Upgrade to Pro — share decks privately, control downloads, hide ads and more …

rodauth device and you

rodauth device and you

Anton Davydov

October 22, 2016
Tweet

More Decks by Anton Davydov

Other Decks in Programming

Transcript

  1. View Slide

  2. Anton Davydov
    github.com/davydovanton

    twitter.com/anton_davydov
    davydovanton.com

    View Slide

  3. OpenSource

    View Slide

  4. View Slide

  5. View Slide

  6. View Slide

  7. View Slide

  8. authentication

    View Slide

  9. typical authentication

    View Slide

  10. • user authentication
    • working with current user
    • security
    • different auth ways (OTP, OmniAuth, 2FA)
    • simple way to use it with other frameworks

    View Slide

  11. but in a real life
    we have some

    View Slide

  12. • wasting time for typical functionality
    • complicated logic
    • magic in models/controllers
    • it’s hard to add new feature

    View Slide

  13. and actually we can use…

    View Slide

  14. devise

    View Slide

  15. devise ❤
    • popular
    • based on Rails engines
    • use only what you really need
    • add-ons
    • fast for production

    View Slide

  16. devise
    • only rails
    • problem with custom logic
    • creates unnecessary raws in table
    • hulk
    • can be difficult to integrate

    View Slide

  17. warden

    View Slide

  18. sorcery

    View Slide

  19. custom solution

    View Slide

  20. custom solution ❤
    • absolutely custom
    • works only for special cases
    • works good when other solutions sucks

    View Slide

  21. • DRY in each application
    • spend much time for simple cases
    • you can write
    • you need to write all popular solutions
    custom solution

    View Slide

  22. what problems we have
    • no simplicity
    • no flexibility
    • magic
    • only for rails

    View Slide

  23. rodauth
    github.com/jeremyevans/rodauth

    View Slide

  24. rodauth ❤
    • fast
    • simple
    • easy to integrate with other frameworks
    • many features from the box
    • use only what you need

    View Slide

  25. rodauth
    • little-known solution
    • new technology (from Jun 7, 2015)
    • another routing framework

    View Slide

  26. Jeremy Evans
    github.com/jeremyevans

    View Slide

  27. roda
    github.com/jeremyevans/roda

    View Slide

  28. roda: general ideas
    • simplicity
    • reliability
    • extensibility
    • performance

    View Slide

  29. # config.ru
    require "roda"
    class App < Roda
    route do |r|
    r.root do
    r.redirect "/hello"
    end
    # GET /hello request
    r.get "hello" do
    "Hello world!"
    end
    end
    end
    run App.freeze.app

    View Slide

  30. # config.ru
    require "roda"
    class App < Roda
    route do |r|
    r.root do
    r.redirect "/hello"
    end
    # GET /hello request
    r.get "hello" do
    "Hello world!"
    end
    end
    end
    run App.freeze.app

    View Slide

  31. # config.ru
    require "roda"
    class App < Roda
    route do |r|
    r.root do
    r.redirect "/hello"
    end
    # GET /hello request
    r.get "hello" do
    "Hello world!"
    end
    end
    end
    run App.freeze.app

    View Slide

  32. # config.ru
    require "roda"
    class App < Roda
    route do |r|
    r.root do
    r.redirect "/hello"
    end
    # GET /hello request
    r.get "hello" do
    "Hello world!"
    end
    end
    end
    run App.freeze.app

    View Slide

  33. rodauth: general ideas

    View Slide

  34. security

    View Slide

  35. simplicity

    View Slide

  36. flexibility

    View Slide

  37. all features

    View Slide

  38. login
    logout
    change password
    change login
    reset password
    create account
    close account
    verify account
    confirm account
    remember
    lockout
    OTP
    recovery codes
    SMS codes
    verify change login
    verify account grace period
    password grace period
    password complexity
    disallow password reuse
    password expiration
    account expiration
    session expiration
    single session
    JWT (JSON API)

    View Slide

  39. architecture

    View Slide

  40. it’s just a plugin for roda

    View Slide

  41. # cat config.ru
    require "roda"
    class RodauthApp < Roda
    plugin :rodauth do
    enable :login, :logout, :change_password
    end
    route do |r|
    r.rodauth
    rodauth.require_authentication
    end
    end
    run RodauthApp

    View Slide

  42. # cat config.ru
    require "roda"
    class RodauthApp < Roda
    plugin :rodauth do
    enable :login, :logout, :change_password
    end
    route do |r|
    r.rodauth
    rodauth.require_authentication
    end
    end
    run RodauthApp

    View Slide

  43. # cat config.ru
    require "roda"
    class RodauthApp < Roda
    plugin :rodauth do
    enable :login, :logout, :change_password
    end
    route do |r|
    r.rodauth
    rodauth.require_authentication
    end
    end
    run RodauthApp

    View Slide

  44. # cat config.ru
    require "roda"
    class RodauthApp < Roda
    plugin :rodauth do
    enable :login, :logout, :change_password
    end
    route do |r|
    r.rodauth
    rodauth.require_authentication
    end
    end
    run RodauthApp

    View Slide

  45. # cat config.ru
    require "roda"
    class RodauthApp < Roda
    plugin :rodauth do
    enable :login, :logout, :change_password
    end
    route do |r|
    r.rodauth
    rodauth.require_authentication
    end
    end
    run RodauthApp

    View Slide

  46. how we can use rodauth
    with other apps

    View Slide

  47. general idea
    for integration

    View Slide

  48. use middleware

    View Slide

  49. Rack
    Rodauth Your app

    View Slide

  50. Rack
    Rodauth Your app

    View Slide

  51. Rack
    Rodauth Your app

    View Slide

  52. Rack
    environment
    session
    Rodauth Your app

    View Slide

  53. github.com/jeremyevans/rodauth-demo-rails

    View Slide

  54. https://git.io/vPDao

    View Slide

  55. github.com/davydovanton/rodauth_hanami

    View Slide

  56. github.com/davydovanton/grape-rodauth
    JSON auth only

    View Slide

  57. but we live in real world
    and we won’t use this

    View Slide

  58. how we can use these ideas
    in our apps

    View Slide

  59. devise

    View Slide

  60. View Slide

  61. View Slide

  62. use separate Account model
    instead of User/Admin

    View Slide

  63. put all logic to separate
    application like admin app

    View Slide

  64. don’t put all your
    logic to Model

    View Slide

  65. bonus

    View Slide

  66. View Slide

  67. • roda.jeremyevans.net
    • rodauth.jeremyevans.net
    • groups.google.com/forum/#!forum/ruby-roda
    • irc://chat.freenode.net/#roda
    • trailblazer and devise: goo.gl/cdANIA

    View Slide

  68. conclusions

    View Slide

  69. View Slide

  70. github.com/davydovanton

    twitter.com/anton_davydov
    davydovanton.com
    Thank you

    View Slide