Comments (11)
Should also be able to use authenticated
and unauthenticated
as a block to require authentication, e.g.
class MyAPI < Grape::API
auth { something }
authenticated do
get '/me' do
current_user
end
end
end
from grape.
+1
from grape.
Is anybody working on this now?
from grape.
+1 this is exactly what I need.
from grape.
+1 this would be very helpful.
from grape.
+1
from grape.
+1 yes, please
from grape.
Hi, I want to implement this very old
feature, here is what I want at first (as @mbleigh said):
auth { return a user}
resource :post, auth: true do
get :id, auth: false do
end
end
post :something, auth: true do
end
and provide the current_user help method (later this can be configed).
Because the auth method name was already taken, so I should find another name for it.
Just like devise, which provide authenticate & authenticate! method, still thinking how to implements this on the options way. maybe make the auth accept true, false and :optional.
I want to implement the block authenticate way later because if using with namespace ,there will be more block.
class API < Grape::API
authenticate do
resource :post do
get :id do
end
end
end
end
any suggestion?
from grape.
Maybe a clearer name could be protect do
, because there's a combination of authenticate
and authorize
that's going to be going on most likely.
from grape.
Hi, I started working on this yesterday.
the current DSL is like this:
protection do
# this method should return a user or nil,
# the return value will set to ['api.current_user'] and access by current_user
# it can access params and headers
end
post :post, protect: true do
end
I implement this by adding a middleware , but found the params and headers methods of Endpoint are only available after building middleware . so maybe I should change Protection to a simple class, add the protection call to
Endpoint #run just like the validation ?
and about eval the protection block, I'm using Protection#instance_eval
, so I can add some help methods like http_basic
that can be used in the block, but this need to delegate some methods to the endpoint, like params
, headers
, cookies
.
If using Endpoint#instance_eval
, there will be lack of adding custom help methods.
from grape.
We now have pretty extensive support for custom auth middleware, see https://github.com/intridea/grape#authentication. I am going to make an executive decision by saying that any protection (aka authorization) implementation that decorates individual APIs in a way that says, for example, "this API requires admin privileges", aka role-based auth, should be delegated into a separate gem.
from grape.
Related Issues (20)
- Ruby 3.3 && cookiejar = ArgumentError HOT 1
- Use Rack's HeadersHash instead of {}
- endpoint method_missing vs override inspect HOT 2
- Values Validator => Proc's arity < 2 ? HOT 3
- Rails Edge requires Ruby >= 3.1
- Fix specs for Rack Edge
- Fix `params` warning method redefined
- Better tracking of gems deprecation
- Rack::Lint::Error => a header value must be a String or Array of Strings, but the value of 'content-type' is a NilClass HOT 2
- Recognize_path should account for HTTP method HOT 1
- Grape and Protecting Against Mass Assignment Abuse HOT 8
- Why do you convert PATH_INFO? Is there some RFC? HOT 2
- Add support for exclusive parameter groups (e.g. exactly_one_of) HOT 2
- Drop support rack ~> 1 ? HOT 2
- Replace Appraisals by eval_gemfile ? HOT 3
- DeprecatedConstantProxy without a deprecator is deprecated HOT 1
- Investigation memory allocations HOT 1
- Add a memory usage check
- Dropping builder as dependency ? HOT 1
- Introduce standard gem ? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from grape.