Sails 在 GET 中禁用 REST 标准 [英] Sails disable criteria for REST in GET

问题描述

我已经实施了护照本地策略和护照持有人策略.

I have implemented passport-local strategy and passport-bearer strategy.

当用户使用用户名/密码凭据登录时，我生成返回给请求者的 JSON Web 令牌.在每个请求中，我从查询中获取 access_token，将此令牌从 JWT 解码为对象，并在 /api/policies 中实现承载授权.并且所有身份验证都可以正常工作.

When user logins with username/password credentials, I generate JSON Web Token which returns to requester. On each request I get access_token from query, decode this token from JWT to object and make bearer authorization implemented in /api/policies. And all auth works fine.

但是当我将此 access_token 提供给 RESTful 路由时，即 user 我得到了空数组.

But when I provide this access_token to RESTful route i.e. user I got empty array.

问题，Sails 接受 access_token 作为条件.

The problem, that Sails accepts access_token as criteria.

示例:

<代码>GET/user ## 禁止GET/user?access_token=##空数组

如何禁用或修复它?

推荐答案

在标题中发送访问令牌可能比在 URL 中发送更好.但是，如果您要问的是如何将某个属性列入黑名单，以免在蓝图路由中用作条件，则可以在您的 config/routes.js 文件中通过以下方式完成:

You would probably be better off sending your access token in a header than in the URL. But if what your asking is how to blacklist a certain property from being used as criteria in a blueprint route, it can be done in the following way in your config/routes.js file:

"GET /user": {blueprint: "find", criteria: {blacklist: ["access_token"]}}

这将覆盖默认黑名单，因此您可能希望在自定义数组中包含这些默认值:

This will override the default blacklist, so you may want to include those defaults in your custom array:

"GET /user": {
  blueprint: "find", 
  criteria: {
      blacklist: ["access_token", "limit", "skip", "sort", "populate"]
  }
}

这篇关于Sails 在 GET 中禁用 REST 标准的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！