Rails 3 提供了 match
方法供我们自定义 routes,然而我们要小心使用它以避免“跨站脚本攻击”(XSS Attack)。比如像这样的 routes:
注:(r3 代表 Rails 3,r4 代表 Rails 4)
# routes.rb
require 'gollum/frontend/app' | |
require 'digest/sha1' | |
class App < Precious::App | |
User = Struct.new(:name, :email, :password_hash, :can_write) | |
before { authenticate! } | |
before /^\/(edit|create|delete|livepreview|revert)/ do authorize_write! ; end | |
helpers do |
class ListsController < ApplicationController | |
before_filter :authenticate, :except => :public | |
caches_page :public | |
caches_action :index, :if => proc do | |
!request.format.json? # cache if is not a JSON request | |
end | |
caches_action :show, :cache_path => { :project => 1 }, |
#Session controller provides a token | |
#/controllers/api/sessions_controller.rb | |
class Api::SessionsController < Devise::SessionsController | |
before_filter :authenticate_user!, :except => [:create] | |
before_filter :ensure_params_exist, :except => [:destroy] | |
respond_to :json | |
def create | |
resource = User.find_for_database_authentication(:email => params[:user_login][:email]) | |
return invalid_login_attempt unless resource |
# Douban OAuth认证包括以下四步内容 | |
# 1. 获取Request Token | |
# 2. 用户确认授权 | |
# 3. 换取Access Token | |
# 4. 访问受限资源 | |
require "rubygems" | |
gem 'oauth','0.4.3' | |
require 'oauth' |
# using rvm with ruby-1.8.7-p249 | |
# latest version 2.7.7 2010-06-17 | |
brew install libxml2 | |
brew link libxml2 | |
# latest version 1.13.1 | |
brew install libiconv | |
brew link libiconv |