Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
rodauth device and you
Search
Anton Davydov
October 22, 2016
Programming
260
2
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
rodauth device and you
Anton Davydov
October 22, 2016
More Decks by Anton Davydov
See All by Anton Davydov
How to make a technical decision
davydovanton
0
150
МГТУ
davydovanton
0
110
Events. Events. Events! - krk.rb
davydovanton
0
160
Events. Events. Events!
davydovanton
0
850
Event Sourcing RubySPBConf 2k18
davydovanton
1
220
Architecture of hanami applications
davydovanton
1
7.8k
Hanami Architecture
davydovanton
2
330
viewing ruby blossom kaigi2017
davydovanton
0
760
viewing ruby blossom rdrc2017
davydovanton
2
240
Other Decks in Programming
See All in Programming
技術記事、 専門家としてのプログラマ、 言語化
mizchi
13
6.5k
ADKを使って簡単にAIエージェントを作ってみよう
k1mu21
0
280
スマートグラスで並列バイブコーディング
hyshu
0
260
メソッドのジェネリクスでGoの夢は広がるか? / Kyoto.go #65
utgwkk
3
940
例外の正しい扱い方 そのエラー try-catchして大丈夫?
jinwatanabe
0
280
才能?センス?知らん、 続けたもん勝ちだ。-- 結婚・出産・癌を越えてなお、私がプロダクトを創り続ける理由
16bitidol
1
350
決定論的オーケストレーションの設計と実装 / Design and Implementation of Deterministic Orchestration
nrslib
4
1.5k
Strategic Design in the Frontend: Moduliths & Micro Frontends @DDDEurope
manfredsteyer
PRO
0
130
Lessons from Spec-Driven Development
simas
PRO
0
220
Semantic Version 単位で戦略を柔軟に変えて、パッケージアップデートを自動化する
daitasu
1
300
Oxlintのカスタムルールの現況
syumai
6
1.2k
エンジニアと一緒にテストコードの設計と実装を改善した話
mototakatsu
0
220
Featured
See All Featured
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
780
Documentation Writing (for coders)
carmenintech
77
5.4k
Code Reviewing Like a Champion
maltzj
528
40k
ラッコキーワード サービス紹介資料
rakko
1
3.7M
Exploring anti-patterns in Rails
aemeredith
3
430
Prompt Engineering for Job Search
mfonobong
0
350
Embracing the Ebb and Flow
colly
88
5.1k
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
180
Building Flexible Design Systems
yeseniaperezcruz
330
40k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
3.5k
Getting science done with accelerated Python computing platforms
jacobtomlinson
2
240
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.5k
Transcript
None
Anton Davydov github.com/davydovanton twitter.com/anton_davydov davydovanton.com
OpenSource
None
None
None
None
authentication
typical authentication
• user authentication • working with current user • security
• different auth ways (OTP, OmniAuth, 2FA) • simple way to use it with other frameworks
but in a real life we have some
• wasting time for typical functionality • complicated logic •
magic in models/controllers • it’s hard to add new feature
and actually we can use…
devise
devise ❤ • popular • based on Rails engines •
use only what you really need • add-ons • fast for production
devise • only rails • problem with custom logic •
creates unnecessary raws in table • hulk • can be difficult to integrate
warden
sorcery
custom solution
custom solution ❤ • absolutely custom • works only for
special cases • works good when other solutions sucks
• DRY in each application • spend much time for
simple cases • you can write • you need to write all popular solutions custom solution
what problems we have • no simplicity • no flexibility
• magic • only for rails
rodauth github.com/jeremyevans/rodauth
rodauth ❤ • fast • simple • easy to integrate
with other frameworks • many features from the box • use only what you need
rodauth • little-known solution • new technology (from Jun 7,
2015) • another routing framework
Jeremy Evans github.com/jeremyevans
roda github.com/jeremyevans/roda
roda: general ideas • simplicity • reliability • extensibility •
performance
# config.ru require "roda" class App < Roda route do
|r| r.root do r.redirect "/hello" end # GET /hello request r.get "hello" do "Hello world!" end end end run App.freeze.app
# config.ru require "roda" class App < Roda route do
|r| r.root do r.redirect "/hello" end # GET /hello request r.get "hello" do "Hello world!" end end end run App.freeze.app
# config.ru require "roda" class App < Roda route do
|r| r.root do r.redirect "/hello" end # GET /hello request r.get "hello" do "Hello world!" end end end run App.freeze.app
# config.ru require "roda" class App < Roda route do
|r| r.root do r.redirect "/hello" end # GET /hello request r.get "hello" do "Hello world!" end end end run App.freeze.app
rodauth: general ideas
security
simplicity
flexibility
all features
login logout change password change login reset password create account
close account verify account confirm account remember lockout OTP recovery codes SMS codes verify change login verify account grace period password grace period password complexity disallow password reuse password expiration account expiration session expiration single session JWT (JSON API)
architecture
it’s just a plugin for roda
# cat config.ru require "roda" class RodauthApp < Roda plugin
:rodauth do enable :login, :logout, :change_password end route do |r| r.rodauth rodauth.require_authentication end end run RodauthApp
# cat config.ru require "roda" class RodauthApp < Roda plugin
:rodauth do enable :login, :logout, :change_password end route do |r| r.rodauth rodauth.require_authentication end end run RodauthApp
# cat config.ru require "roda" class RodauthApp < Roda plugin
:rodauth do enable :login, :logout, :change_password end route do |r| r.rodauth rodauth.require_authentication end end run RodauthApp
# cat config.ru require "roda" class RodauthApp < Roda plugin
:rodauth do enable :login, :logout, :change_password end route do |r| r.rodauth rodauth.require_authentication end end run RodauthApp
# cat config.ru require "roda" class RodauthApp < Roda plugin
:rodauth do enable :login, :logout, :change_password end route do |r| r.rodauth rodauth.require_authentication end end run RodauthApp
how we can use rodauth with other apps
general idea for integration
use middleware
Rack Rodauth Your app
Rack Rodauth Your app
Rack Rodauth Your app
Rack environment session Rodauth Your app
github.com/jeremyevans/rodauth-demo-rails
https://git.io/vPDao
github.com/davydovanton/rodauth_hanami
github.com/davydovanton/grape-rodauth JSON auth only
but we live in real world and we won’t use
this
how we can use these ideas in our apps
devise
None
None
use separate Account model instead of User/Admin
put all logic to separate application like admin app
don’t put all your logic to Model
bonus
None
• roda.jeremyevans.net • rodauth.jeremyevans.net • groups.google.com/forum/#!forum/ruby-roda • irc://chat.freenode.net/#roda • trailblazer
and devise: goo.gl/cdANIA
conclusions
None
github.com/davydovanton twitter.com/anton_davydov davydovanton.com Thank you