrib/blob/master/middleware/rack_auth_basic_and_digest.md

HTTPS with Basic example app:

./config.ru

require 'rubygems'
require 'sinatra'
require 'haml'

require './app'

run App

./app.rb

class App < Sinatra::Application

  configure do
    set :haml, :format => :html5
    set :root, File.dirname(__FILE__)
    # more config stuff, db, mailers, file storage etc...
  end

end

# HELPERS
require 'helpers/helpers'

# CONTROLLER
require 'controller/admin'

./helpers/helpers.rb

module Sinatra
  module RegexpRouteFilter
    def before_with_regexp(pattern, &blk)
      before do
        instance_eval(&blk) if request.path =~ pattern
      end
    end
  end

  register RegexpRouteFilter
end

class App < Sinatra::Application
  helpers do
    def protected!
      unless authorized?
        response['WWW-Authenticate'] = %(Basic realm="Testing HTTP Auth")
        throw(:halt, [401, "Not authorized\n"])
      end
    end

    def authorized?
      @auth ||=  Rack::Auth::Basic::Request.new(request.env)
      @auth.provided? && @auth.basic? && @auth.credentials && @auth.credentials == ['user', 'pass']
    end
  end

  before_with_regexp(/^\/admin/) do
    if settings.environment == :production
      unless (@env['HTTP_X_FORWARDED_PROTO'] || @env['rack.url_scheme']) == 'https'
        redirect "https://#{request.env['HTTP_HOST']}#{request.env["REQUEST_PATH"]}"
      end
    end
    protected!
  end
end

./controller/admin.rb

class App < Sinatra::Application

  get '/admin' do
    haml :"admin/index"
  end

end

./views/admin/index.haml

%h1 Admin
%p Welcome!

Then run the app with the shotgun gem shotgun config.ru -p 4567

回复 原文
~没有更多了~

关于作者

酷炫老祖宗

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

胡图图

文章 0 评论 0

zt006

文章 0 评论 0

z祗昰~

文章 0 评论 0

冰葑

文章 0 评论 0

野の

文章 0 评论 0

天空

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文