通过AuthController传递用户ID [英] Passing user id with AuthController

问题描述

我刚刚制作了一个简单的身份验证应用程序，使用渡槽作为后端.我使用了渡槽文档页面中的代码进行登录和注册.当我在后端使用此代码登录时

I just made simple authentication app using aqueduct as a back end. I used codes from aqueduct documentation pages for login and registering. When I login with this code in backend

 router
    .route('/auth/token')
    .link(() => AuthController(authServer));

我取回了令牌，令牌类型和到期日期，是否还有机会也传递userId?还是我必须创建自己的控制器才能做到这一点?

I get back token, token type and expiration date, Is there any chance to also pass userId? Or do I have to create my own controller to do that?

更新或者在保存数据时如何在后端保存用户ID

UPDATE or how can I in my backend to save user id when saving the data

  @Operation.post()
  Future<Response> addData(@Bind.body(ignore: ['id']) Data newData) async {
    final query = Query<Data>(context)..values = newData;
    final insertData = await query.insert();
    return Response.ok(insertData);
  }

推荐答案

颤振前端

首先使用用户名/电子邮件和密码登录.如果用户名和密码有效，您将从服务器获得授权令牌.然后使用该令牌向服务器发出其他特权请求.

Flutter frontend

Login initially with the username/email and password. You will get an authorization token back from the server if the username and password are valid. Then use that token to make further privileged requests to the server.

您不需要在客户端上保存有关用户的任何个人数据(电子邮件或密码).但是，如果您不想让用户下次使用该应用程序时再次登录，则可以保存令牌.保存令牌时，应使用安全存储选项. flutter_secure_storage 插件使用 KeyStore 在Android上.

You don't need to save any personal data about the user (email or password) on the client. You can save the token, though, if you don't want to make the user log in again the next time they use the app. When saving the token you should use a secure storage option. The flutter_secure_storage plugin uses KeyChain on iOS and KeyStore on Android.

您可以在后端使用所有想要的用户ID.不过，我不知道需要将它们传递给客户端.在后端，您可以查询用户ID，然后使用它从数据库中获取其他信息.

You can use the user IDs all you want on the backend. I don't know of any need to pass them to the client, though. On the backend you can query the user ID and then use it to fetch other information from the database.

以下是文档中的示例:

Here is an example from the documentation:

class NewsFeedController extends ResourceController {
  NewsFeedController(this.context);

  ManagedContext context;

  @Operation.get()
  Future<Response> getNewsFeed() async {
    var forUserID = request.authorization.ownerID;

    var query = Query<Post>(context)
      ..where((p) => p.author).identifiedBy(forUserID);

    return Response.ok(await query.fetch());
  }
}

客户端仅传递令牌.渡槽基于该令牌为您查找用户ID.现在您知道了用户ID.

The client only passed in the token. Aqueduct looks up the user id for you based on that token. Now you know the user ID.

您的其他表可以在用户ID列中添加一列，以便只有该用户才能保存和检索其数据.在上面的示例中，帖子具有作者，而作者具有ID，即用户ID.

Your other tables can have a column for the user ID so that only that user may save and retrieve their data. In the example above, Posts have an Author and an Author has an ID, that is, the user ID.

where((p) => p.author).identifiedBy(forUserID)

等效于

where((p) => p.author.id).equalTo(forUserID)

您可以在高级中阅读有关此内容的信息.文档中的查询部分.

这篇关于通过AuthController传递用户ID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！