保护API URL数据不被看到。卷曲? [英] Protecting API URL Data from being seen. cURL?
问题描述
我们如何用密码保护通过URL访问的已部署数据?
当前,我们的用户数据可在oursite.com/users上看到。我们如何才能对其设置密码保护,以便只有我们网站开发人员才能通过oursite.com/users查看用户的数据? (这是我的第一个API和已部署的应用程序。)
非常感谢!
How can we password protect our Deployd data accessed via URL?
Currently our users' data is visible on oursite.com/users. How can we make it password protected so that only we,the site developers, can see our users' data via oursite.com/users? (This is my first API and Deployd app.)
Many, many thanks!
我发现以下内容(如果其中任何一个看起来都可以使用):
https://www.npmjs.com/package/dpd-curl-proxy
https://www.npmjs.com/package/passport-oauth
I found the following, if any of these look like they would work: https://www.npmjs.com/package/dpd-curl-proxy https://www.npmjs.com/package/passport-oauth
推荐答案
-
尝试获取事件
Try in your 'get' event
如果(!me)
取消('您没有访问权限');
cancel('You donot have access');
这将限制'users'-resource无需登录即可访问。
This will restrict 'users' -resource from accessed without login.
-
限制对某些用户组的访问-使用角色。
看起来像
To restrict access to certain user group - Use roles. That will look like,
如果(!me&&!me.Admin)
cancel('您没有访问权限') ;
if (!me && !me.Admin) cancel('You donot have access');
您可以尝试MARS CMS https://github.com/moorthi07/MarsCMS 作为快速学习或原型的样板。其中涵盖了Deployed的许多功能,例如身份验证,授权,REST调用,ngResource示例。
You can try MARS CMS https://github.com/moorthi07/MarsCMS as boilerplate to rapid learning or prototype. This covers lots of Deployd's features like authentication , authorization, REST calls, ngResource examples.
这篇关于保护API URL数据不被看到。卷曲?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
