Koala Rails身份验证

Question

我有以下代码：

application_controller.rb

class ApplicationController < ActionController::Base
  protect_from_forgery

  before_filter :current_user

  def facebook_cookies
    @facebook_cookies ||= Koala::Facebook::OAuth.new.get_user_info_from_cookie(cookies).symbolize_keys!
  end

  def current_user
    begin
      # allow for ?access_token=[TOKEN] for iOS calls.
      @access_token = params[:access_token] || facebook_cookies[:access_token]
      @graph = Koala::Facebook::API.new(@access_token)
      # TODO: move this to session[:current_user]..
      @current_user ||= User.from_graph @graph.get_object('me', { fields: 'id,first_name,last_name,gender,birthday' })
    rescue
      nil # not logged in
    end
  end

  def authenticate
    redirect_to(root_url) if current_user.nil?
  end
end

(我已经按照这里的描述设置了考拉，https://github.com/arsduo/koala/wiki/Koala-on-Rails)

我真的不想介绍OmniAuth，因为我想要做的事情相当简单。上面的代码行得通，问题是它调用Facebook for page page load =不好。我猜我需要存储session[:user_id]，然后在用户通过身份验证后为每个后续请求调用User.find(session[:user_id])？

有没有人可以建议最有效的方法来解决这个问题，这样我就不会在每次加载页面时都等待Facebook了？

Answer 1

您可以尝试如下所示：

class ApplicationController < ActionController::Base
  protect_from_forgery

  before_filter :current_user, if: Proc.new{ !current_user? }

  def facebook_cookies
    @facebook_cookies ||= Koala::Facebook::OAuth.new.get_user_info_from_cookie(cookies).symbolize_keys!
  end

  def current_user
    begin
      # allow for ?access_token=[TOKEN] for iOS calls.
      @access_token = params[:access_token] || facebook_cookies[:access_token]
      @graph = Koala::Facebook::API.new(@access_token)
      # TODO: move this to session[:current_user]..
      @current_user ||= User.from_graph @graph.get_object('me', { fields: 'id,first_name,last_name,gender,birthday' })
    rescue
      nil # not logged in
    end
  end

  def authenticate
    redirect_to(root_url) if current_user.nil?
  end

  def current_user?
    !!@current_user
  end
end

Answer 2

我有一个用于facebook身份验证和授权实现。代码分为非状态改变方法和状态改变方法。

请随意使用代码。

## checks if we have access to fb_info and it is not expired
## Non stagechanging
def oauth_is_online
  return !(session[:fb_cookies].nil? or session[:fb_cookies]['issued_at'].to_i + session[:fb_cookies]['expires'].to_i < Time.now.to_i - 10)
end

## checks if the user is in the database
## Non stats changing
def oauth_is_in_database
  return oauth_is_online && 0 < User.where(:fb_id => session[:fb_cookies]['user_id']).count
end

## Returns true if it is the specified user
## Non stagechanging
def oauth_is_user(user)
  return oauth_is_online && session[:fb_cookies]['user_id'] == user.fb_id
end

## Requires the user to be online. If not, hell breaks loose.
def oauth_require_online
  if !oauth_ensure_online
    render :file => "public/401.html", :status => :unauthorized, :layout => false
    return false
  end
  return session[:fb_cookies]
end

## Requires the user to be online and the correct user. If not, hell breaks loose.
def oauth_require_user(user)
  c = oauth_require_online
  return false unless c
  return c unless !oauth_is_user(user)
  render :file => "public/403.html", :status => :unauthorized, :layout => false
  return false
end


## Ensures that the user is online  
def oauth_ensure_online
  begin
    # Checks if the user can be verified af online
    if !oauth_is_in_database
      # the user is not online. Now make sure that they becomes online.
      logger.info "Creates new FB Oauth cookies"
      fb_cookies = Koala::Facebook::OAuth.new.get_user_info_from_cookie(cookies)

      # TODO In the future the session should be reset at this point
      # reset_session
      session[:fb_cookies_reload] = false
      session[:fb_cookies] = fb_cookies

      logger.info "Updating user in database."

      # Tries to load the user
      @current_user = User.where(:fb_id => session[:fb_cookies]['user_id']).first
      logger.info "User exists? => #{@current_user.nil?}"

      # creating if not found
      @current_user = User.new(:fb_id => session[:fb_cookies]['user_id']) unless !@current_user.nil?

      # Loading graph
      @fb_graph = Koala::Facebook::API.new(session[:fb_cookies]['access_token'])

      # Loading info from graph
      me = @fb_graph.get_object('me')

      @current_user.name_first = me['first_name'].to_s
      @current_user.name_last = me['last_name'].to_s
      @current_user.email = me['email'].to_s
      @current_user.fb_access_token = session[:fb_cookies]['access_token'].to_s

      # Saving the updated user
      @current_user.save!
      return oauth_is_online
    else
      # the user is online. Load variables.
      @current_user = User.where(:fb_id => session[:fb_cookies]['user_id']).first
      @fb_graph = Koala::Facebook::API.new(@current_user.fb_access_token)
    end
    return oauth_is_online
  rescue Koala::Facebook::OAuthTokenRequestError => oe
    ## TODO handle the diferent errors
    # user is not online on facebook
    # user have not authenticatet us
    # token is used allready once.
    logger.debug "FB koala OAuthTokenRequestError: #{oe}"
    return false
  end
end