安全EventMachine的Web服务

Question

我使用EventMachine的和evma_httpserver如下暴露web服务：

EM.run{ 
    puts "Query Server running on port 9000" 
    EM.start_server '0.0.0.0', 9000, QueryEngineHttpServer 
} 

我想，以确保安全，即需要用户名和密码。我知道如何使用Sinatra来做到这一点，但我没有使用它，所以我不知道如何继续。

Answer 1

你需要哪种认证？基于身份验证或基于cookie的？

这是可以帮助你吗？

module QueryEngineHttpServer 
    include EM::HttpServer 

    def post_init 

    # if you want the connection to be encrypted with ssl 
    start_tls({:private_key_file => path_to_key_file, 
       :cert_chain_file => path_to_key_file, 
       :verify_peer => false}) 

    # don't forget to call super here ! 
    super 
    end 

    def process_http_request 

    # Block which fulfills the request (generate the data) 
    operation = proc do 

     # depending of which kind of auth you want you should have to parse the cookie or the 'autorization' header 
     auth = check_for_auth @http_cookie, @http_headers 

     # create the response object to be used in the EM::defer callback   
     resp = EM::DelegatedHttpResponse.new(self) 
     resp.status = auth ? 200 : 401 
     resp.content = 'some content here...' 
     resp 
    end 

    # Block which fulfills the reply (send back the data to the client) 
    response = proc do |reply| 
     reply.send_response  
    end 

    # Let the thread pool handle request 
    EM.defer(operation, response) 
    end 

end