sample_rails_tailwind/app/helpers/sessions_helper.rb

module SessionsHelper
  def log_in(user)
    session[:user_id] = user.id
    # 防范会话重放攻击
    session[:session_token] = user.session_token
  end

  def remember(user)
    user.remember
    cookies.permanent.encrypted[:user_id] = user.id
    cookies.permanent[:remember_token] = user.remember_token
  end

  def current_user
    if (user_id = session[:user_id])
      user = User.find_by(id: user_id)
      if user && session[:session_token] == user.session_token
        @current_user = user
      end
    elsif (user_id = cookies.encrypted[:user_id])
      user = User.find_by(id: user_id)
      if user && user.authenticated?(:remember, cookies[:remember_token])
        log_in user
        @current_user = user
      end
    end
  end

  def logged_in?
    !current_user.nil?
  end

  def forget(user)
    user.forget
    cookies.delete(:user_id)
    cookies.delete(:remember_token)
  end

  def log_out
    forget(current_user)
    reset_session
    @current_user = nil
  end

  def current_user?(user)
    user && user == current_user
  end

  def store_location
    session[:forwarding_url] = request.original_url if
      request.get? || request.head?
  end
end
feat(sample): add session and header 2025-01-01 15:44:50 +08:00			`module SessionsHelper`
			`def log_in(user)`
			`session[:user_id] = user.id`
feat: add remember me functionality to login - Implement remember me checkbox in login form - Update sessions controller to handle remember me logic - Enhance session management to prevent session hijacking - Add tests for remember me functionality This commit introduces a "Remember me" feature that allows users to stay logged in across sessions. It includes updates to the login form, session handling in the controller, and additional tests to ensure the functionality works as expected. The changes also improve security by validating session tokens to prevent session hijacking. 2025-01-02 17:49:06 +08:00			`# 防范会话重放攻击`
			`session[:session_token] = user.session_token`
feat(sample): add session and header 2025-01-01 15:44:50 +08:00			`end`

feat: add remember me functionality for user sessions - Implement remember method in User model to generate and store a remember token - Update SessionsController to call remember on successful login - Enhance current_user method to retrieve user from cookies if session is not present - Add forget method to clear remember token on logout - Create migration to add remember_digest column to users table 2025-01-02 16:47:26 +08:00			`def remember(user)`
			`user.remember`
			`cookies.permanent.encrypted[:user_id] = user.id`
			`cookies.permanent[:remember_token] = user.remember_token`
			`end`

feat(sample): add session and header 2025-01-01 15:44:50 +08:00			`def current_user`
feat: add remember me functionality for user sessions - Implement remember method in User model to generate and store a remember token - Update SessionsController to call remember on successful login - Enhance current_user method to retrieve user from cookies if session is not present - Add forget method to clear remember token on logout - Create migration to add remember_digest column to users table 2025-01-02 16:47:26 +08:00			`if (user_id = session[:user_id])`
feat: add remember me functionality to login - Implement remember me checkbox in login form - Update sessions controller to handle remember me logic - Enhance session management to prevent session hijacking - Add tests for remember me functionality This commit introduces a "Remember me" feature that allows users to stay logged in across sessions. It includes updates to the login form, session handling in the controller, and additional tests to ensure the functionality works as expected. The changes also improve security by validating session tokens to prevent session hijacking. 2025-01-02 17:49:06 +08:00			`user = User.find_by(id: user_id)`
			`if user && session[:session_token] == user.session_token`
			`@current_user = user`
			`end`
feat: add remember me functionality for user sessions - Implement remember method in User model to generate and store a remember token - Update SessionsController to call remember on successful login - Enhance current_user method to retrieve user from cookies if session is not present - Add forget method to clear remember token on logout - Create migration to add remember_digest column to users table 2025-01-02 16:47:26 +08:00			`elsif (user_id = cookies.encrypted[:user_id])`
			`user = User.find_by(id: user_id)`
feat: add account activation feature - Implement AccountActivationsController for activation logic - Create UserMailer for sending activation emails - Update SessionsController to handle unactivated users - Modify UsersController to restrict access to activated users - Add activation fields to User model and database migration - Create views for account activation emails - Add tests for account activation functionality 2025-01-06 18:38:39 +08:00			`if user && user.authenticated?(:remember, cookies[:remember_token])`
feat: add remember me functionality for user sessions - Implement remember method in User model to generate and store a remember token - Update SessionsController to call remember on successful login - Enhance current_user method to retrieve user from cookies if session is not present - Add forget method to clear remember token on logout - Create migration to add remember_digest column to users table 2025-01-02 16:47:26 +08:00			`log_in user`
			`@current_user = user`
			`end`
feat(sample): add session and header 2025-01-01 15:44:50 +08:00			`end`
			`end`

			`def logged_in?`
			`!current_user.nil?`
			`end`
feat: enhance user session management - Update session creation to use safe navigation operator - Implement log_out method in SessionsHelper - Add session reset and login on user creation - Improve user login tests for better coverage These changes improve the user session management by ensuring that the session is handled more safely and efficiently. The addition of the log_out method centralizes session termination, while the updated tests ensure that both login and logout functionality are thoroughly validated. 2025-01-02 11:59:27 +08:00
feat: add remember me functionality for user sessions - Implement remember method in User model to generate and store a remember token - Update SessionsController to call remember on successful login - Enhance current_user method to retrieve user from cookies if session is not present - Add forget method to clear remember token on logout - Create migration to add remember_digest column to users table 2025-01-02 16:47:26 +08:00			`def forget(user)`
			`user.forget`
			`cookies.delete(:user_id)`
			`cookies.delete(:remember_token)`
			`end`

feat: enhance user session management - Update session creation to use safe navigation operator - Implement log_out method in SessionsHelper - Add session reset and login on user creation - Improve user login tests for better coverage These changes improve the user session management by ensuring that the session is handled more safely and efficiently. The addition of the log_out method centralizes session termination, while the updated tests ensure that both login and logout functionality are thoroughly validated. 2025-01-02 11:59:27 +08:00			`def log_out`
feat: add remember me functionality for user sessions - Implement remember method in User model to generate and store a remember token - Update SessionsController to call remember on successful login - Enhance current_user method to retrieve user from cookies if session is not present - Add forget method to clear remember token on logout - Create migration to add remember_digest column to users table 2025-01-02 16:47:26 +08:00			`forget(current_user)`
feat: enhance user session management - Update session creation to use safe navigation operator - Implement log_out method in SessionsHelper - Add session reset and login on user creation - Improve user login tests for better coverage These changes improve the user session management by ensuring that the session is handled more safely and efficiently. The addition of the log_out method centralizes session termination, while the updated tests ensure that both login and logout functionality are thoroughly validated. 2025-01-02 11:59:27 +08:00			`reset_session`
			`@current_user = nil`
			`end`
feat: add user authentication and authorization - Implement friendly forwarding for user login - Add correct_user method to ensure users can only edit their own profiles - Update sessions_controller to handle forwarding URL - Enhance user controller tests to verify redirection for unauthorized access These changes improve user experience by allowing users to be redirected back to their intended page after logging in. Additionally, the new correct_user method enhances security by preventing users from editing other users' profiles, ensuring proper authorization checks are in place. 2025-01-03 13:48:59 +08:00
			`def current_user?(user)`
			`user && user == current_user`
			`end`

			`def store_location`
fix: allow storing location for head requests - Update store_location method to handle HEAD requests - Ensure session forwarding URL is set for both GET and HEAD requests This change enhances the session management by allowing the application to store the original URL for HEAD requests, which is useful for certain types of HTTP interactions. 2025-01-04 10:09:27 +08:00			`session[:forwarding_url] = request.original_url if`
			`request.get? \|\| request.head?`
feat: add user authentication and authorization - Implement friendly forwarding for user login - Add correct_user method to ensure users can only edit their own profiles - Update sessions_controller to handle forwarding URL - Enhance user controller tests to verify redirection for unauthorized access These changes improve user experience by allowing users to be redirected back to their intended page after logging in. Additionally, the new correct_user method enhances security by preventing users from editing other users' profiles, ensuring proper authorization checks are in place. 2025-01-03 13:48:59 +08:00			`end`
feat(sample): add session and header 2025-01-01 15:44:50 +08:00			`end`