管理员登录支持

app/assets/javascripts/angularjs/admin_sessions.js.coffee

@@ -0,0 +1,19 @@
+@app.controller 'AdminSessionsController', ($scope, $http, $timeout)->
+  url = '/admin/sessions'
+  
+  $scope.login = ->
+    $http
+      url: url
+      method: 'POST'
+      params:
+        username: $scope.username
+        password: $scope.password
+    .success (res)->
+      if res.success
+        window.location = '/admin'
+      else
+        $scope.password = ''
+        $scope.error_msg = res.message
+      $timeout ->
+        $scope.error_msg = null
+      , 5000

app/assets/stylesheets/admin/posts.css.scss

@@ -28,6 +28,12 @@
     margin-top: 2rem;
   }
 
+  tr {
+    &:hover {
+      background-color: #EEEEEE;
+    }
+  }
+
 }
 
 .edit-post-link {

app/controllers/admin/sessions_controller.rb

@@ -0,0 +1,24 @@
+class Admin::SessionsController < ApplicationController
+  layout 'layouts/admin'
+
+  def new
+  end
+
+  def create
+    if ! ENV['ADMIN_USER']
+      render :json=> { success: false, message: '系统未配置管理员账户, 无法登录' }
+    elsif ENV['ADMIN_USER'] != params[:username]
+      render :json=> { success: false, message: '管理员账户错误' }
+    elsif ENV['ADMIN_PASSWORD'] != params[:password]
+      render :json=> { success: false, message: '管理员密码错误' }
+    else
+      session[:login] = true
+      render :json=> { success: true }
+    end
+  end
+
+  def destroy
+    session[:login] = nil
+    redirect_to new_admin_session_path
+  end
+end

app/controllers/application_controller.rb

@@ -3,6 +3,8 @@ class ApplicationController < ActionController::Base
 
   helper_method :format_time, :format_date
 
+  helper_method :admin_username
+
   def format_time(time)
     time.strftime("%Y-%m-%d %H:%M")
   end
@@ -13,5 +15,12 @@ class ApplicationController < ActionController::Base
 
   protected
   def authericate_user!
+    if ! session[:login]
+      redirect_to new_admin_session_path
+    end
+  end
+
+  def admin_username
+    session[:login] && ENV['ADMIN_USER']
   end
 end

app/views/admin/sessions/create.html.slim

@@ -0,0 +1,2 @@
+h1 Admin::Sessions#create
+p Find me in app/views/admin/sessions/create.html.slim

app/views/admin/sessions/destroy.html.slim

@@ -0,0 +1,2 @@
+h1 Admin::Sessions#destroy
+p Find me in app/views/admin/sessions/destroy.html.slim

app/views/admin/sessions/new.html.slim

@@ -0,0 +1,16 @@
+.row ng-controller="AdminSessionsController"
+  .small-12.large-8.columns
+    h3.blog-title 登录后台
+    form ng-submit="login()"
+      .row
+        .small-12.large-8.columns
+          = label_tag 'username', '用户名'
+          = text_field_tag 'username', nil, placeholder: '管理员账号', "ng-model"=>"username"
+          = label_tag 'username', '密码'
+          = password_field_tag 'password', nil, placeholder: '管理员密码', "ng-model"=>"password"
+
+          p
+            .alert-box.warning ng-show=" error_msg "
+              |{{ error_msg }}
+
+      button 登录

app/views/layouts/admin.html.slim

@@ -24,6 +24,9 @@ html
         ul.right
           li
             = link_to '返回首页', root_path
+          - if admin_username
+            li
+              = link_to admin_username + ' [ 退出 ]', admin_session_path(1), method: 'DELETE'
     - flash.each do |name, msg|
       - if msg.is_a?(String)
         div class=("alert-box #{name == :notice ? "success" : "alert"}") data-alert=""

config/routes.rb

@@ -24,8 +24,10 @@ WBlog::Application.routes.draw do
         post :preview
       end
     end
+    resources :sessions, :only=>[:new, :create, :destroy]
     root to: 'dashboard#index'
   end
+
   get '/about' => 'home#index'
   get '/:type' => 'archives#index'
 end

spec/controllers/admin/sessions_controller_spec.rb

@@ -0,0 +1,12 @@
+require 'spec_helper'
+
+describe Admin::SessionsController do
+
+  describe "GET 'new'" do
+    it "returns http success" do
+      get 'new'
+      response.should be_success
+    end
+  end
+
+end