大佬教程收集整理的这篇文章主要介绍了ruby-on-rails – 使用设计安全存储,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
假设所有用户一旦到达应用程序就必须进行身份验证:
class ApplicationController < ActionController::Base before_action :authenticate_user! ... end
如何保护Active Storage生成的路由?
要点:您需要覆盖重定向控制器.
docs for activestorage/app/controllers/active_storage/blobs_controller.rb说:
此外,如果您计划使用预览docs for activestorage/app/models/active_storage/blob/representable.rb说
您也可以在this rails github issue找到一些相关信息
更新:
这是一个最小的例子,“应该”用于防止在使用设计gem时未经授权访问重定向.
如果记录了用户将被重定向到的URL如何被保护,我猜是另一个故事.默认情况下,它们会在5分钟后过期,但可以将其设置为较短的时间段,例如10秒(如果您使用expires_in 10.seconds替换下面示例中的第6行)
使用以下代码创建文件app / controllers / active_storage / blobs_controller.rb:
class ActiveStorage::BlobsController < ActiveStorage::BaseController
before_action :authenticate_user!
include ActiveStorage::SetBlob
def show
expires_in ActiveStorage::Blob.service.url_expires_in
redirect_to @blob.service_url(disposition: params[:disposition])
end
end
请注意,original code唯一改变的是添加了第二行
before_action :authenticate_user!
更新2:
以下是您可以在ActiveStorage :: RepresentationsController和ActiveStorage :: BlobsController中包含的问题,以便为ActiveStorage启用设计身份验证
见gist是在https://gist.github.com/dommmel/4e41b204b97238e9aaf35939ae8e1666也包括在这里:
# Rails controller concern to enable Devise authentication for ActiveStorage. # Put it in +app/controllers/concerns/blob_authenticatable.rb+ and include it when overriding # +ActiveStorage::BlobsController+ and +ActiveStorage::representationsController+. # # Optional configuration: # # Set the model that includes devise's database_authenticatable. # Defaults to Devise.default_scope which defaults to the first # devise role declared in your routes (usually :user) # # blob_authenticatable resource: :admin # # To specify how to determine if the current_user is allowed to access the # blob,override the can_access_blob? method # # Minimal example: # # class ActiveStorage::BlobsController < ActiveStorage::BaseController # include ActiveStorage::SetBlob # include AdminOrUserAuthenticatable # # def show # expires_in ActiveStorage::Blob.service.url_expires_in # redirect_to @blob.service_url(disposition: params[:disposition]) # end # end # # Complete example: # # class ActiveStorage::representationsController < ActiveStorage::BaseController # include ActiveStorage::SetBlob # include AdminOrUserAuthenticatable # # blob_authenticatable resource: :admin # # def show # expires_in ActiveStorage::Blob.service.url_expires_in # redirect_to @blob.representation(params[:variation_key]).processed.service_url(disposition: params[:disposition]) # end # # private # # def can_access_blob?(current_user) # @blob.attachments.map(&:record).all? { |record| record.user == current_user } # end # end module BlobAuthenticatable extend ActiveSupport::Concern included do around_action :wrap_in_authentication end module ClassMethods def auth_resource @auth_resource || Devise.default_scope end private def blob_authenticatable(resource:) @auth_resource = resource end end private def wrap_in_authentication is_signed_in_and_authorized = send("#{self.class.auth_resourcE}_signed_in?") \ & can_access_blob?(send("current_#{self.class.auth_resourcE}")) if is_signed_in_and_authorized yield else head :unauthorized end end def can_access_blob?(_user) true end end
以上是大佬教程为你收集整理的ruby-on-rails – 使用设计安全存储全部内容,希望文章能够帮你解决ruby-on-rails – 使用设计安全存储所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。