-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathruby-warden.html
More file actions
354 lines (257 loc) · 16.5 KB
/
ruby-warden.html
File metadata and controls
354 lines (257 loc) · 16.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
<!DOCTYPE html>
<html>
<head>
<!-- Document Settings -->
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<!-- Page Meta -->
<title>Ruby Warden</title>
<meta name="description" content="学习的一些记录" />
<!-- Mobile Meta -->
<meta name="HandheldFriendly" content="True" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<!-- Brand icon -->
<link rel="shortcut icon" href="/assets/images/favicon.ico" >
<!-- Styles'n'Scripts -->
<link rel="stylesheet" type="text/css" href="/assets/css/screen.css" />
<link rel="stylesheet" type="text/css" href="//fonts.googleapis.com/css?family=Merriweather:300,700,700italic,300italic|Open+Sans:700,400" />
<link rel="stylesheet" type="text/css" href="/assets/css/syntax.css" />
<!-- highlight.js -->
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/default.min.css">
<style>.hljs { background: none; }</style>
<!-- Ghost outputs important style and meta data with this tag -->
<link rel="canonical" href="http://localhost:4000//ruby-warden" />
<meta name="referrer" content="origin" />
<link rel="next" href="/page2/" />
<meta property="og:site_name" content="Thinking" />
<meta property="og:type" content="website" />
<meta property="og:title" content="Ruby Warden" />
<meta property="og:description" content="学习的一些记录" />
<meta property="og:url" content="http://localhost:4000//ruby-warden" />
<meta property="og:image" content="/assets/images/cover3.jpg" />
<meta name="twitter:card" content="summary_large_image" />
<meta name="twitter:title" content="Ruby Warden" />
<meta name="twitter:description" content="学习的一些记录" />
<meta name="twitter:url" content="http://localhost:4000//ruby-warden" />
<meta name="twitter:image:src" content="/assets/images/cover3.jpg" />
<script type="application/ld+json">
{
"@context": "http://schema.org",
"@type": "Website",
"publisher": "Thinking",
"name": "Ruby Warden",
"url": "http://localhost:4000//ruby-warden",
"image": "/assets/images/cover3.jpg",
"description": "学习的一些记录"
}
</script>
<meta name="generator" content="Jekyll 3.0.0" />
<link rel="alternate" type="application/rss+xml" title="Thinking" href="/feed.xml" />
</head>
<body class="home-template nav-closed">
<!-- The blog navigation links -->
<div class="nav">
<h3 class="nav-title">Menu</h3>
<a href="#" class="nav-close">
<span class="hidden">Close</span>
</a>
<ul>
<li class="nav-home " role="presentation"><a href="/">Home</a></li>
<li class="nav-about " role="presentation"><a href="/about">About</a></li>
<li class="nav-fables " role="presentation"><a href="/tag/fables">Fables</a></li>
<li class="nav-speeches " role="presentation"><a href="/tag/speeches">Speeches</a></li>
<li class="nav-fiction " role="presentation"><a href="/tag/fiction">Fiction</a></li>
<li class="nav-author " role="presentation"><a href="/author/casper">Casper</a></li>
<li class="nav-author " role="presentation"><a href="/author/edgar">Edgar</a></li>
<li class="nav-author " role="presentation"><a href="/author/abraham">Abraham</a></li>
<li class="nav-author " role="presentation"><a href="/author/martin">Martin</a></li>
<li class="nav-author " role="presentation"><a href="/author/lewis">Lewis</a></li>
</ul>
<a class="subscribe-button icon-feed" href="/feed.xml">Subscribe</a>
</div>
<span class="nav-cover"></span>
<div class="site-wrapper">
<!-- All the main content gets inserted here, index.hbs, post.hbs, etc -->
<!-- default -->
<!-- The comment above "< default" means - insert everything in this file into -->
<!-- the [body] of the default.hbs template, which contains our header/footer. -->
<!-- Everything inside the #post tags pulls data from the post -->
<!-- #post -->
<header class="main-header post-head " style="background-image: url(/assets/images/cover3.jpg) ">
<nav class="main-nav overlay clearfix">
<a class="blog-logo" href="/"><img src="/assets/images/ghost.png" alt="Blog Logo" /></a>
<a class="menu-button icon-menu" href="#"><span class="word">Menu</span></a>
</nav>
</header>
<main class="content" role="main">
<article class="post tag-test tag-content">
<header class="post-header">
<h1 class="post-title">Ruby Warden</h1>
<section class="post-meta">
<!-- <a href='/'></a> -->
<time class="post-date" datetime="2019-04-13">13 Apr 2019</time>
<!-- [[tags prefix=" on "]] -->
on
<a href='/tag/ruby'>Ruby</a>,
<a href='/tag/warden'>Warden</a>
</section>
</header>
<section class="post-content">
<p>目前项目遇到个需求,一期用devise做登陆的后台,在做二期的时候需要可以通过一期的cookie,带到用api(grape)做鉴权的子系统中去。这时候需要做的是保证在子系统中能把cookie正确解析出来,而且需要验证解析出来的cookie的信息是否是正确的,这时就需要了解devise依赖的warden是怎么设置用户鉴权cookie值的。周末有时间了解了一下devise和warden实现的细节问题,记录一下这个过程。</p>
<h3 id="基本知识">基本知识</h3>
<p>每个用户访问网站时一般都会有独立的cookie值记录一些信息,cookie可能有多个键值对,可以用一个值来存储后端需要记录当前用户的一些信息(在后端表示的是session,当前情况是session保存到cookie中,当然也可以保存到redis等缓存服务器中)。这个值是后端生成的,然后作为response的header,放到Set-Cookie字段中返回给浏览器,浏览器会把这个值保存到cookie中。然后下次浏览器请求服务器的时候,服务器会解析那串字符串,然后把信息解析出来放到session对象中,这时session中就有之前设置的信息了。</p>
<p>同理,一般我们做用户登陆授权验证,如果不用devise,我们一般是直接把用户的id记录在session里面,记录用户的一次会话是否登录,避免后续的请求也需要输入密码验证用户的身份。利用的原理类似上面所述。其实warden也是做了类似的处理,也是把一些验证数据放到session中去,只不过devise把用户的id和加密密码前30位组成的数组作为value值。然后在浏览器访问服务器时,把那串cookie解析出来。解析出来的数据就是类似[id, authenticatable_salt]这种形式,然后对比是否匹配就可以了。</p>
<h3 id="实现">实现</h3>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code># ~/.rvm/gems/ruby-2.4.3/gems/devise-4.6.1/lib/devise/rails.rb
config.app_middleware.use Warden::Manager do |config|
Devise.warden_config = config
end
# ~/.rvm/gems/ruby-2.4.3/gems/warden-1.2.8/lib/warden/config.rb
def initialize(app, options={})
default_strategies = options.delete(:default_strategies)
@app, @config = app, Warden::Config.new(options)
@config.default_strategies(*default_strategies) if default_strategies
yield @config if block_given? # @config 注入到上面的块中作为参数,供devise调用
end
</code></pre></div></div>
<p>Warden是一个Rack Middleware,middleware初始化的时候会把一些config的一些东西作为块的参数,供外部的接口调用。</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code># /Users/Cain/.rvm/gems/ruby-2.4.3/gems/warden-1.2.8/lib/warden/config.rb
def serialize_into_session(*args, &block)
Warden::Manager.serialize_into_session(*args, &block)
end
# ~/.rvm/gems/ruby-2.4.3/gems/warden-1.2.8/lib/warden/manager.rb
def serialize_into_session(scope = nil, &block)
method_name = scope.nil? ? :serialize : "#{scope}_serialize"
Warden::SessionSerializer.send :define_method, method_name, &block
end
</code></pre></div></div>
<p>在Warden::Config中定义的<code class="highlighter-rouge">serialize_into_session</code>方法可以把需要用来标识用户身份的信息系列化到cookie中,这是向外提供的一个接口,供外面去调用。做的事是在<code class="highlighter-rouge">Warden::SessionSerializer</code>中定义一个<code class="highlighter-rouge">#{scope}_serialize</code>的实例方法。在后面存储session时,会调用这个方法去求session的值,方法体就是我们在外部定义的块。在devise中定义的规则如下:</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code># ~/.rvm/gems/ruby-2.4.3/gems/devise-4.6.1/lib/devise/rails.rb
warden_config.serialize_into_session(mapping.name) do |record|
mapping.to.serialize_into_session(record) # serialize_into_session调用的是下面的方法
end
# ~/.rvm/gems/ruby-2.4.3/gems/devise-4.6.1/lib/devise/models/authenticatable.rb
def serialize_into_session(record)
[record.to_key, record.authenticatable_salt]
end
</code></pre></div></div>
<p>config中还有一个类似的方法<code class="highlighter-rouge">serialize_from_session</code>,作用和上面类似。只不过这个方法是从session中读取出用户信息的。</p>
<p>知道了初始化时上面两个方法的作用,那warden是如何具体验证用户信息和保存用户信息的呢?其中就用到了叫strategies的东西,那个东西是外部提供给warden,然后warden在需要的时候会用那些strategies去验证用户是否有效,如果有效就调用<code class="highlighter-rouge">success!(resource)</code>这个方法。如用密码登陆用户时,devise是这样做的:</p>
<p>在devise的<code class="highlighter-rouge">Devise::SessionsController#create</code>中调用 <code class="highlighter-rouge">warden.authenticate!(auth_options)</code>去验证用户的有效性。</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code># ~/.rvm/gems/ruby-2.4.3/gems/warden-1.2.8/lib/warden/proxy.rb
def authenticate!(*args)
user, opts = _perform_authentication(*args)
throw(:warden, opts) unless user
user
end
def _perform_authentication(*args)
...
return user, opts if user = user(opts.merge(:scope => scope)) # 这一步为了检验session中是否有用户信息了,有了就直接返回用户信息
_run_strategies_for(scope, args)
if winning_strategy && winning_strategy.successful?
opts[:store] = opts.fetch(:store, winning_strategy.store?)
set_user(winning_strategy.user, opts.merge!(:event => :authentication))
end
[@users[scope], opts]
end
def _run_strategies_for(scope, args) #:nodoc:
...
(strategies || args).each do |name|
strategy = _fetch_strategy(name, scope)
next unless strategy && !strategy.performed? && strategy.valid?
strategy._run!
self.winning_strategy = @winning_strategies[scope] = strategy
break if strategy.halted?
end
end
</code></pre></div></div>
<p><code class="highlighter-rouge">_run_strategies_for</code>方法中的<code class="highlighter-rouge">valid?</code>和<code class="highlighter-rouge">strategy._run!</code>方法会执行到我们定义在strategy中的valid?和authenticate!方法,在devise中默认会定义好两个strategies,一个是database_authenticatable,一个是rememberable,第一个strategie是为了用密码去验证用户登录是否有效了,第二个是用来记住用户密码时候生成的一个token,保存在浏览器,过期时间比较长,这样在登录授权的那个cookie过期后,还可以用那个token去验证用户的身份。</p>
<p>在 <code class="highlighter-rouge">_perform_authentication</code> 方法中,如果strategy执行成功了,则会执行<code class="highlighter-rouge">set_user</code>方法</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code># ~/.rvm/gems/ruby-2.4.3/gems/warden-1.2.8/lib/warden/proxy.rb
def set_user(user, opts = {})
...
if opts[:store] != false && opts[:event] != :fetch
options = env[ENV_SESSION_OPTIONS]
if options
if options.frozen?
env[ENV_SESSION_OPTIONS] = options.merge(:renew => true).freeze
else
options[:renew] = true
end
end
session_serializer.store(user, scope)
end
...
@users[scope]
end
# ~/.rvm/gems/ruby-2.4.3/gems/warden-1.2.8/lib/warden/session_serializer.rb
def store(user, scope)
return unless user
method_name = "#{scope}_serialize"
specialized = respond_to?(method_name)
session[key_for(scope)] = specialized ? send(method_name, user) : serialize(user)
end
</code></pre></div></div>
<p>上面的<code class="highlighter-rouge">send(method_name, user)</code>方法就是调用到了上面说的<code class="highlighter-rouge">Warden::SessionSerializer</code>中定义的一个<code class="highlighter-rouge">#{scope}_serialize</code>的实例方法,这里把系列化的信息存到session去了。</p>
<p>存储后每次要验证cookie中用户身份的有效性,则通过调用fetch方法去获取cookie中存储的用户信息。</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>def fetch(scope)
key = session[key_for(scope)]
return nil unless key
method_name = "#{scope}_deserialize"
user = respond_to?(method_name) ? send(method_name, key) : deserialize(key)
delete(scope) unless user
user
end
</code></pre></div></div>
<p>到这里基本的逻辑就比较清楚了,Warden提供一个接口,让用户自定义验证,用什么方式(authenticate!方法),保存到session中的值是什么,读取cookie中的系列值应该怎么去验证是否有效这一些列的要素。然后在Warden内部负责把那些东西设置好,session设置的key,还有需要验证的步骤有哪些。</p>
</section>
</article>
</main>
<aside class="read-next">
<!-- [[! next_post ]] -->
<a class="read-next-story " style="background-image: url(/assets/images/cover3.jpg)" href="/rails-cookie-session">
<section class="post">
<h2>Rails Cookie Session</h2>
<p></p>
</section>
</a>
<!-- [[! /next_post ]] -->
<!-- [[! prev_post ]] -->
<a class="read-next-story prev " style="background-image: url(/assets/images/cover3.jpg)" href="/ruby-cancancan">
<section class="post">
<h2>Cancancan 的实现原理</h2>
<p></p>
</section>
</a>
<!-- [[! /prev_post ]] -->
</aside>
<!-- /post -->
<!-- The tiny footer at the very bottom -->
<footer class="site-footer clearfix">
<section class="copyright"><a href="/">Thinking</a> © 2020</section>
<section class="poweredby">Proudly published with <a href="https://jekyllrb.com/">Jekyll</a> using <a href="https://github.com/jekyller/jasper">Jasper</a></section>
</footer>
</div>
<!-- highlight.js -->
<script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/highlight.min.js"></script>
<script>hljs.initHighlightingOnLoad();</script>
<!-- jQuery needs to come before `` so that jQuery can be used in code injection -->
<script type="text/javascript" src="//code.jquery.com/jquery-1.12.0.min.js"></script>
<!-- Ghost outputs important scripts and data with this tag -->
<!-- -->
<!-- Add Google Analytics -->
<!-- Google Analytics Tracking code -->
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-69281367-1', 'auto');
ga('send', 'pageview');
</script>
<!-- Fitvids makes video embeds responsive and awesome -->
<script type="text/javascript" src="/assets/js/jquery.fitvids.js"></script>
<!-- The main JavaScript file for Casper -->
<script type="text/javascript" src="/assets/js/index.js"></script>
</body>
</html>