ROR汇集---restful-authentication

摘自:http://github.com/technoweenie/restful-authentication/tree/master

 

Restful Authentication Generator

This widely-used plugin provides a foundation for securely managing user
authentication:

  • Login / logout
  • Secure password handling
  • Account activation by validating email
  • Account approval / disabling by admin
  • Rudimentary hooks for authorization and access control.

!! important: if you upgrade your site, existing user account !! !! passwords will stop working unless you use —old-passwords !!

 

h2. Installation

This is a basic restful authentication generator for rails, taken from
acts as authenticated. Currently it requires Rails 1.2.6 or above.

IMPORTANT FOR RAILS > 2.1 USERS To avoid a NameError exception (lighthouse tracker ticket ), check out the code to have an underscore and not dash in its name:

  • either use git clone git://github.com/technoweenie/restful-authentication.git restful_authentication
  • or rename the plugin’s directory to be restful_authentication after fetching it.

To use the generator:

./script/generate authenticated user sessions / —include-activation / —stateful / —rspec / —skip-migration / —skip-routes / —old-passwords

  • The first parameter specifies the model that gets created in signup (typically
    a user or account model). A model with migration is created, as well as a
    basic controller with the create method. You probably want to say “User” here.
  • The second parameter specifies the session controller name. This is the
    controller that handles the actual login/logout function on the site.
    (probably: “Session”).
  • —include-activation: Generates the code for a ActionMailer and its respective
    Activation Code through email.
  • -stateful: Builds in support for acts_as_state_machine and generates
    activation code. (@
    -stateful@ implies --include-activation ). Based on the
    idea at [[http://www.vaporbase.com/postings/stateful_authentication]]. Passing
    --skip-migration will skip the user migration, and --skip-routes will skip
    resource generation - both useful if you’ve already run this generator.
    (Needs the acts_as_state_machine plugin ,
    but new installs should probably run with @
    -aasm@ instead.)
  • —rspec: Generate RSpec tests and Stories in place of standard rails tests.
    This requires the
    RSpec and Rspec-on-rails plugins
    (make sure you “./script/generate rspec” after installing RSpec.) The rspec
    and story suite are much more thorough than the rails tests, and changes are
    unlikely to be backported.
  • —old-passwords: Use the older password scheme (see [[#COMPATIBILITY ]], above)
  • —skip-migration: Don’t generate a migration file for this model
  • —skip-routes: Don’t generate a resource line in config/routes.rb


h2. After installing

The below assumes a Model named ‘User’ and a Controller named ‘Session’; please
alter to suit. There are additional security minutae in notes/README-Tradeoffs
— only the paranoid or the curious need bother, though.

  • Add these familiar login URLs to your config/routes.rb if you like:

map.signup ‘/signup’, :controller => ‘users’, :action => ‘new’
map.login ‘/login’, :controller => ‘session’, :action => ‘new’
map.logout ‘/logout’, :controller => ‘session’, :action => ‘destroy’
  • With --include-activation , also add to your config/routes.rb :

map.activate ‘/activate/:activation_code’, :controller => ‘users’, :action => ‘activate’, :activation_code => nil

and add an observer to config/environment.rb

:


config.active_record.observers = :user_observer

Pay attention, may be this is not an issue for everybody, but if you should have problems, that the sent activation_code does match with that in the database stored, reload your user object before sending its data through email something like:


class UserObserver < ActiveRecord::Observer
def after_create(user)
user.reload
UserMailer.deliver_signup_notification(user)
end
def after_save(user)
user.reload
UserMailer.deliver_activation(user) if user.recently_activated?
end
end
  • With --stateful , add an observer to config/environment.rb:

config.active_record.observers = :user_observer

and modify the users resource line to read map.resources :users, :member => { :suspend => :put, :unsuspend => :put, :purge => :delete }

  • If you use a public repository for your code (such as github, rubyforge,
    gitorious, etc.) make sure to NOT post your site_keys.rb (add a line like
    ‘/config/initializers/site_keys.rb’ to your .gitignore or do the svn ignore
    dance), but make sure you DO keep it backed up somewhere safe.

参考:http://www.letrails.cn/archives/52/

 

资源下载链接为: https://pan.quark.cn/s/9e7ef05254f8 在苹果的生态系统中,IAP(应用内购买)是苹果应用商店(App Store)中应用开发者常采用的一种盈利模式,允许用户在应用内直接购买虚拟商品或服务。苹果为开发者提供了一份详细的人民币(CNY)IAP定价表,这份定价表具有以下特点: 价格分级:定价表由多个价格等级组成,开发者可根据虚拟商品的价值选择相应等级,等级越高,价格越高。例如,低等级可能对应基础功能解锁,高等级则对应高级服务或大量虚拟道具。 税收与分成:苹果会从应用内购买金额中抽取30%作为服务费或佣金,这是苹果生态的固定规则。不过,开发者实际到手的收入会因不同国家和地区的税收政策而有所变化,但定价表中的价格等级本身是固定的,便于开发者统一管理。 多级定价策略:通过设置不同价格等级,开发者可以根据商品或服务的类型与价值进行合理定价,以满足不同消费能力的用户需求,从而最大化应用的总收入。例如,一款游戏可以通过设置不同等级的虚拟货币包,吸引不同付费意愿的玩家。 特殊等级:除了标准等级外,定价表还包含备用等级和特殊等级(如备用等级A、备用等级B等),这些等级可能是为应对特殊情况或促销活动而设置的额外价格点,为开发者提供了更灵活的定价选择。 苹果IAP定价表是开发者设计应用内购机制的重要参考。它不仅为开发者提供了标准的收入分成模型,还允许开发者根据产品特性设定价格等级,以适应市场和满足不同用户需求。同时,开发者在使用定价表时,还需严格遵守苹果的《App Store审查指南》,包括30%的分成政策、使用苹果支付接口、提供清晰的产品描述和定价信息等。苹果对应用内交易有严格规定,以确保交易的透明性和安全性。总之,苹果IAP定价表是开发者在应用内购设计中不可或缺的工具,但开发者也需密切关注苹果政策变化,以确保应用的合规运营和收益最大化。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值