ActionController::HttpAuthentication::Token

Makes it dead easy to do HTTP Token authentication.

Simple Token example:

class PostsController < ApplicationController
  TOKEN = "secret"

  before_action :authenticate, except: [ :index ]

  def index
    render plain: "Everyone can see me!"
  end

  def edit
    render plain: "I'm only accessible if you know the password"
  end

  private
    def authenticate
      authenticate_or_request_with_http_token do |token, options|
        token == TOKEN
      end
    end
end

Here is a more advanced Token example where only Atom feeds and the XML API is protected by HTTP token authentication, the regular HTML interface is protected by a session approach:

class Appl
登录查看完整内容