堆栈内存溢出
  简体   繁体   English

如何更好地在Loopback中获取当前用户ID

[英]How do I better get current user id in Loopback

 原文  2016-11-04 14:06:39       javascript/ loopbackjs

问题描述

As the loopback.getCurrentContext() has long-living unstability problems and deprecated currently, how can I make sure that when a user performs some operations via API endpoints, I know how to identify him? 由于loopback.getCurrentContext()一直存在长期的不稳定问题,并且目前已弃用,我如何确保当用户通过API端点执行某些操作时,我知道如何识别他?

May be I can send the token id in the request payload and check it? 我可以在请求有效负载中发送令牌ID并进行检查吗? What if user fakes it? 如果用户伪造了该怎么办? What are alternatives to those hacky solutions from the issues page on Github? 在Github的问题页面上,那些骇人听闻的解决方案有哪些替代方案?

1 个解决方案

解决方案1
 0  2016-11-06 07:38:10

Check out https://docs.strongloop.com/display/public/LB/Making+authenticated+requests 查看https://docs.strongloop.com/display/public/LB/Making+authenticated+requests

In summary, once you've logged a user in it should give you back an AccessToken in the response. 总而言之,一旦您在其中登录了用户,就应该在响应中返回一个AccessToken。 You can then use that in the headers or on the query string to prove you're a logged in user: 然后,您可以在标题或查询字符串中使用它来证明您是登录用户: 

# Authorization Header
curl -X GET -H "Authorization: $ACCESS_TOKEN" \
http://localhost:3000/api/widgets

# Query Parameter
curl -X GET http://localhost:3000/api/widgets?access_token=$ACCESS_TOKEN

This cannot easily be faked, as the access token is checked on each request to ensure it's current and valid. 这很容易被伪造,因为对每个请求都会检查访问令牌以确保它是最新和有效的。

Once you've done this, you can get at the accessToken via (taken from https://github.com/strongloop/loopback/issues/569#issuecomment-60924099 except attaching the user to the req object) 完成此操作后,您可以通过以下方式获取accessToken(取自https://github.com/strongloop/loopback/issues/569#issuecomment-60924099,但将用户附加到req对象除外) 

app.use(function(req, res, next) {
  app.currentUser = null;
  if (!req.accessToken) return next();
  req.accessToken.user(function(err, user) {
    if (err) return next(err);
    req.currentUser = user;
    next();
  });
});

Add this to your server.js or a boot script and therefore have the user object on ctx.req.currentUser at any point. 将此添加到您的server.js或启动脚本中,从而随时将user对象放在ctx.req.currentUser上。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何从环回 API 获取当前用户的数据? - How to get current user's data from loopback API? 如何找到使用jwt“登录”的当前用户的ID? 我正在尝试发出GET请求并按特定ID进行过滤 - How do I find the id of the current user that is “logged in” with a jwt? I am trying to make a GET request and filter by specific id 如何获取不和谐用户的 4 位用户 ID? - How do I get the 4 digit user ID of a discord user? Bixby javascript - 如何获取用户当前位置 - Bixby javascript - How do I get user current location 如何获得Strongloop环回模型? - How do I get a hold of a Strongloop loopback model? 如何获取发送邮件的用户的ID? - How do I get the ID of a user that sent the message? 如何将当前用户的ID插值到Ajax的url部分中? - How do I interpolate the current user's id into the url section in ajax? 当我将javascript变量存储在mysql中时,如何将其链接到当前用户的ID? - When I store a javascript variable in mysql, how does it get linked to the current user's id? Jquery:如何获取我点击的元素的当前id并更改它的名称? - Jquery : How do I get the current id of the element I have clicked on and change it’s name? 如何获取触发javascript中的horizo​​nSwiper事件的当前元素ID? - How do I get the current element id which triggered horizonSwiper event in javascript?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM