So I'm making a rails app that also utilizes node.js for realtime features. What is the best way to authenticate the users on the node app, if they were created with devise on rails? I've been thinking about saving the session id in the db, and then validating with that, or maybe displaying the user id in the page and then sending that to the node app when they connect. Or maybe something else entirely would be best. I'm using mongoose for my node orm and mongoid for ruby.
Storing the session id in your database is a valid approach, I do that in my own applications.
Related
I'm new to developing Ruby On Rails but have started creating a website for a mobile application that my friends are making. They are storing all of the data (Usernames, photos, posts...) on firebase (firebase.com) so we can all access it.
In broad terms I'm trying to figure out how to implement a lot of this with Ruby On Rails. Looking at most tutorials for rails, it seems like they assume the website has its own database. For instance when a user signs in, I use the user model to save the name, email and password. However this saves it to the rails database and not to firebase where all of the current usernames and passwords are stored. Should I ignore the standard rails method for user authentication and just sign the user into firebase or should I save this data to the rails database. If so, how to I keep that database in sync with firebase?
Hi I'm currently working in this application that consumes some API to retrieve and send all the information, the API manage the database and in my side (Rails app) there is no database.
I was told to use redis to store the sessions so here I am working with redis and no databases, my models don't use ARecord nor AResource. With this in mind I'm working in a logout method but since I don't have any database I'm not sure of what is the approach I should take to handle this because the session is stored in redis and I don't know the keys of the session and also I don't know how to link that session with the user logged I have no idea of how to delete this session.
I'm open to suggestions but it has to be a redis kind of solution, there is any authentification for rails working with redis out there?
Have a look at https://github.com/jodosha/redis-store.
Redis Store provides a full set of stores (Cache, I18n, Session, HTTP Cache) for all the modern Ruby frameworks like: Ruby on Rails, Sinatra, Rack, Rack::Cache and I18n. It natively supports object marshalling, timeouts, single or multiple nodes and namespaces.
I am interested in deploying a Node.js along side my Rails application server. Just as a reference, I plan on using socket.IO to create a chat server, so users will be able to chat inside of my web application.
My current application uses Authlogic to authenticate users. I would like to ensure that only a user cannot read other users' messages, so I will need to authenticate the user session somehow. My Node.js will have access to my database, and I know Rails can store the sessions inside of the database, so I would like to use this feature to authenticate chat users. The problem is, I have no idea how to go about doing that. I'm not even sure what information is present in the session, and I do not know how I can use this information to authenticate a user.
Thanks in advance!
The rails session is tricky to use from other languages: it's just a serialised ruby object and pretty much the only documentation for the marshal format is the implementation/rubyspec.
However authlogic doesn't actually store anything in the session: it has a separate cookie (user_credentials by default, assuming your model is User)
The data in that cookie is "#{user.persistence_token}::#{user.id}", so you should be able to easily verify this from your js code
I'm current designing a Rails application that uses a form for user login, then persists session information in a cookie. However, I plan on a bulk of the interaction with the Rails application to be via a mobile app instead of a web browser.
What is the best way to accomplish user auth? I suppose I could save a cookie with my app. Or perhaps authenticate with every request. Perhaps there's a gem for this?
Check out the Devise gem.
It's REALLY good, supported by people that really know about Rails, and I guess I could say it's become the "industry standard" for these matters.
Devise on GitHub
I have an app that is mostly in rails but also uses nodejs for some realtime features, for example, chat. Users log in via Rails and get assigned a session, etc as usual. However, what's the best way to authenticate with nodejs as that same user? For example I would like to prevent users from impersonating one another but login is done on rails right now and messaging is done on nodejs. Rails and nodejs both have access to the same database.
I am using devise and socketio if that matters.
There's a number of ways implementation wise that you could tackle this. The one that jumps to mind is to share the session cookie that devise uses with nodejs via the database.
IIRC devise creates an encrypted session cookie during authentication; save this value temporarily to your database, and let nodejs pop it off the database for its authentication. There's likely some difficulty in accomplishing this (porting some of the devise encryption to nodejs, and the like) but if you're doing a rails/nodejs app, I'm pretty sure you're capable of handling it. :D
The benefit here is that a user can't get between the hand-off to accomplish impersonation.
You could always generate a one-time token for any user passed between rails and node. Much, much easier than re-implementing (and maintaining) the crypto strategy used by devise and rails.
That said, sharing sessions between servers creates a lot of extra work for you and effectively doubles your bug surface area (schema, validations, etc.)
Faye is an awesome project which handles this exact use case, so it's probably worth a look :) http://faye.jcoglan.com/