安全对话流程实现 [英] Security Dialogflow fulfillment
问题描述
我为Dialogflow bot编写了一个简单的HTTPS服务器。在我的代码中,我只信任 req
这样的对象:
I wrote a simple HTTPS server for my Dialogflow bot. In my code I just trust the req
object like this:
快速路由:
app.post('/', Route);
Express致电的功能:
The function that Express calls:
function Route(req, res) {
if (req.body.status.errorType !== "success") {
return ;
}
// do something really awesome here
}
我认为这不是一个好主意。我应该检查请求的来源。你怎么看?也许我应该使用basic-auth模块或其他东西,但我不知道如何确保Dialogflow处理 req
对象。我怎么能这样做?
I think it's not a good idea. I should check the origin of the request. What do you think? Maybe I should use a basic-auth module or something, but I have no idea how to ensure the req
object has been processed by Dialogflow. How can I do that?
推荐答案
我找到了自己问题的答案。 Dialogflow让我们定义一些在本文档页面顶部解释的身份验证变量:
https:// dialogflow。 com / docs / fulfillment
I found the answer of my own question. Dialogflow let us define some authentication variable explained at the top of this documentation page: https://dialogflow.com/docs/fulfillment
所以只需浏览req.headers.authorization,您将找到一个身份验证变量,因为HTTP协议描述它:
< a href =https://en.wikipedia.org/wiki/Basic_access_authentication =nofollow noreferrer> https://en.wikipedia.org/wiki/Basic_access_authentication
so just explore the req.headers.authorization you will find an authentication variable as HTTP protocol describe it : https://en.wikipedia.org/wiki/Basic_access_authentication
(连续这三件事:
- 您的对话框用户名
- character':'
- 您的对话框密码
并在base64中对其进行编码)
and encode it in base64)
非常棒!
这篇关于安全对话流程实现的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!