从ASP.MVC中基于AOP的身份验证到nodeJS
[英]Coming from AOP based authentication in ASP.MVC to nodeJS
问题描述
When I am in the .net world and using MVC a common pattern used when wanting to do cross cutting concerns such as logging, authentication, transaction management etc I would use DI paired with AOP to basically put attributes on my methods which required proxying/weaving. 
当我在.net世界中并且使用MVC时,如果想进行诸如日志记录,身份验证,事务管理之类的跨领域问题时,会使用一种通用模式,那么我将使用DI与AOP配对,从而将属性基本上放在需要代理/编织的方法上。
So it may look like: 所以它看起来像:
public class SomeController
{
[Authenticate]
public ActionResult SomeAuthenticatedAction() {}
public ActionResult NotAuthenticatedAction() {}
}
So given the above when SomeAuthenticatedAction was called it would check the request for an authorization cookie do some logic around that and either bomb the user out with a 401 or something. 因此,鉴于上述情况,当调用SomeAuthenticatedAction时,它将检查对授权cookie的请求,围绕该请求做一些逻辑,然后用401或类似的东西轰炸用户。 It would know to do this because it has an attribute on it that at runtime it knows to hook into and proxy. 它会知道执行此操作,因为它具有一个在运行时知道可以挂接和代理的属性。
Now I am in javascript land and am looking at getting the same sort of functionality but doing it the best way for that platform. 现在,我在javascript领域,正在寻找获得相同功能的方法,但是它是针对该平台的最佳方法。 So I am wondering how I should go about doing this in nodejs, as there is no sort of attribute paradigm in javascript so without either ingraining the authentication into each app.* (get,post etc) call which I dont like, or at the application entry point proxy each action I know needs to be authenticated, which is not ideal either. 所以我想知道我应该如何在nodejs中执行此操作,因为javascript中没有属性范式,因此既不将身份验证加进每个app.* (get,post etc)调用我不喜欢或在应用程序入口点代理我知道的每个操作都需要进行身份验证,这也不理想。
So is there a way for me to indicate that a method should have some cross cutting concern applied to it, without actually putting the logic in there? 因此,有没有办法让我指出一种方法应该在不涉及逻辑的情况下对其应用一些横切关注? So that way the web code doesnt know about the authentication mechanism, and the app entry point doesnt know about the specific method, it just knows it wants all methods which have some meta-data with them? 这样,Web代码就不知道身份验证机制,而应用程序入口点也不知道特定方法,只知道它想要所有带有一些元数据的方法?
I hope this makes sense, as if you dont use AOP much you probably will think im talking in riddles, but doing this this way makes my code a lot easier to test and maintain and also allows me to re-configure applications very quickly. 我希望这是有道理的,就好像您不大量使用AOP一样,您可能会认为我在胡说八道,但是这样做可以使我的代码更容易测试和维护,还可以使我快速重新配置应用程序。
So far I have found Hooker , which can do the proxying part of the puzzle although not quite sure how I would get the underlying request object in it, but I wouldnt see the proxying of an object in JS being too much of a pain, but I just need to find a way to identify the methods to intercept... any info would be great. 到目前为止,我已经找到了Hooker ,它可以解决难题的代理部分,尽管不太确定如何在其中获取基础的请求对象,但是我不会看到JS中对象的代理太麻烦了,但是我只需要找到一种方法来识别要拦截的方法...任何信息都很好。
== Edit == ==编辑==
After reading up a bit more it may look like what I should be doing is using middleware layers to do what I need, as this would at least allow simpler code and the intentions of routes would be clearer. 阅读更多内容后,看来我应该做的就是使用中间件层来完成我需要的工作,因为这至少将允许使用更简单的代码,并且路由的意图会更清楚。 Will keep looking at come back once I find out more or a better answer appears. 一旦发现更多或出现更好的答案,我们将继续寻找回来。
1 个解决方案
解决方案1
0 已采纳 2013-08-08 12:56:21
As there has been no answers I will mention what I have done, which is made a class which contains the logic that needs to be carried out on the route, then made a function that is exported as the middleware entry point. 由于没有答案,因此我将提及我所做的事情,这使它成为一个包含需要在路由上执行的逻辑的类,然后使该函数作为中间件入口点导出。 That way I can unit test the logic and use the middleware to inject the "concern" into that route. 这样,我可以对逻辑进行单元测试,并使用中间件将“关注点”注入该路由。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.