如何在base64中编码我的实例ID
[英]How can I encode in base64 my instance ID
问题描述
I need to encode my faunadb instance's id because I use it in an URL of this type /mission/(id number)/team 
我需要对我的faunadb实例的id进行编码,因为我在这种类型/任务/(id号)/团队的URL中使用它
I create instance with this: 我用这个创建实例:
/* code from functions/todos-create.js */
import faunadb from 'faunadb' /* Import faunaDB sdk */
/* configure faunaDB Client with our secret */
const q = faunadb.query
const client = new faunadb.Client({
secret: process.env.FAUNADB_SECRET
})
/* export our lambda function as named "handler" export */
exports.handler = (event, context, callback) => {
/* parse the string body into a useable JS object */
const eventBody = JSON.stringify(event.body)
const data = JSON.parse(eventBody)
const mission = {
data: JSON.parse(data)
}
// {"title":"What I had for breakfast ..","completed":true}
/* construct the fauna query */
return client.query(q.Create(q.Ref("classes/missions"), mission))
.then((response) => {
console.log("success", response)
/* Success! return the response with statusCode 200 */
return callback(null, {
statusCode: 200,
body: JSON.stringify(response)
})
}).catch((error) => {
console.log("error", error)
/* Error! return the error with statusCode 400 */
return callback(null, {
statusCode: 400,
body: JSON.stringify(error)
})
})
}
I call this lambda with a function in a service: 我在服务中使用函数调用此lambda:
createMission(data) {
return fetch('/.netlify/functions/mission-create', {
body: JSON.stringify(data),
method: 'POST'
}).then(response => {
return response.json();
});
}
and then I load this at the init of my page with adress '/mission/(id number)/team' : 然后我在我的页面的init上加载地址'/ mission /(id number)/ team':
this._missionService.readById(this.route.snapshot.params.missionId)
with this lambda by a service again: 再次使用这个lambda服务:
import faunadb from 'faunadb'
const q = faunadb.query
const client = new faunadb.Client({
secret: process.env.FAUNADB_SECRET
})
exports.handler = (event, context, callback) => {
const id = event.path.match(/([^\/]*)\/*$/)[0];
console.log(`Function 'mission-read' invoked. Read id: ${id}`)
return client.query(q.Get(q.Ref(q.Class("missions"), id)))
.then((response) => {
console.log("success", response)
return callback(null, {
statusCode: 200,
body: JSON.stringify(response)
})
}).catch((error) => {
console.log("error", error)
return callback(null, {
statusCode: 400,
body: JSON.stringify(error)
})
})
}
Actually this is not secure because url handling with id number is possible to access all my missions. 实际上这是不安全的,因为具有id号码的url处理可以访问我的所有任务。 I want to encode in base64 this id, but I don't know how to do this, I begin in dev and I thought first encrypt id in service and decrypt it in service but someone said me front is not secure, then I want to use base64 in back. 我想在base64中编码这个id,但我不知道如何做到这一点,我开始在dev中我认为首先在服务中加密id并在服务中解密但有人说我前面不安全,那么我想在后面使用base64。 Thanks for advice ! 谢谢你的建议 !
1 个解决方案
解决方案1
4 2019-06-14 19:41:05
The solution to this problem is definitely not to obfuscate the id with base64 ( which will protect nothing ), but instead you need to associate a user id with your sensitive information in the database. 这个问题的解决方案绝对不是用base64来混淆id( 它不会保护任何内容 ),而是需要将用户id与数据库中的敏感信息相关联。
You then can have them authenticate against your auth/data service to establish identity. 然后,您可以让它们针对您的身份验证/数据服务进行身份验证以建立身份。 Then the service will only serve them records that are associated to them. 然后,该服务将仅为它们提供与之关联的记录。
The tricky part of this solution is writing an auth protocol for your lambda services. 这个解决方案的棘手部分是为lambda服务编写auth协议。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.