abstract class PublicApi
- PublicApi
- Lucky::Action
- Reference
- Object
Overview
This action accepts both Login and BearerLogin tokens for
delegated authorization purposes.
Use this to build an API to be consumed by the public, and by third-party applications.
Because any token type is accepted, bearer tokens retrieved from the
Authorization header MUST NOT be used as proof of authentication.
Included Modules
- Lucille::ActionHelpers
- Lucky::Paginator::BackendHelpers
- Shield::ActionHelpers
- Shield::ActionPipes
- Shield::Api::BearerLoginHelpers
- Shield::Api::BearerLoginPipes
- Shield::Api::EmailConfirmationHelpers
- Shield::Api::EmailConfirmationPipes
- Shield::Api::LoginHelpers
- Shield::Api::LoginPipes
- Shield::Api::PasswordResetHelpers
- Shield::Api::PasswordResetPipes
- Shield::ApiAction
- Shield::EmailConfirmationHelpers
- Shield::EmailConfirmationPipes
- Shield::LoginHelpers
- Shield::LoginPipes
- Shield::PasswordResetHelpers
- Shield::PasswordResetPipes
Direct Known Subclasses
- Api::BearerLogins::Index
- Api::CurrentUser::BearerLogins::Index
- Api::CurrentUser::EmailConfirmations::Index
- Api::CurrentUser::Logins::Index
- Api::CurrentUser::PasswordResets::Index
- Api::CurrentUser::Show
- Api::EmailConfirmations::Index
- Api::Logins::Index
- Api::PasswordResets::Index
- Api::Users::BearerLogins::Index
- Api::Users::EmailConfirmations::Index
- Api::Users::Index
- Api::Users::Logins::Index
- Api::Users::PasswordResets::Index
- Api::Users::Show
Defined in:
actions/public_api.crConstant Summary
-
ACCEPTED_FORMAT_SYMBOLS =
[:json] -
AFTER_PIPES =
[set_previous_page_url] of Symbol -
This action accepts both
LoginandBearerLogintokens for delegated authorization purposes.Use this to build an API to be consumed by the public, and by third-party applications.
Because any token type is accepted, bearer tokens retrieved from the
Authorizationheader MUST NOT be used as proof of authentication. -
BEFORE_PIPES =
[verify_accepted_format, disable_caching, require_logged_in, require_logged_out, pin_login_to_ip_address, enforce_login_idle_timeout, check_authorization] of Symbol -
This action accepts both
LoginandBearerLogintokens for delegated authorization purposes.Use this to build an API to be consumed by the public, and by third-party applications.
Because any token type is accepted, bearer tokens retrieved from the
Authorizationheader MUST NOT be used as proof of authentication. -
EXPOSURES =
[] of Symbol -
This action accepts both
LoginandBearerLogintokens for delegated authorization purposes.Use this to build an API to be consumed by the public, and by third-party applications.
Because any token type is accepted, bearer tokens retrieved from the
Authorizationheader MUST NOT be used as proof of authentication. -
PARAM_DECLARATIONS =
[] of Crystal::Macros::TypeDeclaration -
This action accepts both
LoginandBearerLogintokens for delegated authorization purposes.Use this to build an API to be consumed by the public, and by third-party applications.
Because any token type is accepted, bearer tokens retrieved from the
Authorizationheader MUST NOT be used as proof of authentication. -
ROUTE_SETTINGS =
{prefix: "/api/v0"} -
This action accepts both
LoginandBearerLogintokens for delegated authorization purposes.Use this to build an API to be consumed by the public, and by third-party applications.
Because any token type is accepted, bearer tokens retrieved from the
Authorizationheader MUST NOT be used as proof of authentication. -
SKIPPED_PIPES =
[pin_login_to_ip_address] of Symbol -
This action accepts both
LoginandBearerLogintokens for delegated authorization purposes.Use this to build an API to be consumed by the public, and by third-party applications.
Because any token type is accepted, bearer tokens retrieved from the
Authorizationheader MUST NOT be used as proof of authentication.
Class Method Summary
Macro Summary
Instance Method Summary
- #authorize?(__arg0 : Shield::User) : Bool | Nil
- #authorize? : Bool | Nil
- #bearer_logged_in? : Bool
- #bearer_logged_out? : Bool
- #bearer_scope : String
- #check_authorization
- #current_bearer : User
- #current_bearer? : User | Nil
- #current_bearer_login
- #current_bearer_login? : BearerLogin | Nil
- #current_login
- #current_login? : Login | Nil
- #current_user
- #current_user? : User | Nil
-
#current_user_or_bearer : User
DEPRECATED User #current_user instead
-
#current_user_or_bearer? : User | Nil
DEPRECATED User #current_user? instead
- #disable_caching
- #do_check_authorization_failed
- #do_enforce_login_idle_timeout_failed
- #do_pin_email_confirmation_to_ip_address_failed
- #do_pin_login_to_ip_address_failed
- #do_pin_password_reset_to_ip_address_failed
- #do_require_logged_in_failed
- #do_require_logged_out_failed
- #enforce_login_idle_timeout
- #logged_in? : Bool
- #logged_out? : Bool
-
#paginator_per_page : Int32
The number of records to display per page.
- #pin_email_confirmation_to_ip_address
- #pin_login_to_ip_address
- #pin_password_reset_to_ip_address
- #previous_page_url
- #previous_page_url? : String | Nil
- #redirect_back(*, fallback : Lucky::Action.class, status : HTTP::Status, allow_external = false)
- #redirect_back(*, fallback : Lucky::RouteHelper, status : HTTP::Status, allow_external = false)
-
#redirect_back(*, fallback : String, status : Int32 = 302, allow_external : Bool = false)
Redirects the browser to the page that issued the request (the referrer) if possible, otherwise redirects to the provided default fallback location.
- #remote_ip : Socket::IPAddress
- #remote_ip? : Socket::IPAddress | Nil
- #require_logged_in
- #require_logged_out
- #return_url
- #return_url? : String | Nil
- #set_no_referrer_policy
- #set_previous_page_url
Class Method Detail
Macro Detail
Instance Method Detail
The number of records to display per page. Defaults to 25
You can override this in your actions
Example
abstract class BrowserAction < Lucky::Action
include Lucky::Paginator::BackendHelpers
# Set to a new static value
def paginator_per_page : Int32
50 # defaults to 25
end
# Or you could allow setting the number from a param
def paginator_per_page : Int32
params.get?(:per_page).try(&.to_i) || 25
end
endRedirects the browser to the page that issued the request (the referrer) if possible, otherwise redirects to the provided default fallback location.
The referrer information is pulled from the 'Referer' header on the request. This is an optional header, and if the request is missing this header the fallback will be used.
redirect_back fallback: "/users"A redirect status can be specified
redirect_back fallback: "/home", status: 301External referrers are ignored by default. It is determined by comparing the referer header to the request host. They can be explicitly allowed if necessary
redirect_back fallback: "/home", allow_external: true
If the referer path matches the current request path, the fallback will be used to avoid redirecting back to the same page.