添加token_authenticable制定模块（适用于色器件版本＆LT; = 3.2）

Add token_authenticable to devise modules (works with devise versions <=3.2)

在user.rb加：token_authenticatable制定的模块列表，它应该是这个样子如下：

In user.rb add :token_authenticatable to the list of devise modules, it should look something like below:

class User < ActiveRecord::Base
# ..code..
  devise :database_authenticatable,
    :token_authenticatable,
    :invitable,
    :registerable,
    :recoverable,
    :rememberable,
    :trackable,
    :validatable

  attr_accessible :name, :email, :authentication_token

  before_save :ensure_authentication_token
# ..code..
end

在生成令牌验证自己（如果色器件版本> 3.2）

Generate Authentication token on your own (If devise version > 3.2)

class User < ActiveRecord::Base
# ..code..
  devise :database_authenticatable,
    :invitable,
    :registerable,
    :recoverable,
    :rememberable,
    :trackable,
    :validatable

  attr_accessible :name, :email, :authentication_token

  before_save :ensure_authentication_token

  def ensure_authentication_token
    self.authentication_token ||= generate_authentication_token
  end

  private

  def generate_authentication_token
    loop do
      token = Devise.friendly_token
      break token unless User.where(authentication_token: token).first
    end
  end

添加迁移authentiction令牌

Add migration for authentiction token

rails g migration add_auth_token_to_users
      invoke  active_record
      create    db/migrate/20141101204628_add_auth_token_to_users.rb

编辑迁移文件中加入：authentication_token列给用户

Edit migration file to add :authentication_token column to users

class AddAuthTokenToUsers < ActiveRecord::Migration
  def self.up
    change_table :users do |t|
      t.string :authentication_token
    end

    add_index  :users, :authentication_token, :unique => true
  end

  def self.down
    remove_column :users, :authentication_token
  end
end

运行迁移

耙分贝：迁移

生成现有用户令牌

我们需要调用保存的用户，以确保认证令牌每个实例是为每个用户present。

We need to call save on every instance of user that will ensure authentication token is present for each user.

User.all.each（安培;：保存）

使用安全葡萄API身份验证令牌

Secure Grape API using auth token

您需要低于code加入到API ::根在为了增加基于令牌的认证。如果你还没有意识API ::根的话，请用葡萄阅读构建RESTful API

You need to add below code to the API::Root in-order to add token based authentication. If you are unware of API::Root then please read Building RESTful API using Grape

在下面的例子中，我们根据两个方案认证用户 - 如果用户登录到Web应用程序，然后使用相同的会话 - 如果会议不提供身份验证令牌传递然后基于令牌查找用户p>

In below example, We are authenticating user based on two scenarios – If user is logged on to the web app then use the same session – If session is not available and auth token is passed then find user based on the token

# lib/api/root.rb
module API
  class Root < Grape::API
    prefix    'api'
    format    :json

    rescue_from :all, :backtrace => true
    error_formatter :json, API::ErrorFormatter

    before do
      error!("401 Unauthorized", 401) unless authenticated
    end

    helpers do
      def warden
        env['warden']
      end

      def authenticated
        return true if warden.authenticated?
        params[:access_token] && @user = User.find_by_authentication_token(params[:access_token])
      end

      def current_user
        warden.user || @user
      end
    end

    mount API::V1::Root
    mount API::V2::Root
  end
end