Ember认证最佳做法？(Ember authentication best practices?)

Ember认证最佳做法？(Ember authentication best practices?)

有没有人在pre4中创建新路由器的身份验证机制？

到目前为止，这里有一些我的想法：

为了将视图（Ember应用程序）与服务器（Rails应用程序）完全分离，我想使用令牌身份验证。 我可能会在Rails服务器上使用Devise。 在Ember应用程序中，我需要类似于before_filter的等效项，我可以检查是否有当前用户，并且该用户是否具有身份验证令牌。 Rails服务器将在每个呼叫中​​返回当前的auth令牌。 如果它返回一个空的认证令牌，Ember应用程序应该检测到这个并转换到未认证的状态，重定向到登录视图。

我怀疑我应该使用一个Ember状态机，但我不知道如何进行。 有人解决了这个问题吗？

Does anyone have experience creating an authentication mechanism with the new router in pre4?

Here are some of my thoughts so far:

In order to completely separate the view (Ember app) from the server (Rails app) I want to use token authentication. I will likely use Devise on the Rails server. I need something like a before_filter equivalent in the Ember app where I can check if there is a current user and if that user has an authentication token set. The Rails server will return the current auth token on every call. If it returns a null auth token the Ember app should detect this and transition to the unauthenticated state, redirecting to the login view.

I suspect I should be using an Ember state machine for this but I'm not sure how to proceed. Anyone tackled this problem yet?

最满意答案

更新：像@DustMason在他的答案中说，查看真实的embercasts认证最佳做法。

客户端认证第一部分 客户端认证第二部分

为了将视图（Ember应用程序）与服务器（Rails应用程序）完全分离，我想使用令牌身份验证。 我可能会在Rails服务器上使用Devise。

说得通。

在Ember应用程序中，我需要类似于before_filter的等效项，我可以检查是否有当前用户，并且该用户是否具有身份验证令牌。

您可以在路由上添加一个enter钩子，大致相当于一个before_filter。 但不能确定这是检查验证令牌的最佳位置。

Rails服务器将在每个呼叫中​​返回当前的auth令牌。

说得通。 我们使用cookie-auth并通过调用/api/me获取当前的用户配置文件，但是应该工作。

如果它返回一个空的认证令牌，Ember应用程序应该检测到这个并转换到未认证的状态，重定向到登录视图。

关于这种方法的是（不像rails），“保护”访问特定的Ember路由并不容易。 无论用户何时可以弹出JS控制台并输入任何他们想要的状态。 所以，而不是认为“用户只能进入这个状态，如果验证”考虑“如果未经身份验证的用户不知何故导航到这条路线”

我怀疑我应该使用一个Ember状态机，但我不知道如何进行。 有人解决了这个问题吗？

我们的认证需求非常简单，所以我们没有发现需要一台状态机。 相反，我们在ApplicationController上有一个isAuthenticated属性。 当用户未通过身份验证时，我们在application.hbs使用此属性替换主视图与登录表单。

{{if isAuthenticated}} {{render "topnav"}} {{outlet}} {{else}} {{render "login"}} {{/if}}

从ApplicationRoute，我们提取用户个人资料：

App.ApplicationRoute = Ember.Route.extend({ model: function() { var profiles; profiles = App.Profile.find({ alias: 'me' }); profiles.on("didLoad", function() { return profiles.resolve(profiles.get("firstObject")); }); return profiles; } });

然后我们的ApplicationController根据返回的配置文件来计算它的isAuthenticated属性。

UPDATE: Like @DustMason says in his answer, check out the awesome embercasts for authentication best-practices.

Client Side Authentication Part I Client Side Authentication Part II

In order to completely separate the view (Ember app) from the server (Rails app) I want to use token authentication. I will likely use Devise on the Rails server.

Makes sense.

I need something like a before_filter equivalent in the Ember app where I can check if there is a current user and if that user has an authentication token set.

You can add an enter hook on routes, this is roughly equivalent to a before_filter. But not sure that's the best place to check for an auth-token.

The Rails server will return the current auth token on every call.

Makes sense. We use cookie-auth and fetch current user profile by calling /api/me but either should work.

If it returns a null auth token the Ember app should detect this and transition to the unauthenticated state, redirecting to the login view.

Thing about this approach is that (unlike rails) it's not easy to "protect" access to a particular ember routes. And no matter what a user can always pop open JS console and enter whatever state they want. So instead of thinking "user can only get into this state if authenticated" consider "what if unauthenticated user somehow navigates to this route"

I suspect I should be using an Ember state machine for this but I'm not sure how to proceed. Anyone tackled this problem yet?

Our auth needs are pretty simple so we've not found the need for a state machine. Instead we have an isAuthenticated property on ApplicationController. We use this property in application.hbs to replace the main view with a login form when a user is not authenticated.

{{if isAuthenticated}} {{render "topnav"}} {{outlet}} {{else}} {{render "login"}} {{/if}}

From ApplicationRoute, we fetch user profile:

App.ApplicationRoute = Ember.Route.extend({ model: function() { var profiles; profiles = App.Profile.find({ alias: 'me' }); profiles.on("didLoad", function() { return profiles.resolve(profiles.get("firstObject")); }); return profiles; } });

Then our ApplicationController computes it's isAuthenticated property based on the profile that was returned.