I want to to decouple some parts in my rather large app and delegate them to an external node app, mainly for uploads but authentication remains a problem.
On the Rails side I'm using Devise, clients and forms will point to this new subdomain where the node app resides.
The node app is using express and I can connect to the shared database through the mysql module.
The idea is to use heroku for the main app, and delegate uploads to a node app running on a EC2 instance. In order to access the app I want to pass authentication informations, given that this endpoint will used by both API clients and web forms.
Devise has support for authentication tokens passed via URL, but I'm wondering what are your solutions.
Well if your subdomains are just 1-dot apart like www.myapp.example and uploads.myapp.example, you can share both the session cookie and the session info in the DB. I would just code the node app to validate the session cookie on every request the same way devise does and you're done. Is the upload subdomain user facing, as in does it render HTML to the browser or have to display a login form? If so, than the shared session table in the DB is probably not the best idea, but if the node.js is just for uploads and can redirect to www.myapp.example when the session is not valid, all should be well. Just make sure you set the domain field of the cookie to .myapp.example.
Related
I have been working on an Angular/Ionic application and am using the OAuth.io plugin to handle a facebook login to gain a user's information. From that I derive a simple database name based on the user's firstname and their Facebook ID number.
What I am wanting to do would be to sync this local pouchDB instance to an online CouchDB instance (currently using http://iriscouch.com) for replication to a desktop app, or something similar. The piece I am missing is how to handle user authentication/authorization to be able to only read and write to their own database and no one else's as all of the code currently lives on the client side with no app server to handle any login aside from the OAuth.io plugin.
Is this possible to handle without adding an app server layer, and without manual intervention to create a user on the CouchDB instance?
Currently you can only do per-user read-write permissions in CouchDB by having an additional process on the server side (details), which would be troublesome for you since you're using IrisCouch, so you'd need a separate server somewhere to host this process.
A few alternative options are available to you right now:
Couchbase, which has per-user databases
Janus, which works using Mozilla Persona rather than Facebook ID, and isn't ready yet, but should be unveiled shortly
I wonder is it possible to get cookies under another domain rather than my current app domain name?
I am building an application which access to another website's api. If the user has already logged in from the other site, my browser will create a cookies under that domain name. For example, user logged in under www.example.com, my browser will store a cookies:
cookies['token'] under www.example.com domain. When user visit my website, www.mywebsite.com, how can I get the cookies under www.example.com in my rails server?
Any help is highly appreciate.
This can be done, but it requires the client, your website, and your other website to all work together. You have a client that knows how to authenticate to site A. It wishes to view site B as the user it knows how to authenticate against site A with. The basic way to accomplish this is to have the client contact site A, authenticate itself, acquire a token from site A that site B can trust, and then hand that token to site B.
Effectively, you want to build a very specific case of OpenID or OAuth. This is certainly possible, but you're going to need to make some changes to www.example.com in order for it to play along. If you're able to do this, great.
Start by reading everything about OAuth. You don't need to use that exactly (although you could), but it will help explain what you need to do: http://hueniverse.com/oauth/
You can share cookies across different subdomains of a domain but you CANNOT share cookies across multiple domain names.
Cookies are stored by the BROWSER and the browser will not allow you to access or store cookies from external domain names. It would be a huge security flaw if browsers did allow you to do this.
You can, however, share session data that is stored on your server between domain names. This may not be completely trivial, but since session information is stored on the SERVER, you can access the information on the server between apps if needed. If your session data is stored in a database, then all that is required is to give database access to both domains. If need be, you could actually open your database to an external domain name and have the external domain directly connect to the database on your server.
I am interested in deploying a Node.js along side my Rails application server. Just as a reference, I plan on using socket.IO to create a chat server, so users will be able to chat inside of my web application.
My current application uses Authlogic to authenticate users. I would like to ensure that only a user cannot read other users' messages, so I will need to authenticate the user session somehow. My Node.js will have access to my database, and I know Rails can store the sessions inside of the database, so I would like to use this feature to authenticate chat users. The problem is, I have no idea how to go about doing that. I'm not even sure what information is present in the session, and I do not know how I can use this information to authenticate a user.
Thanks in advance!
The rails session is tricky to use from other languages: it's just a serialised ruby object and pretty much the only documentation for the marshal format is the implementation/rubyspec.
However authlogic doesn't actually store anything in the session: it has a separate cookie (user_credentials by default, assuming your model is User)
The data in that cookie is "#{user.persistence_token}::#{user.id}", so you should be able to easily verify this from your js code
Ultimately we want single sign-on for two applications, one is a rails app and one .net.
Is there a way login to a rails application using devise and cookie session store, and have a .net read this cookie to determine what user is logged in? We are open to switching session stores if that would help.
We would like to keep all auth in Rails, but use the cookie session to allow or deny access to .net application.
Yes, you definitely can do this.
If the session is stored solely in cookies then all you need to do is parse the cookies like rails does. Take a look at ActionDispatch::Request::Cookies to get a better feel for how rails uses cookies.
If on the other hand you store the session in Memcache, Redis, Mysql (or any other external store) you can get the session id from the cookie then look it up in the external store. This is probably easier and slightly more DRY.
As long as you have access to the session cookies you should be able to mirror the Rails session manipulation code in your .NET application and "share" session. I encourage you to start by reading deeper into how Rails handles session.
I have been trying to figure out how to integrate a node.js app into a rails app and having them share sessions. I've so far only been able to dig up sharing sessions between sinatra and ruby on rails via rack middleware. Is it possible to to do this?
I thought of a workaround involving the ror implementing a rest service that "poops" out a guid that node.js can use to create its own session. This solution however requires having model validations ad such stored in two seperate apps.
just wondering if there was a way to integrate them.
and while using a js based webframework like geddy or express is cool, I have alot of existing rails code and 3rd party libraries such as active merchant that I would have to reinvent.
how about using something like memcached to share a validation mechanism, for example set a session in rails and for every message to the nodeJs server a token is given, nodeJs checks on memcached if the token exists and grants or denies based on that. You would of course add the record on memcached from the rails app
Isn't that the same as sharing authentication between two different domains like openid, facebook connect, twitter sign-in.
from rails site do an openid like redirect to node.js with the authentication information encrypted inside the url and vica versa?
I am wondering if it is not possible to use Custom OAuth Provider Strategy from connect-auth and vica versa because connect-auth is "Authentication middleware for connect". I haven't figured the complete details out, but this might be an option?