迁移到 Sails.js 0.12 - 中间件迁移 [英] Migrating to Sails.js 0.12 - middleware migration
问题描述
我正在将一个用 0.10.5 编写的旧的 Sails.js 项目迁移到 0.12.x.由于原始代码是很久以前编写的并且可能有一些不符合"的代码,我决定通过启动一个新的风帆项目并缓慢迁移模型/控制器/服务,同时只保留必要的策略和配置来重新构建项目文件.
I am migrating an old sails.js project which was written in 0.10.5 to 0.12.x. Since the original code was written a long time ago and may have some "non-conforming" code I decided to re-build the project by starting a new sails project and slowly migrating the models/controllers/services while keeping only necessary policies and configuration files.
到目前为止,我设法使项目解除,现在我开始处理身份验证.理想情况下,我打算使用带有 jwt 的护照来替换现有的 express-jwt.
So far I managed to get the project to lift and now I am starting to deal with the authentication. Ideally, I intend to move to use passport with jwt to replace existing express-jwt.
我的旧 config/http.js 看起来像这样:
My old config/http.js looks like so:
module.exports.http = {
bodyParser: function() {
//return require('body-parser')({limit: '900mb'});
var opts = { limit:'50mb' };
var fn;
// Default to built-in bodyParser:
fn = require('skipper');
return fn(opts);
},
customMiddleware: function(app) {
var bodyParser = require('body-parser');
var expressJwt = require('../libs/express-jwt');
var experssJwtConfig = require('./jwt.js').jwt;
app.use(function(req, res, next) {
res.setHeader("Access-Control-Allow-Origin", "*");
next();
});
app.use('/api', expressJwt({secret: experssJwtConfig.secret}));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded());
if(process.env.NODE_ENV == 'development') {
// just for local/development - serve static files
}
}
}
如果我理解正确(我不太熟悉堆栈),此代码将覆盖默认正文解析器(使用允许大文件的船长 - 这在 bodyParser 中指定),此外,更改使用的中间件:
If I understand correctly (I am not well versed in the stack) this code overrides the default body parser (using skipper allowing large files - this is specified in bodyParser), and in addition, changes the middleware used:
包括一个中间件来添加
Access-Control-Allow-Origin.
对于 'api' 下的路由,它调用 express-jwt 中间件,在这个实现中(不确定它是默认行为)寻找令牌,然后将用户添加到请求对象(然后在大多数控制器).
For routes under 'api' it invokes the express-jwt middleware which in this implementation (not sure it's the default behavior) looks for the token and then add the user to the request object (which is then used in most of the controllers).
将正文解析器的 (body-parser) json 和 urlencode 添加到中间件链.
Adds body parser's (body-parser) json and urlencode to the middleware chain.
我的问题是我应该保持或多或少不变还是应该改变它?是否存在明显的反模式或安全风险?如果我使用船长,我需要正文解析器 json/urlencode 中间件吗?
My question here is whether I should keep it more or less the same or should I change it? Are there any obvious anti-patterns or security risks? If I use skipper, do I need the body parser json/urlencode middleware?
我能否使用更标准的护照/jwt 代码实现可比的流量?如果是这样,我可以使用 sails-auth 实现这种堆栈,还是应该自己扮演角色?
Would I be able to achieve comparable flows using more standard passport/jwt code? If so, can I achieve this kind of stack with sails-auth or should I role my own?
推荐答案
是的,您可以删除自定义中间件.最新模式更易于管理.首先,
Yes, you can remove the custom middleware. Latest pattern is easier to manage. For starters,
Access-Control-Allow-Origin可以在config/cors.js
您可以通过使用 sails-auth 模块以更sailsy 的方式使用 passport-jwt.并将逻辑拆分为services,使用policies来管理流程等.sails-auth的问题是,npm中的模块已经一年多前发表.它有几个错误.GitHub 存储库虽然有稳定版本.
You can use passport-jwt in a more sailsy way by making use of sails-auth module. And splitting the logic into services, using policies to manage the flow etc. The problem with sails-auth is, the module in npm has been published over an year ago. It has several bugs. The GitHub repo though has stable version.
我已经在sails 中制作了一个最低限度的身份验证服务器,您可以将其扩展为各种护照策略.服务器支持开箱即用的local、bearer、JWT策略.
I have made a bare minimum auth server in sails, which you can extend for various passport strategies. The server supports local, bearer, JWT strategies out of the box.
这篇关于迁移到 Sails.js 0.12 - 中间件迁移的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
