Rodauth: A Refreshing Authentication Solution for Ruby

Tram Ho

Surely, if you work with rails, many of your apps use some user authentication frameworks like Devise,, Sorcery, Clearance, or Authlogic. What these frameworks have in common is that they are built on top of Rails. In addition to the good points of rails, they also inherit some limitations such as the bulky model, the abuse of Active Record. One significant option is to use Rodauth. Unlike other frameworks built on rails and Active Record, Rodauth is built on two gems, Roda and Sequel.

Authentication logic is closed

With Rodauth, all user authentication behavior is closure within a Rodauth :: Auth object created inside the Roda middleware and has access to requests.

When we add the above Roda app to the middleware stack, the route block will be called with each request before it reaches the main app. R.rodauth will handle the routes, rodauth.require_authentication will redirect to the login page if the user is not already logged in. At the end of the block, the request will be routed to the main app. Rodauth instances will still exist in the controller and view, so you can request authentication in the controller if you want to:

Or render the validation link in the view:

Some main functions

Rdauth has all the main functions of an authentication framework:

  • Login / logout, remember password.
  • Create an account with email authentication.
  • Change password, reset password.
  • Change email with email authentication.
  • Lock or cancel your account.

You will also find that Rodauth includes professional security features like:

  • Set an expiry date for a password, not to reuse old passwords.
  • Check the complexity of passwords, do not use sketchy passwords.
  • Set an expiry for your account and login session.

Some of the other features:

  • Authenticate over HTTP
  • Authenticate via email
  • Log in login

Uniform configuration DSL

For Devise, there are several other layers where you can customize the authentication: global settings, model settings, controller settings and routing settings. Some of the settings above are dynamically customizable (based on the state of the model or controller), while the rest can only be hard-customized. And some Hooks are enabled on the model, while others must be overridden by the controller. As for Rodauth, it provides a uniform DSL customization that changes almost every authentication behavior declared in the Rodauth :: Auth class. You can override a custom method by creating a static value, or passing a dynamic block.

Rodauth provides a DSL for developing new features, which streamlines adding new custom methods and creates the most flexible authentication behaviors possible.

Some other features

Exploited authentication features

Rodauth has done a great job at making the authentication features independent. Each feature is contained in a single file, the code is only loaded when the feature is activated. This makes it easy to learn the features.

Each feature has a database table

Rodauth features are decoupled not only in code, but also in the database. Instead of adding all columns to a single table, in Rodauth each feature has a dedicated table. This makes it more transparent which database columns belong to which features. Rodauth’s features are independent not only in code but also in the database, instead of adding columns in a table, each Rodauth feature has its own table. This helps to distinguish clearly which columns, which database tables belong to which features.

Conclude

Rodauth is one of the frameworks that brings freshness to Ruby programming, offering advanced and easy-to-understand designs of features, backed by powerful customization with DSL for flexibility. high for the framework.

Share the news now

Source : Viblo