堆栈内存溢出
  简体   繁体   English

在某些 REST API 上有选择地启用 HTTP 基本身份验证

[英]Selectively enable HTTP basic authentication on some REST APIs

 原文  2015-12-23 08:54:04       javascript/ node.js/ rest/ authentication/ restify

问题描述

I am using node.js restify to build a REST API server.我正在使用 node.js restify 来构建 REST API 服务器。

I have added HTTP Basic authentication to the REST APIs.我已将 HTTP 基本身份验证添加到 REST API。 However, I only want some selected APIs to have authentication.但是,我只希望某些选定的 API 进行身份验证。 Currently, all the REST APIs have to be authenticated.目前,所有 REST API 都必须经过身份验证。

Code for enabling HTTP Basic authentication;启用 HTTP 基本身份验证的代码;

server.use(restify.authorizationParser());

        function verifyAuthorizedUser(req, res, next)
        {
            var users;

            users = {
                foo: {
                    id: 1,
                    password: 'bar'
                }
            };

            if (req.username == 'anonymous' || !users[req.username] || req.authorization.basic.password !== users[req.username].password) {
                // Respond with { code: 'NotAuthorized', message: '' }
                next(new restify.NotAuthorizedError());
            } else {
                next();
        }

        next();
    }//function verifyAuthorizedUser(req, res, next)

    server.use(verifyAuthorizedUser);

Here are some of the APIs I have;以下是我拥有的一些 API;

var api_get_XXX = function (app) {
    function respond(req, res, next) {
    //action
    }; 
    // Routes
    app.get('/XXX', respond);
} 

var api_get_YYY = function (app) {
    function respond(req, res, next) {
    //action
    }; 
    // Routes
    app.get('/YYY', respond);
} 

var api_get_ZZZ = function (app) {
    function respond(req, res, next) {
    //action
    }; 
    // Routes
    app.get('/ZZZ', respond);
} 

api_get_XXX(server);
api_get_YYY(server);
api_get_ZZZ(server);

I would like to enable authentication for api_get_XXX() , api_get_YYY() but disable authentication for api_get_ZZZ() .我想为api_get_XXX()api_get_YYY()启用身份验证但禁用api_get_ZZZ()身份验证。

1 个解决方案

解决方案1
 1 已采纳  2015-12-23 09:27:53

You could maintain an array/object containing the exceptions:您可以维护一个包含异常的数组/对象:

function verifyAuthorizedUser(req, res, next) {
    // list your public paths here, you should store this in global scope
    var publicPaths = {
        '/ZZZ': 1
    };

    // check them here and skip authentication when it's public
    if (publicPaths[req.path()]) {
        return next();
    }

    var users;
    users = {
        foo: {
            id: 1,
            password: 'bar'
        }
    };

    if (req.username == 'anonymous' || !users[req.username] || req.authorization.basic.password !== users[req.username].password) {
        // Respond with { code: 'NotAuthorized', message: '' }
        next(new restify.NotAuthorizedError());
    } else {
        next();
    }

    next();
}

Or you can use an existing middleware for authentication: https://github.com/amrav/restify-jwt或者您可以使用现有的中间件进行身份验证: https : //github.com/amrav/restify-jwt

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Fastify:省略一些 API 使用基本认证 - Fastify: Ommit some APIs from using basic authentication Meteor基本HTTP身份验证 - Meteor basic HTTP authentication 事件源和基本 http 身份验证 - EventSource and basic http authentication AngularJS中的HTTP基本身份验证 - HTTP Basic Authentication in AngularJS 使用带有角度2的http rest apis - Using http rest apis with angular 2 AJAX HTTP基本身份验证解决方法 - AJAX HTTP Basic Authentication Workaround http 基本认证“登出” - http basic authentication “log out” jQuery自动完成-Http基本身份验证 - JQuery Autocomplete - Http Basic Authentication HTTP基本身份验证用户名 - HTTP Basic authentication user name 在angularjs中向此HTTP GET添加HTTP基本身份验证 - Add HTTP basic authentication to this HTTP GET in angularjs
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM