Sails 在 GET 中禁用 REST 标准 [英] Sails disable criteria for REST in GET
问题描述
我已经实施了护照本地策略和护照持有人策略.
I have implemented passport-local strategy and passport-bearer strategy.
当用户使用用户名/密码凭据登录时,我生成返回给请求者的 JSON Web 令牌.在每个请求中,我从查询中获取 access_token
,将此令牌从 JWT 解码为对象,并在 /api/policies
中实现承载授权.并且所有身份验证都可以正常工作.
When user logins with username/password credentials, I generate JSON Web Token which returns to requester. On each request I get access_token
from query, decode this token from JWT to object and make bearer authorization implemented in /api/policies
. And all auth works fine.
但是当我将此 access_token
提供给 RESTful 路由时,即 user
我得到了空数组.
But when I provide this access_token
to RESTful route i.e. user
I got empty array.
问题,Sails 接受 access_token
作为条件.
The problem, that Sails accepts access_token
as criteria.
示例:
<代码>GET/user ## 禁止GET/user?access_token=
如何禁用或修复它?
推荐答案
在标题中发送访问令牌可能比在 URL 中发送更好.但是,如果您要问的是如何将某个属性列入黑名单,以免在蓝图路由中用作条件,则可以在您的 config/routes.js 文件中通过以下方式完成:
You would probably be better off sending your access token in a header than in the URL. But if what your asking is how to blacklist a certain property from being used as criteria in a blueprint route, it can be done in the following way in your config/routes.js file:
"GET /user": {blueprint: "find", criteria: {blacklist: ["access_token"]}}
这将覆盖默认黑名单,因此您可能希望在自定义数组中包含这些默认值:
This will override the default blacklist, so you may want to include those defaults in your custom array:
"GET /user": {
blueprint: "find",
criteria: {
blacklist: ["access_token", "limit", "skip", "sort", "populate"]
}
}
这篇关于Sails 在 GET 中禁用 REST 标准的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!