相当于akka-http中经过身份验证的路由?

时间:2018-06-03 19:59:06

标签: scala authentication playframework

这可能是一个小问题,因为我只是开始玩游戏。我们可以在akka-http中找到相同的认证路由?以下是使用akka-http

的经过身份验证的路由的示例 
def oauth2Authenticator(credentials: Credentials): Future[Option[ScalaFirebaseToken]] = {
    credentials match {
      case p @ Credentials.Provided(token) =>
          ImportFirebaseCredentials.decodeToken(token).flatMap {
            case token : FirebaseToken => {
              Future(Some(
                ScalaFirebaseToken(token.getUid,
                  Option(token.getEmail),
                  Option(token.getName),
                  Option(token.getPicture)
                )))
            }
            case _ => Future.successful(None)
          }
      case _ =>
        println("couldn't obtain credentials")
        Future.successful(None)
    }
  }

  def authenticated = authenticateOAuth2Async("auth", oauth2Authenticator)

  val route =
    path("user") {
      (get & authenticated) { authResult =>
        complete(getUserByUid(authResult.uid, authResult.email, authResult.name))
      }
    }

此代码从请求标头获取凭据,根据firebase对其进行检查,然后返回该用户的数据。

我很想得到一个如何以类似的方式验证我的行为的例子。

2 个答案:

答案 0 :(得分:1)

我无法从经验中说话,但这是关于Play中OAuth的手册页!框架:

https://www.playframework.com/documentation/2.6.x/ScalaOAuth#OAuth

此外,提供auth功能的各种模块的列表:

https://www.playframework.com/documentation/2.6.x/ModuleDirectory#Authentication-(Login-&-Registration)-and-Authorization-(Restricted-Access)

答案 1 :(得分:1)

使用action composition可以实现经过身份验证的路由。以下是playframework/play-scala-secure-session-example使用ActionBuilder通过UserInfoAction.invokeBlock实施身份验证的示例:

override def invokeBlock[A](request: Request[A], block: (UserRequest[A]) => Future[Result]): Future[Result] = {
  // deal with the options first, then move to the futures
  val maybeFutureResult: Option[Future[Result]] = for {
    sessionId <- request.session.get(SESSION_ID)
    userInfoCookie <- request.cookies.get(USER_INFO_COOKIE_NAME)
  } yield {
    // Future can be flatmapped here and squished with a partial function
    sessionService.lookup(sessionId).flatMap {
      case Some(secretKey) =>
        val cookieBaker = factory.createCookieBaker(secretKey)
        val maybeUserInfo = cookieBaker.decodeFromCookie(Some(userInfoCookie))

        block(new UserRequest[A](request, maybeUserInfo, messagesApi))
      case None =>
        // We've got a user with a client session id, but no server-side state.
        // Let's redirect them back to the home page without any session cookie stuff.
        Future.successful {
          discardingSession {
            Redirect(routes.HomeController.index())
          }.flashing(FLASH_ERROR -> "Your session has expired!")
        }
    }
  }

  maybeFutureResult.getOrElse {
    block(new UserRequest[A](request, None, messagesApi))
  }
}

如果身份验证成功,请求将使用maybeUserInfo进行丰富,而如果失败,则会向闪存添加Your session has expired重定向。现在要向路由添加身份验证,只需将UserInfoAction注入控制器,call it就像这样:

def login = userAction.async { implicit request: UserRequest[AnyContent] =>
  ...
  // request.userInfo is now available
}
相关问题
最新问题