React / Redux应用程序中的身份验证
[英]Authentication in React/Redux application
问题描述
I'm relatively new to redux and basically to the concept, where front-end separated from back-end. 
我对redux还是相对较新的,基本上是概念,前端与后端是分开的。 Earlier, i used laravel and RoR frameworks, where you can actually combine front-end and back-end logic and access back-end code in views. 之前,我使用了laravel和RoR框架,您可以在其中实际组合前端和后端逻辑,并在视图中访问后端代码。 With this approach, it's easy to handle authentication, because frameworks i mentioned above have sessions middleware which gives the possibility to retrieve authenticated user data even after page refresh. 使用这种方法,可以很容易地进行身份验证,因为上面提到的框架具有会话中间件,即使在刷新页面后,会话中间件也可以检索经过身份验证的用户数据。
Things changed when you're working with redux. 使用redux时,情况发生了变化。 I understand the part how to authenticate the user (basically send POST request and write data to the store), but how can i handle page refresh, so all the data gets reset by initial state of reducers? 我了解这一部分如何验证用户身份(基本上发送POST请求并将数据写入存储),但是我如何处理页面刷新,因此所有数据都由reducer的初始状态重置?
Seems to me that the only way out is to store authenticated user in the localStorage and if it's presistent there - make it an initial state of reducer? 在我看来,唯一的出路是将经过身份验证的用户存储在localStorage中,如果该存储持久存在,将其设置为reducer的初始状态? Is it safe? 安全吗? Or maybe there are some best practices about this approach? 也许有一些关于这种方法的最佳实践?
[IMPORTANT] Few words about my back-end logic: [重要]关于我的后端逻辑的几句话:
I'm using laravel as a back-end (which basically renders react view with router, where all of the front-end logic are, if url doesn't starts with /api ). 我正在使用laravel作为后端( 如果 url并非以/ api开头, 则基本上是使用路由器渲染反应视图,其中所有前端逻辑都在路由器上)。
I'm not using JWT or any token approaches, because i have access to all the default middlewares, which gives me possibility to send request with the user data and get session identifier as cookies (so each ajax request from react\\redux app gets automatically authenticated by laravel). 我没有使用JWT或任何令牌方法,因为我可以访问所有默认的中间件,这使我可以发送带有用户数据的请求并以cookie的形式获取会话标识符(因此来自react \\ redux应用程序的每个ajax请求都会自动获取由laravel验证)。
1 个解决方案
解决方案1
0 2018-03-17 12:43:48
When your app loads and the redux store is initialized you can read from cookies or localStorage and pass the session ID into the preloaded state with redux's createStore . 当您的应用加载并且Redux存储已初始化时,您可以从cookie或localStorage中读取数据,并通过redux的createStore将会话ID传递到预加载状态。
This is enough to initially fetch the user data from the server. 这足以从服务器上最初获取用户数据。 Typically this is an async redux action triggered by your root App component's componenWillMount . 通常,这是由您的根App组件的componenWillMount触发的异步redux操作。
Whenever the session ID changes, you make sure it's persisted in localStorage, cookies, or whatever you chose. 每当会话ID更改时,您都要确保将其保存在localStorage,Cookie或您选择的任何内容中。
If you don't want to use preloadedState for createStore , you can also read the session ID in the initialState of the reducer responsible for auth/user data. 如果您不想将preloadedState用于createStore ,则还可以在负责身份验证/用户数据的化简器的initialState中读取会话ID。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.