AngularJS：我如何处理与令牌的安全性和自定义方法RESTful API中？ [英] AngularJS: How do I handle RESTful APIs with token security and custom methods?

问题描述

所以说我有了标准GET一个RESTful API，POST，PUT和DELETE它的方法，但我也有它是自定义的特定对象类型的其他方法，以及最重要的是我需要一个安全令牌。

So say I have a RESTFul API that has the standard GET, POST, PUT, and DELETE methods on it, but I also have other methods on it that are custom to specific object types, and on top of that I require a security token.

所以此服务的URL可能看起来是这样的：

so a URL for this service might look like this:

GET / PUT / POST / DELETE http://sample.com/api/User / 123？标记= ABCDEF1234

GET/PUT/POST/DELETE http://sample.com/api/User/123?token=ABCDEF1234

和

GET的http://sample.com/api/User/GetUsersByStatus?token=ABCDEF1234&param1=blah&param2=foo

或

http://sample.com/api/User/DoSomethingCrazy?token=ABCDEF1234

其中最后两个做一些自定义功能。也许它的东西，重置密码，或者它的东西克隆一个用户，并返回的记录，我不知道。刚刚定制的东西。

where the last two do some custom functionality. Maybe it's something to reset a password, or maybe it's something to clone a user and return the record, I don't know. Just custom "stuff".

什么是最好的实践方式与角度来处理呢？我见过的$资源利用率​​，但它似乎仅是标准的REST方法，我不知道如何来扩展的方式，未来开发商角度就会明白。

What is the best-practice way to handle this with Angular? I've seen the $resource utility, but it seems to only be for the standard REST methods, and I'm not sure how to extend that in a way that the next Angular developer will understand.

推荐答案

如果我正确认识你，你相信你问的是如何让资源的方法自动包含您的令牌？如果这是正确的，那么你可以做这几种方法。首先，你可以扩展predefined资源的方法和烤在将应用于每个呼叫params中，你可以定义你自己的方法。

If I'm understanding you correctly, what I believe you are asking is how to make the resource methods automatically include your token??? If this is correct, then you can do this a couple of ways. First, you can just extend the predefined resource methods and bake in params that will be applied each call or you can define your own methods.

此外，当你调用一个方法，如果参数尚未prequalified，他们最终将在查询字符串。

Also, when you call a method, if parameters have not been prequalified, they will end up on the querystring.

下面是样本code，我写了CakePHP的实现。我传递的行动为每个predefined方法和我自己的初始化方法。

Below is sample code I wrote for a cakephp implementation. I'm passing in action for each of the predefined methods and my own initialize method.

angular.module('myApp.cakephp.services', ['ngResource']).
  factory('CommentSvc', function ($resource) {
        return $resource('/cakephp/demo_comments/:action/:id/:page/:limit:format', { id:'@id', 'page' : '@page', 'limit': '@limit' }, {
          'initialize' : { method: 'GET', params: { action : 'initialize', format: '.json' }, isArray : true },
          'save': { method: 'POST', params: { action: 'create', format: '.json' } },
          'query' : { method: 'GET', params: { action : 'read', format: '.json' } , isArray : true },
          'update': { method: 'PUT', params: { action: 'update', format: '.json' } },
          'remove': { method: 'DELETE', params: { action: 'delete', format: '.json' } } 
        });
  })

希望这有助于

- 丹

这篇关于AngularJS：我如何处理与令牌的安全性和自定义方法RESTful API中？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！