設計和簡單令牌驗證的子域身份驗證

Question

我很難搞清楚如何正確子域我的API。我希望它住在api.mydomain.com。我在我的hosts文件中添加了127.0.0.1 api.mydomain.com。 我一直堅持如何構建身份驗證模塊，以及如何真正實現身份驗證。我使用Devise與Simple Token Authentication寶石。

我的控制器的文件夾結構如下：

├── controllers 
   ├── api 
   │   ├── api_controller.rb 
   │   └── v1 
   │    ├── emails_controller.rb 
   │    ├── entries_controller.rb 
   │    ├── exception_controller.rb 
   │    ├── registrations_controller.rb 
   │    ├── sessions_controller.rb 
   │    └── timelines_controller.rb 
   ├── application_controller.rb 
   ├── concerns 

我的路線方案：

namespace :api, path: '/', constraints: {subdomain: 'api'} do 
     namespace :v1 do 
     devise_for :users, :skip => [:sessions, :registrations, :passwords] 

     devise_scope :user do 
      post 'login' => 'sessions#create', :as => :login 
      delete 'logout' => 'sessions#destroy', :as => :logout 
      post 'register' => 'registrations#create', :as => :register 
      delete 'delete_account' => 'registrations#destroy', :as => :delete_account 
     end 

     resources :timelines do 
      resources :entries 
     end 
    end 
    end 

我自SessionsController被定義爲：

class API::V1::SessionsController < Devise::SessionsController 
    ... 
end 

，所以是我的自定義註冊控制器。 但運行我的測試時：

it 'creates a new user with correct credentials' do 
      post 'http://api.mydomain.com:3000/v1/register', format: :json, :user => {email: 'user@test.com', password: 'TestPass123', password_confirmation: 'TestPass123', username: 'testuser'} 

      ... 
end 

我得到以下錯誤：

Failure/Error: post 'http://api.mydomain.com:3000/v1/register', format: :json, :user => {email: 'user@test.com', password: 'TestPass123', password_confirmation: 'TestPass123', username: 'testuser'} 
AbstractController::ActionNotFound: 
    Could not find devise mapping for path "/v1/register". 
    This may happen for two reasons: 

    1) You forgot to wrap your route inside the scope block. For example: 

    devise_scope :user do 
     get "/some/route" => "some_devise_controller" 
    end 

    2) You are testing a Devise controller bypassing the router. 
     If so, you can explicitly tell Devise which mapping to use: 

     @request.env["devise.mapping"] = Devise.mappings[:user] 

難道我連這樣的權利？你應該認證版本嗎？對不同解決方案的建議更是值得歡迎。

Answer 1

原來，這條線

devise_for :users, :skip => [:sessions, :registrations, :passwords]

需要是命名空間塊等這樣的外部：

devise_for :users, :skip => [:sessions, :registrations, :passwords] 
    constraints subdomain: 'api' do 
    namespace :api, path: '/', defaults: { format: :json } do 
     namespace :v1 do 
     devise_scope :user do 
      post 'login' => 'sessions#create', :as => :login 
      delete 'logout' => 'sessions#destroy', :as => :logout 
      post 'register' => 'registrations#create', :as => :register 
      delete 'delete_account' => 'registrations#destroy', :as => :delete_account 
     end 

     resources :timelines do 
      resources :entries 
     end 
    end 
    end 
end