abstract class PrivateApi

PrivateApi
Lucky::Action
Reference
Object

Overview

This action accepts only Login tokens for authentication purposes.

It is useful if building an API backend for a decoupled frontend, where the frontend sends the user's email and password to the CurrentLogin::Create endpoint, in exchange for a Login token.

The token is typically saved in a session store (eg: cookies) on the frontend, and sent along in the Authorization header whenever a request is made to this backend API on the logged-in user's behalf.

Included Modules

Lucille::ActionHelpers
Lucky::Paginator::BackendHelpers
Shield::ActionHelpers
Shield::ActionPipes
Shield::Api::EmailConfirmationHelpers
Shield::Api::EmailConfirmationPipes
Shield::Api::LoginHelpers
Shield::Api::LoginPipes
Shield::Api::PasswordResetHelpers
Shield::Api::PasswordResetPipes
Shield::ApiAction
Shield::EmailConfirmationHelpers
Shield::EmailConfirmationPipes
Shield::LoginHelpers
Shield::LoginPipes
Shield::PasswordResetHelpers
Shield::PasswordResetPipes

Defined in:

actions/private_api.cr

Constant Summary

AFTER_PIPES = [set_previous_page_url] of Symbol

This action accepts only Login tokens for authentication purposes.

It is useful if building an API backend for a decoupled frontend, where the frontend sends the user's email and password to the CurrentLogin::Create endpoint, in exchange for a Login token.

BEFORE_PIPES = [verify_accepted_format, disable_caching, require_logged_in, require_logged_out, pin_login_to_ip_address, enforce_login_idle_timeout, check_authorization] of Symbol

This action accepts only Login tokens for authentication purposes.

It is useful if building an API backend for a decoupled frontend, where the frontend sends the user's email and password to the CurrentLogin::Create endpoint, in exchange for a Login token.

EXPOSURES = [] of Symbol

This action accepts only Login tokens for authentication purposes.

It is useful if building an API backend for a decoupled frontend, where the frontend sends the user's email and password to the CurrentLogin::Create endpoint, in exchange for a Login token.

PARAM_DECLARATIONS = [] of Crystal::Macros::TypeDeclaration

This action accepts only Login tokens for authentication purposes.

It is useful if building an API backend for a decoupled frontend, where the frontend sends the user's email and password to the CurrentLogin::Create endpoint, in exchange for a Login token.

ROUTE_SETTINGS = {prefix: "/api"}

This action accepts only Login tokens for authentication purposes.

It is useful if building an API backend for a decoupled frontend, where the frontend sends the user's email and password to the CurrentLogin::Create endpoint, in exchange for a Login token.

SKIPPED_PIPES = [pin_login_to_ip_address] of Symbol

This action accepts only Login tokens for authentication purposes.

It is useful if building an API backend for a decoupled frontend, where the frontend sends the user's email and password to the CurrentLogin::Create endpoint, in exchange for a Login token.

Class Method Summary

._accepted_formats : Array(Symbol)

Instance Method Summary

#authorize?(user : User) : Bool
#authorize?(user : Shield::User) : Bool
#bearer_logged_in? : Bool
#bearer_logged_out? : Bool
#check_authorization
#current_bearer : User
#current_bearer? : User | Nil
#current_bearer_login
#current_bearer_login?
#current_login
#current_login? : Login | Nil
#current_user
#current_user? : User | Nil
#current_user_or_bearer : User
#current_user_or_bearer? : User | Nil
#disable_caching
#do_check_authorization_failed
#do_enforce_login_idle_timeout_failed
#do_pin_email_confirmation_to_ip_address_failed
#do_pin_login_to_ip_address_failed
#do_pin_password_reset_to_ip_address_failed
#do_require_logged_in_failed
#do_require_logged_out_failed
#enforce_login_idle_timeout
#logged_in? : Bool
#logged_out? : Bool
#pin_email_confirmation_to_ip_address
#pin_login_to_ip_address
#pin_password_reset_to_ip_address
#previous_page_url
#previous_page_url? : String | Nil
#redirect_back(*, fallback : Lucky::Action.class, status : HTTP::Status, allow_external = false)
#redirect_back(*, fallback : Lucky::RouteHelper, status : HTTP::Status, allow_external = false)
#redirect_back(*, fallback : String, status : Int32 = 302, allow_external : Bool = false)
Redirects the browser to the page that issued the request (the referrer) if possible, otherwise redirects to the provided default fallback location.
#remote_ip : Socket::IPAddress
#remote_ip? : Socket::IPAddress | Nil
#require_logged_in
#require_logged_out
#return_url
#return_url? : String | Nil
#set_no_referrer_policy
#set_previous_page_url

Class Method Detail

def self._accepted_formats : Array(Symbol) #

Instance Method Detail

def authorize?(user : User) : Bool #

[View source]

def authorize?(user : Shield::User) : Bool #

def bearer_logged_in? : Bool #

[View source]

def bearer_logged_out? : Bool #

[View source]

def check_authorization #

def current_bearer : User #

[View source]

def current_bearer? : User | Nil #

def current_bearer_login #

[View source]

def current_bearer_login? #

[View source]

def current_login #

def current_user #

def current_user? : User | Nil #

def current_user_or_bearer : User #

[View source]

def current_user_or_bearer? : User | Nil #

[View source]

def disable_caching #

def do_check_authorization_failed #

[View source]

def do_enforce_login_idle_timeout_failed #

[View source]

def do_pin_email_confirmation_to_ip_address_failed #

[View source]

def do_pin_login_to_ip_address_failed #

[View source]

def do_pin_password_reset_to_ip_address_failed #

[View source]

def do_require_logged_in_failed #

[View source]

def do_require_logged_out_failed #

[View source]

def enforce_login_idle_timeout #

[View source]

def logged_in? : Bool #

def logged_out? : Bool #

def pin_email_confirmation_to_ip_address #

[View source]

def pin_login_to_ip_address #

[View source]

def pin_password_reset_to_ip_address #

[View source]

def previous_page_url #

def previous_page_url? : String | Nil #

def redirect_back(*, fallback : Lucky::Action.class, status : HTTP::Status, allow_external = false) #

def redirect_back(*, fallback : Lucky::RouteHelper, status : HTTP::Status, allow_external = false) #

def redirect_back(*, fallback : String, status : Int32 = 302, allow_external : Bool = false) #

Description copied from module Lucky::Redirectable

Redirects the browser to the page that issued the request (the referrer) if possible, otherwise redirects to the provided default fallback location.

The referrer information is pulled from the 'Referer' header on the request. This is an optional header, and if the request is missing this header the fallback will be used.

redirect_back fallback: "/users"

A redirect status can be specified

redirect_back fallback: "/home", status: 301

External referers are ignored by default. It is determined by comparing the referer header to the request host. They can be explicitly allowed if necessary

redirect_back fallback: "/home", allow_external: true

def remote_ip : Socket::IPAddress #

def remote_ip? : Socket::IPAddress | Nil #

def require_logged_in #

[View source]

def require_logged_out #

def return_url #

def return_url? : String | Nil #

def set_no_referrer_policy #

def set_previous_page_url #

CrystalDoc.info

penny

abstract class PrivateApi

Overview

Included Modules

Defined in:

Constant Summary

Class Method Summary

Instance Method Summary

Class Method Detail

Instance Method Detail