Upgrade to Pro — share decks privately, control downloads, hide ads and more …

貴方はOmniAuth::AuthHashを知っていますか?

teitei_tk
August 23, 2018

 貴方はOmniAuth::AuthHashを知っていますか?

teitei_tk

August 23, 2018
Tweet

More Decks by teitei_tk

Other Decks in Technology

Transcript

  1. وํ͸OmniAuth::AuthHash
    Λ஌͍ͬͯ·͔͢ʁ
    @teitei_tk

    View full-size slide

  2. ͓લ͸୭ͳΜͩɻ
    • ΠϯλʔωοτͰ͸@teitei_tkɺ
    teitei-tk౳Ͱੜଉ͍ͯ͠·͢ɻΞ
    Πίϯ͸ӈͰ΍͓ͬͯΓ·͢ɻ

    • ࠓͷͱ͜Ζɺfreeeͱ͍͏ձࣾʹ
    ॴଐ͍ͯ͠·͢ɻ

    • झຯ͸มͳTγϟπΛணΔ͜ͱɻ
    23:00͔Βχϡʔε൪૊ͷ࣮گΛ
    ͢Δ͜ͱͰ͢ɻ

    • কདྷ͸σΟετϐΞͳੈքͰ೴
    ਷ʹͳͬͯ༨ੜΛա͍ͨ͝͠ɻ

    View full-size slide

  3. ࠓ೔࿩͢͜ͱ

    View full-size slide

  4. ͷલʹ
    OmniAuthʹ͍ͭͯ

    View full-size slide

  5. OmniAuthʹ͍ͭͯͷৼΓฦΓ
    • WebΞϓϦέʔγϣϯʹͯϓϩόΠμೝূͷखஈΛఏڙ͢
    ΔϥΠϒϥϦ

    • ޠฐΛڪΕͣʹݴ͑͹ɺ͍ΘΏΔOAuthೝূ(Twitterɺ
    GithubɺGoogle, etc)ΛؾܰʹఏڙͰ͖ΔϥΠϒϥϦ

    • ࣗલͷOAuthೝূ΋࣮૷͢Δ͜ͱ͕Ͱ͖·͢ɻ

    View full-size slide

  6. OmniAuthͰGithubΛݕࡧ
    • Repository 3k

    • Code 1M

    • Commits 66k

    • https://github.com/
    search?q=omniauth

    • ͍ΘΏΔσϑΝΫτε
    λϯμʔυ

    View full-size slide

  7. وํ͸OmniAuth::AuthHash
    Λ஌͍ͬͯ·͔͢ʁ

    View full-size slide

  8. OmniAuth::AuthHashʹ͍ͭͯ
    • ϓϩόΠμೝূޙ
    ʹؼͬͯ͘Δύϥ
    ϝʔλͷ஋ͷClass
    Ͱ͢ɻ

    • ͜ͷUMLਤͰ͸
    Callback Phase͔
    ΒͷokͷฦΓ஋Ͱ
    ͢Ͷɻ

    View full-size slide

  9. ࣮ࡍʹݟͨ΄͏͕ૣ͍

    View full-size slide

  10. • rack middlewareɾRailsͷઆ໌ʹͳΔͱ޿͘ͳΔͷͰল͖
    ·͢ɻ

    • ࠓճ͸Rails্ͰOmniAuthΛར༻͍ͯ͠ΔࣄΛલఏͰ͢ɻ

    View full-size slide

  11. lib/omniauth/strategy.rb
    • ࣮ࡍʹOmniAuthͷιʔείʔυΛಡΜͰ͍͘ɻ

    • lib/omniauth/strategy.rb

    • Githubʹhosting͞Ε͍ͯ·͢ɻ

    • 1. L176:ͷcall!͔ΒL367:callback_phase͕ݺ͹Ε·͢ɻ

    • env['omniauth.auth'] = auth_hash
    • ͜ͷauth_hash͕ࠓճͷओ໾Ͱ͢ɻ

    View full-size slide

  12. ControllerͰऔಘ͢Δ৔߹
    • RailsଆͰ͸͜Μͳײ
    ͡ͰऔಘͰ͖·͢ɻ
    1 class SessionController < ApplicationController
    2 def create
    3 # do something
    4 puts auth_hash
    5 end
    6
    7 protected
    8
    9 def auth_hash
    10 request.env['omniauth.auth']
    11 end
    12 end

    View full-size slide

  13. ͜ͷ͋ͱΑ͋͘Δॲཧ
    • ActiveModelͱͯ͠ද
    ݱΛߦ͏

    • ActiveRecordͰRecord
    Λ௥Ճ͢Δ

    • αϯϓϧͱͯ͠͸ӈͷ
    Α͏ͳίʔυͰ͠ΐ͏
    ͔ɻ
    1 class Github::Schema
    2 include ActiveModel::Model
    3 include ActiveModel::Attributes
    4
    5 validates :provider, :uid, presence: true
    6
    7 attribute :provider, :string
    8 attribute :uid, :string
    9
    10 # do something
    11 end
    12
    13 github = Github::Schema.new(auth_hash)

    View full-size slide

  14. • ActiveModel::ForbiddenAttributesError

    View full-size slide

  15. • ??????????????????

    • Α͘Θ͔ΒΜ

    View full-size slide

  16. Α͘Θ͔ΒΜɻ

    View full-size slide

  17. ιʔείʔυΛ௥͏ɻ

    View full-size slide

  18. OmniAuth::AuthHash
    • OmniAuth::AuthHash ͸ OmniAuth::KeyStore Λར༻͠
    ͍ͯΔɻ

    • Hashieͱ͍͏module͕ఏڙ͍ͯ͠Δ
    Hashie::Mashͱ͍͏classΛܧঝ͍ͯ͠Δɻ

    View full-size slide

  19. Hashie::Mash
    • Object#respond_to_missing? Λܧঝ͍ͯ͠Δɻ

    • Line:251ʹ࣮૷͕͋Γ·͕͢ɺsuffix͕ͭ͘ίʔυͳΒ໰
    ౴ແ༻ͰtrueΛฦ͍ͯ͠Δɻ

    View full-size slide

  20. ActiveModel::ForbbidenAttri
    butesErrorͱ͸
    • Railsͷstrong parameterͱ͍͏࢓૊Έ

    View full-size slide

  21. ActiveModel::ForbbidenAttri
    buteError
    1 module ForbiddenAttributesProtection # :nodoc:
    2 private
    3 def sanitize_for_mass_assignment(attributes)
    4 if attributes.respond_to?(:permitted?)
    5 raise ActiveModel::ForbiddenAttributesError if !attributes.permitted?
    6 attributes.to_h
    7 else
    8 attributes
    9 end
    10 end
    11 alias :sanitize_forbidden_attributes :sanitize_for_mass_assignment
    12 end
    13 end

    View full-size slide

  22. צͷྑ͍ํ͸ࠓͷͰؾ
    ͔ͮ͘΋͠Εͳ͍ɻ

    View full-size slide

  23. #ຊ౰ʹ͋Δා͍ίʔυ

    View full-size slide

  24. ͜͜Ͱ΋͏Ұ౓
    ActiveModel::ForbbidenAttributeError
    1 module ForbiddenAttributesProtection # :nodoc:
    2 private
    3 def sanitize_for_mass_assignment(attributes)
    4 if attributes.respond_to?(:permitted?)
    5 raise ActiveModel::ForbiddenAttributesError if !attributes.permitted?
    6 attributes.to_h
    7 else
    8 attributes
    9 end
    10 end
    11 alias :sanitize_forbidden_attributes :sanitize_for_mass_assignment
    12 end
    13 end

    View full-size slide

  25. • Hashie͸ Object#respond_to_missing? Λܧঝ͓ͯ͠Γɺಛఆ
    ͷsuffix͕͍ͭͨίʔυͳΒશͯtrue͕ม͑ΔΑ͏ʹͳ͍ͬͯ
    Δɻ

    • Omniauth::AuthHash(Hashie)Λར༻ͯ͠ActiveModelΛ࡞Δ
    ͱɺsanitize_for_mass_assignmentʹͯpermit͞Εͨparameter
    ͔Λrespond_to?(:permitted?)Ͱݟ͍ͯΔ

    • if attributes.respond_to?(:permitted?)ͷॲཧ͕௨ͬͯ͠·
    ͏ɻ(͜͜Ͱ͍͏attributesͱ͸Omniauth::AuthHash)

    • ݁Ռͱͯ͠ɻActiveModel::ForbbidenAttributeError͕ൃੜ͢Δɻ

    View full-size slide

  26. ͳͥHashieΛར༻͍ͯ͠Δͷ
    ͔ɾɾɾʁ
    • Θ͔ΒΜɻ

    • ා͍

    View full-size slide

  27. ·ͱΊ
    • OmniAuth::AuthHash͸ͨͩͷHashClassͰ͸ͳ͍ɻ

    • Object#respond_to_missing? Λܧঝͯ͠ಠࣗʹॲཧΛ࣮૷͠
    ͍ͯͨΓɺmethod໊͕suffixͳΒtrueΛฦ͢ͳͲɺRails͕ఏڙ
    ͍ͯ͠Δ Active* ܥͷModuleͱͷ૬ੑ͕ѱ͍ɻ

    • ૬ੑͱ͍͏͔ߦّ͕ѱ͍ɾɾɾʁ

    • ͦͷ··ར༻͢Δͷ͸ෆ۩߹ͷԹচʹͳΔͷͰɺ࠶ؼॲཧΛߦͬ
    ͯϓϨʔϯͳHashClassԽ͢ΔͳͲͷରԠΛ͓͢͢Ί͠·͢ɻ

    View full-size slide