React 或 Node 中的用户登录名和角色?
[英]User Login and Roles in React or Node?
问题描述
I'm building a new application that is using the full mern stack and I'm stuck on the best practice regarding protected routes, login/register and creating ACL user roles.
我正在构建一个使用完整 mern 堆栈的新应用程序,并且我坚持有关受保护路由、登录/注册和创建 ACL 用户角色的最佳实践。
I'm used to doing this in node with something like passport or jwt but with react having its own router I'm reading that there are ways to also protect routes in react itself.我习惯于在节点中使用护照或 jwt 之类的东西来执行此操作,但是由于 react 拥有自己的路由器,我正在阅读有一些方法可以在 react 本身中保护路由。 What's the best way to proceed with the development and setting up user roles with a full MERN stack?使用完整的 MERN 堆栈进行开发和设置用户角色的最佳方式是什么?
Thanks谢谢
2 个解决方案
解决方案1
1 2019-10-01 20:39:11
Some ways you might go about it are:关于它的一些方法可能是 go
- Pass the permissions to React and have permissions logic in there将权限传递给 React 并在其中包含权限逻辑
- Have React call your API for permission based views.让 React 调用您的 API 以获得基于权限的视图。
Doing number one or two can be encapsulated in a similar way做第一个或第二个可以用类似的方式封装
If you want to show hide based on permissions.如果要根据权限显示隐藏。
class CanUserView extends Component {
state = {allowed: false}
componentDidMount(){
this.checkPermissions()
}
async checkPermssions() {
//This is where the two strategies can differ.
//Either
Api.checkPermission(this.props.permission);
//Or
this.props.user.permissions.includes(permission)
}
render(){
if(this.state.allowed){
return this.props.children
} else {
return null;
}
}
}
Then you can use it in your code like然后你可以在你的代码中使用它
<CanView permission={"Admin"}>
<AdminComponent />
</CanView>
Of Course this doesn't hide the code from users without permissions.当然,这不会对没有权限的用户隐藏代码。 If you want that sort of use case you would probably need to render on the server side and only import allowed JS files.如果你想要那种用例,你可能需要在服务器端渲染并且只导入允许的 JS 文件。
解决方案2
0 2019-10-02 06:43:10
I think the best way to protect routes is creating a ProtectedRoute component.我认为保护路由的最好方法是创建一个 ProtectedRoute 组件。
An example: (note: you can change the logic if the user is logged in or not, here I use a service as an example, you can do whatever your want, maybe check a token in localStorage)一个例子:(注意:你可以改变用户是否登录的逻辑,这里我以一个服务为例,你可以做任何你想做的事情,也许在localStorage中检查一个令牌)
import React from "react";
import { Route, Redirect } from "react-router-dom";
import authService from "../../services/auth-service";
export const ProtectedRoute = ({
path,
component: Component,
auth,
render,
...rest
}) => {
return (
<Route
path={path}
{...rest}
render={props => {
if (authService.isAuthenticated()) {
return Component ? <Component {...props} /> : render(props);
} else {
return <Redirect to="/login" />;
}
}}
/>
);
};
And in your route definitions, instead of Route you can use this component, like the following:在您的路由定义中,您可以使用此组件而不是 Route,如下所示:
<ProtectedRoute path="/protected-zone" exact component={YourProtectedComponent} />
Extending this idea, you can create different ProtectedRoute components for different roles.扩展这个想法,你可以为不同的角色创建不同的 ProtectedRoute 组件。
Hope this helps.希望这可以帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.