问题描述
目前我已经使用以下配置设置了 Guardian 身份验证:
pipeline :api do
plug :accepts,["json"]
plug MyApp.AuthAccesspipeline
end
defmodule MyApp.AuthAccesspipeline do
use Guardian.Plug.Pipeline,otp_app: :my_app
plug Guardian.Plug.VerifySession,claims: %{"typ" => "access"}
plug Guardian.Plug.VerifyHeader,claims: %{"typ" => "access"}
plug Guardian.Plug.EnsureAuthenticated
plug Guardian.Plug.LoadResource,allow_blank: true
end
我的路线设置如下:
scope "/api/v1",MyAppWeb do
pipe_through :api
resources "/users",UserController,except: [:new,:edit]
post "/auth/sign_up",:sign_up
post "/auth/sign_in",:sign_in
post "/auth/forgot_password",:forgot_password
end
如何设置此管道以便无需身份验证即可访问 /auth/* 路由?
解决方法
我可以通过这样设置我的路线来解决这个问题:
pipeline :anonymous do
plug :accepts,["json"]
end
pipeline :protected do
plug :accepts,["json"]
plug MyApp.AuthAccessPipeline
end
scope "/api/v1/auth",MyAppWeb do
pipe_through :anonymous
post "/sign_up",UserController,:sign_up
post "/sign_in",:sign_in
post "/forgot_password",:forgot_password
end
scope "/api/v1",MyAppWeb do
pipe_through :protected
resources "/users",except: [:new,:edit]
end