通过 REST api 创建帐户
[英]Create an account through a REST api
问题描述
I'd like to create a secure API in node.js for my mobile app.
我想在node.js中为我的移动应用程序创建一个安全的 API。 Basically I would like users to be able to create their account through the app (with email and password), so I'm wondering what would be the right way.基本上我希望用户能够通过应用程序创建他们的帐户(使用 email 和密码),所以我想知道什么是正确的方法。 I imagine something like this:我想象这样的事情:
curl -d '{"email":"hello@world", "password":"1234"}' -H "Content-Type: application/json" -X POST https://myapi/users
So server would reply with the new created user and oauth usual tokens in order to authenticate the next requests so:因此服务器将回复新创建的用户和 oauth 常用令牌,以验证下一个请求,因此:
{
id: '1234455656',
email: 'hello@world',
auth_token: 'my_auth_token'
refresh_token: 'my_refresh_token'
}
It just doesn't feel like the best secure way to do it as anyone could create a user even without the app, and I'm wondering if this is how apps usually deal with this?它只是感觉不是最好的安全方式,因为即使没有应用程序,任何人都可以创建用户,我想知道这是否是应用程序通常处理这个问题的方式? Maybe there's even something better than express to do this well也许还有比快递更好的东西来做好这件事
1 个解决方案
解决方案1
2 2019-09-23 19:17:36
Don't you want anyone to be able to create an account?您不希望任何人都能够创建帐户吗?
Here are a few ideas:这里有一些想法:
To prevent users from creating accounts without the app, require an api key with the signup request (in a header for example) that is bundled with the app build.为了防止用户在没有应用程序的情况下创建帐户,需要一个 api 密钥以及与应用程序构建捆绑在一起的注册请求(例如在 header 中)。
You should also require users to verify their email addresses, and you could clean out user accounts which have not verified their email address after a period of time.您还应该要求用户验证他们的 email 地址,并且您可以在一段时间后清除没有验证其 email 地址的用户帐户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.