我正在尝试使用 devise & jwt 构建一个 RESTFul API。
我可以使用 Postman 使用我的 jwt 熊令牌进行注册和登录/注销。
现在我想发布文章时遇到问题。
我不明白为什么在我用 Postman 发布文章后我的控制台会登录。
我也不明白为什么我会收到这个 401 错误。用 RESTFul + API + Devise + JWT 真的很难找到一些内容。
从长远来看,您认为有或没有 Devise 运行更好吗?因为实际上有些内容没有设计。
我在 Postman 上尝试的东西
Authorization : <Bearer token>
{
"title":"the title",
"content":"the content"
}
当我使用 Postman 发布文章时从控制台返回 ERROR 消息(并且使用与登录/注销相同的熊令牌
Started POST "/articles" for ::1 at 2021-09-01 18:07:41 +0200
Processing by ArticlesController#create as */*
Parameters: {"title"=>"the title", "content"=>"the content", "article"=>{"title"=>"the title", "content"=>"the content"}}
Completed 401 Unauthorized in 76ms (Allocations: 113)
Started GET "/api/login" for ::1 at 2021-09-01 18:07:41 +0200
Processing by SessionsController#new as JSON
Completed 200 OK in 71ms (Views: 2.5ms | Allocations: 179)
应用程序/控制器/articles_controller.rb
class ArticlesController < ApplicationController
before_action :set_todo, only: [:show, :update, :destroy]
before_action :authenticate_user!
# GET /todos
def index
@articles = Article.all
json_response(@articles)
end
# POST /todos
def create
@article = Article.create!(article_params)
@article.user = current_user
end
# GET /todos/:id
def show
json_response(@article)
end
# PUT /todos/:id
def update
@article.update(article_params)
head :no_content
end
# DELETE /todos/:id
def destroy
@article.destroy
head :no_content
end
private
def article_params
# whitelist params
params.permit(:title, :content, :user_id)
end
def set_article
@article = Article.find(params[:id])
end
end
db/shema.rb
ActiveRecord::Schema.define(version: 2021_09_01_124211) do
# These are extensions that must be enabled in order to support this database
enable_extension "plpgsql"
create_table "articles", force: :cascade do |t|
t.string "title"
t.text "content"
t.datetime "created_at", precision: 6, null: false
t.datetime "updated_at", precision: 6, null: false
t.bigint "user_id", null: false
t.index ["user_id"], name: "index_articles_on_user_id"
end
create_table "jwt_denylist", force: :cascade do |t|
t.string "jti", null: false
t.datetime "expired_at", null: false
t.index ["jti"], name: "index_jwt_denylist_on_jti"
end
create_table "users", force: :cascade do |t|
t.string "email", default: "", null: false
t.string "encrypted_password", default: "", null: false
t.string "reset_password_token"
t.datetime "reset_password_sent_at"
t.datetime "remember_created_at"
t.datetime "created_at", precision: 6, null: false
t.datetime "updated_at", precision: 6, null: false
t.index ["email"], name: "index_users_on_email", unique: true
t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
end
add_foreign_key "articles", "users"
end
应用程序/模型/article.rb
class Article < ApplicationRecord
belongs_to :user
end
应用程序/模型/user.rb
class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
devise :database_authenticatable, :registerable,
:jwt_authenticatable, jwt_revocation_strategy: JwtDenylist
has_many :articles
end