design-jwt-gem文档指出,如果启用了会话存储,则必须跳过它进行jwt-auth。上面说你应该设置设备.rb:
config.skip_session_storage = [:http_auth, :params_auth]
您应该禁用:database_authenticatable。这部分我很不理解。如果在我的用户模型中,我删除了:database_authenticatable,那么我为登录配置的路由将不可用:
ActionController::RoutingError(没有路由匹配[POST]"/login"(:
User.rb
class User < ApplicationRecord
rolify role_join_table_name: 'public.user_roles'
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
# devise :database_authenticatable,
devise :registerable,
:recoverable,
:rememberable,
:validatable,
:jwt_authenticatable,
jwt_revocation_strategy: Devise::JWT::RevocationStrategies::Null
end
devise.rb
config.skip_session_storage = %i[http_auth params_auth]
routes.rb
Rails.application.routes.draw do
# For details on the DSL available within this file, see https://guides.rubyonrails.org/routing.html
devise_for :users, defaults: { format: :json },
path: '',
path_names: {
sign_in: 'login',
sign_out: 'logout',
registration: 'signup'
},
controllers: {
sessions: 'users/sessions',
registrations: 'users/registrations'
}
end
我应该做些什么来保持会话,但不是为了jwt-auth?
好吧,在调整了我在本文中找到的解决方案之后https://blog.siliconjungles.io/devise-jwt-with-sessions-hybrid,答案是:
monkeypatch:config/ininitializers/warden/proxy.rb
module Warden
class Proxy
def user(_argument = {})
if request.format.json?
return nil
end
end
end
end
对于api验证和默认行为,您必须有分开的路由:
路线.rb
namespace :api do
namespace :v1 do
devise_scope :user do
post 'auth/signup', to: 'registrations#create'
post 'auth/signin', to: 'sessions#create'
delete 'auth/signout', to: 'sessions#destroy'
end
end
end
devise_for :users