如何从网页( nodejs )在服务器上启动命令
[英]How to launch a command on the server from a web page ( nodejs )
问题描述
I think that what i'm trying to do is simple, but I just don't know the proper wording to make my search efficient.
我认为我想要做的很简单,但我只是不知道使我的搜索有效的正确措辞。
I have a webapp, in node js with the express.js framework.我有一个 web 应用程序,在带有 express.js 框架的节点 js 中。 The web pages are templated with EJS and I have a database that contains my data ( MySQL ).网页是用 EJS 模板化的,我有一个包含我的数据( MySQL )的数据库。
When I load a page, I get a list of all the items passed in an object and I have a foreach statement to generate a table.当我加载一个页面时,我会得到一个对象中传递的所有项目的列表,并且我有一个 foreach 语句来生成一个表。
The JS function : JS函数:
listParts: (req, res) => {
let query = `SELECT parts.*, l.product_vehicleId as InstalledOn, v.name as VehicleName FROM parts
LEFT JOIN current_loadout as l ON idpart=l.parts_idparts
LEFT JOIN dataRef.product as v ON v.idvehicle=l.product_vehicleId
WHERE idpart>0;`
db.query(query, (err, qResult) =>{
if ( err == null )
{
res.render('listParts.ejs', {
title: 'RPA parts list',
partList: qResult,
url: req.originalUrl
})
}
});
}
The EJS part : EJS 部分:
<tbody align="center">
<% partList.forEach((part, idx) => {%>
<tr>
<td><%=part.name%></td>
<td><%=part.serial%></td>
<td><%=Math.floor(part.ttsn/60).toFixed()%>:<%=Math.floor(Math.abs(part.ttsn%60)).toFixed(0).padStart(2,'0')%></td>
<td><%=part.maxTTSN%></td>
<td><%=part.maxCalendarDate%></td>
<td><%=part.VehicleName%></td>
<td><%if (part.serviceable) {%>
<a class="badge badge-success">Serviceable</a>
<%}else{%>
<a class="badge badge-danger">Unserviceable</a>
<%}%>
</td>
<td><%if (part.serviceable) {%>
<a href="11"> Make serviceable</a>
<%}else{%>
<a href="11"> Make serviceable</a>
<%}%>
</td>
</tr>
<%})%>
</tbody>
I would like to make a call on the server to query the DB to make a status change on my part object when the user click the button.当用户单击按钮时,我想在服务器上调用以查询数据库以更改我的零件对象的状态。
Usualy I use the href to my a REST API endpoint to call a delete object.通常我使用 REST API 端点的 href 来调用删除对象。
My struggle is : How to make it hidden from the user so people would not be able to call the REST endpoint with a script and change the status of all my parts ??我的挣扎是:如何使其对用户隐藏,以便人们无法使用脚本调用 REST 端点并更改我所有部件的状态?
My background is C and C++ Python ... I am very new to javascript and all the Node module and especially, I am a total noob with frontend stuff.我的背景是 C 和 C++ Python ......我对 javascript 和所有 Node 模块都很陌生,尤其是,我对前端的东西完全是个菜鸟。
Could somebody point me to a good direction É有人能给我指出一个好的方向吗?
1 个解决方案
解决方案1
0 2021-07-15 19:08:02
As the saying goes, protect the route!俗话说,保护路线!
Now, how do we do that, especially when the calls from an un-authenticated client side request?现在,我们如何做到这一点,尤其是当来自未经身份验证的客户端请求的调用时?
Enter JWT (JSON web tokens) It's easier then you think.输入 JWT(JSON Web 令牌)它比您想象的要容易。
A JWT is a token, generated on your server that can contain any number of value, like appID, userID etc etc. These token are then 'encoded' and 'base64' before ultimately sending it back to the user. JWT 是一个令牌,在您的服务器上生成,可以包含任意数量的值,如 appID、用户 ID 等。这些令牌在最终发送回用户之前经过“编码”和“base64”。 The token is encoded with a password, so if a person tries to modify the 'payload' in the token it wont pass the checksum and decode will fail.令牌是用密码编码的,所以如果一个人试图修改令牌中的“有效载荷”,它不会通过校验和,解码将失败。
So what does this really mean?那么这究竟意味着什么呢?
It means, you can now protect your routes with a token auth using middleware to check before processing the request.这意味着,您现在可以使用令牌身份验证保护您的路由,使用中间件在处理请求之前进行检查。 If the token does not match then no update will happen and you can return an unauthorized response to the client.如果令牌不匹配,则不会发生更新,您可以向客户端返回未经授权的响应。
Setting this up is fairly easy, you can install the JWT npm package, this will allow you to generate and decode tokens.设置这个相当简单,你可以安装 JWT npm 包,这将允许你生成和解码令牌。 In your application you would create a 'getToken' endpoint.在您的应用程序中,您将创建一个“getToken”端点。 This would generate the token to pass back to the user ( this is typically done on authentication into the application )这将生成传递回用户的令牌(这通常在对应用程序进行身份验证时完成)
The token is then sent back to the user and stored in a secure cookie ( you can store it however you like but a secure cookie will keep the token secure )然后将令牌发送回用户并存储在安全 cookie 中(您可以随意存储它,但安全 cookie 将确保令牌安全)
When you make your POST request to your other endpoints, simply add the token to the header OR as a post value.当您向其他端点发出 POST 请求时,只需将令牌添加到标头或作为发布值。
On your route, as middleware OR in the route itself read the token, decode it, if there are no errors then the token was valid and process the request otherwise don't update it.在您的路线上,作为中间件或路线本身读取令牌,对其进行解码,如果没有错误,则令牌有效并处理请求,否则不要更新它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.