Hyperledger Composer Web 应用程序用户身份验证 [英] Hyperledger Composer Web application user authentication
问题描述
我已经使用 hyperledger composer 创建了一个业务网络,我创建了一个简单的 web 应用程序,用于添加参与者并使用 angular 通过 web 界面提交事务.
I already created a business network using hyperledger composer and I created a simple web app for adding participants and submitting transactions through web interface by using angular.
此外,我使用passport为REST服务器启用了身份验证,并且我使用了多用户模式,因此我可以将业务网卡导出到rest api并更改默认卡并通过不同用户提交交易.
Also, I have enabled authentication for the REST server using passport and I have used multiple user mode so I could export business network card to the rest api and change the default card and submit transaction via different users.
现在我想创建我的 Web 应用程序的注册部分,这样我的用户就可以通过 Web 应用程序进行注册,发出身份,然后根据他们在 ACL 文件中定义的访问级别提交交易或查看系统.是否有任何资源或任何想法可以指导我如何做?是否有任何已实现 Web 应用程序并包括用户注册和身份验证的示例?
Now I want to create the registration part of my web app, so my users could be able to register through the web application, issue an identity and then submit transactions or view the system based on their level of access defined in ACL file. Is there any resource or any idea to guide me how can I do it? Is there any sample which has implemented web application and includes user registration and authentication?
推荐答案
参见 https://github.com/hyperledger/composer-sample-networks/blob/v0.16.x/packages/trade-network/test/Trading.js#L21 但使用 FileSystemCardStore 而不是 MemoryCardStore - 我们现在对此的文档有问题 - https://github.com/hyperledger/composer/issues/3088 大致流程是:
see https://github.com/hyperledger/composer-sample-networks/blob/v0.16.x/packages/trade-network/test/trading.js#L21 but use FileSystemCardStore instead of MemoryCardStore - we have an issue on documentation for this right now - https://github.com/hyperledger/composer/issues/3088 the general flow is :
问题身份,businessNetworkConnection.issueIdentity(NS + '#' + userData.id,userData.user);.... var userCard = new IdCard({...});userCard.setCredentials(凭据);...
Issue identity, businessNetworkConnection.issueIdentity(NS + '#' + userData.id, userData.user); .... var userCard = new IdCard({...}); userCard.setCredentials(credentials); ...
进口卡:adminConnection.importCard(userCardName, userCard);.... .then(() => {//
Import Card: adminConnection.importCard(userCardName, userCard); .... .then(() => { //
连接业务网络:(使用区块链身份...
Connect to the business network: (using the blockchain identity ...
businessNetworkConnection = new BusinessNetworkConnection({ cardStore: cardStore });
businessNetworkConnection.connect(userCardName); } ...
对于来自该用户的所有后续连接(例如,来自他/她登录的 Web 应用程序):
For all subsequent connects from that user (eg. from the web application he/she is logged into) :
bizNetworkConnection.connect(`${cardName})
ON 用户注册位,一旦您收到注册有效负载,您就可以使用 Composer 为该用户创建参与者和作曲家(区块链)身份 - 然后如上所述创建卡,连接到它(以获取下载的证书)然后导出该卡,与刚刚注册的用户共享.使用 REST,您可以导入卡片(具有知道如何连接到 Composer 运行时的连接配置文件),然后它们可以与业务网络进行交互.
ON user registration bit, once you received the registration payload, you can use Composer to create a participant and composer (blockchain) identity for that user - then create the card as above, connect to it (to get the certificate downloaded) then export that card, to be shared with the user that just registered. Using REST you can import the card (that has a connection profile that knows how to connect to the Composer runtime) then they can interact with the business network.
做用户注册/认证,不用样品(别人可能会及时回答)..
Do user registration / authentication, don't have samples (others may answer in time)..
其中 cardname 是例如用户 ID 或电子邮件地址,并执行您想要的任何数据更改或交易.
where cardname is for example the user id or email address, and execute whatever data changes or transactions you want.
例如对于使用 JWT 时的 POST/items:
So for example for POST /items when using JWT:
- 检查它是否具有请求的有效令牌
- 创建新的 BusinessNetworkConnection(上图)或从池中获取
- 通过传入您从令牌中获取的用户 ID/卡名来连接到此 BusinessNetworkConnection - 这将从卡库中检索卡
- 一旦连接,用户就可以与业务网络进行交互
在身份验证方面,显然可以保护 REST Server 端点(连接网关保护用于向外消费).您是否考虑过使用 JWT 作为策略和/或考虑使用 Node-Red 进行注册/身份验证流程?
On authentication, obviously REST Server endpoints can be secured (with connect gateways secured for outward consumption). Have you considered using JWT as a strategy and/or considered Node-Red for registration/auth flow ?
无论如何,这些资源可能会帮助您获得一些见解:
Anyway these resources may help give you some insights:
https://medium.freecodecamp.org/securing-node-js-restful-apis-with-json-web-tokens-9f811a92bb52
https://www.compose.com/articles/身份验证节点红色与 jsonwebtoken/
希望这会有所帮助.
这篇关于Hyperledger Composer Web 应用程序用户身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
