[英]Express.js: Get user's referer url when they post
So I want to create a commenting system for my website, and in order to know the page of the comment (for example, a specific video a user has uploaded), I somehow need to get the url of the page the user is currently on, when they comment (so that I know how to save it in the database). 所以我想为我的网站创建一个评论系统,并且为了知道评论的页面(例如,用户已经上传的特定视频),我不知何故需要获取用户当前所在页面的网址,当他们发表评论时(以便我知道如何将其保存在数据库中)。
The route is like this: app.get('/video/:videoId', function(req, res){...})
so a video url would be something like: /video/98ux8987s987f9xc89v3wjgrkgh32
. 路线是这样的:
app.get('/video/:videoId', function(req, res){...})
所以视频网址类似于: /video/98ux8987s987f9xc89v3wjgrkgh32
。
I need to get the last part of the url, when the user POSTs the comment. 当用户POST评论时,我需要获取url的最后一部分。 I don't want to send the url along with the comment (in the ajax POST function), because they can change it!
我不想发送url和评论 (在ajax POST函数中),因为他们可以改变它!
And by the way I don't need the url post url (if I have something like req.url
in the post function, I'll just get the post url: app.post('/comment', function(req, res){console.log(req.url)}
if I do this I'll get /comment
). 顺便说一下,我不需要url post url(如果我在post函数中有
req.url
之类的东西,我会得到post url: app.post('/comment', function(req, res){console.log(req.url)}
如果我这样做,我会得到/comment
)。
Is there a way to do it ? 有办法吗?
Thank you very much. 非常感谢你。
I'm not sure if I get you, but is this what you mean? 我不确定我是否得到你,但这是你的意思吗?
app.post('/comment/:videoId', function(req, res) {
console.log(req.params.videoId)
}
The videoId parameter is in req.params.videoId. videoId参数位于req.params.videoId中。
You can add hash with url, but it's not unstoppable . 您可以使用网址添加哈希值,但这并不是不可阻挡的 。 In the videoKey you can add the date or user id.
在videoKey中,您可以添加日期或用户ID。
var secretkey = "4658{=#mkZl"; // The user doesn't know this string, and he can't make videoKey.
app.get('/video/:videoId', function(req, res){
res.render('video', {
videoId: req.params.videoId,
videoKey: sha256(secretkey + req.params.videoId + secretkey);
});
};
In your html form : 在您的HTML表单中:
<form action="/comment">
<input type="hidden" name="videoId" value="{videoId}" />
<input type="hidden" name="videoKey" value="{videoKey}" />
</form>
comment function : 评论功能:
var secretkey = "4658{=#mkZl";
app.post('/comment', function(req, res){
if (req.body.videoKey == sha256(secretkey + req.body.videoId + secretkey))
//ok the user got video page, before he comments.
};
var crypto = require('crypto');
function sha256(data) {
return crypto.createHash("sha256").update(data).digest("base64");
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.