AngularJS:如何使用$ resource请求发送身份验证令牌?
[英]AngularJS: How to send auth token with $resource requests?
问题描述
I want to send an auth token when requesting a resource from my API. 
我想在从API请求资源时发送身份验证令牌。
I did implement a service using $resource: 我确实使用$ resource实现了一项服务:
factory('Todo', ['$resource', function($resource) {
return $resource('http://localhost:port/todos.json', {port:":3001"} , {
query: {method: 'GET', isArray: true}
});
}])
And I have a service that stores the auth token: 我有一个存储身份验证令牌的服务:
factory('TokenHandler', function() {
var tokenHandler = {};
var token = "none";
tokenHandler.set = function( newToken ) {
token = newToken;
};
tokenHandler.get = function() {
return token;
};
return tokenHandler;
});
I would like to send the token from tokenHandler.get with every request send via the Todo service. 我想从tokenHandler.get发送令牌,每个请求都通过Todo服务发送。 I was able to send it by putting it into the call of a specific action. 我能够通过将其置于特定动作的调用中来发送它。 For example this works: 例如,这有效:
Todo.query( {access_token : tokenHandler.get()} );
But I would prefer to define the access_token as a parameter in the Todo service, as it has to be sent with every call. 但我更愿意将access_token定义为Todo服务中的参数,因为它必须随每次调用一起发送。 And to improve DRY. 并改善干旱。 But everything in the factory is executed only once, so the access_token would have to be available before defining the factory and it cant change afterwards. 但是工厂中的所有东西都只执行一次,因此在定义工厂之前必须提供access_token,之后它不能更改。
Is there a way to put a dynamically updated request parameter in the service? 有没有办法在服务中放置动态更新的请求参数?
8 个解决方案
解决方案1
60 已采纳 2012-06-24 21:20:18
Thanks to Andy Joslin. 感谢Andy Joslin。 I picked his idea of wrapping the resource actions. 我选择了包装资源操作的想法。 The service for the resource looks like this now: 资源的服务现在看起来像这样:
.factory('Todo', ['$resource', 'TokenHandler', function($resource, tokenHandler) {
var resource = $resource('http://localhost:port/todos/:id', {
port:":3001",
id:'@id'
}, {
update: {method: 'PUT'}
});
resource = tokenHandler.wrapActions( resource, ["query", "update"] );
return resource;
}])
As you can see the resource is defined the usual way in the first place. 正如您所看到的,资源首先是通常的定义方式。 In my example this includes a custom action called update . 在我的示例中,这包括一个名为update的自定义操作。 Afterwards the resource is overwritten by the return of the tokenHandler.wrapAction() method which takes the resource and an array of actions as parameters. 之后, tokenHandler.wrapAction()方法的返回会覆盖资源,该方法将资源和一系列操作作为参数。
As you would expect the latter method actually wraps the actions to include the auth token in every request and returns a modified resource. 正如您所期望的那样,后一种方法实际上将操作包装在每个请求中包含auth令牌并返回修改后的资源。 So let's have a look at the code for that: 那么让我们来看看代码:
.factory('TokenHandler', function() {
var tokenHandler = {};
var token = "none";
tokenHandler.set = function( newToken ) {
token = newToken;
};
tokenHandler.get = function() {
return token;
};
// wrap given actions of a resource to send auth token with every
// request
tokenHandler.wrapActions = function( resource, actions ) {
// copy original resource
var wrappedResource = resource;
for (var i=0; i < actions.length; i++) {
tokenWrapper( wrappedResource, actions[i] );
};
// return modified copy of resource
return wrappedResource;
};
// wraps resource action to send request with auth token
var tokenWrapper = function( resource, action ) {
// copy original action
resource['_' + action] = resource[action];
// create new action wrapping the original and sending token
resource[action] = function( data, success, error){
return resource['_' + action](
angular.extend({}, data || {}, {access_token: tokenHandler.get()}),
success,
error
);
};
};
return tokenHandler;
});
As you can see the wrapActions() method creates a copy of the resource from it's parameters and loops through the actions array to call another function tokenWrapper() for every action. 如您所见, wrapActions()方法从其参数创建资源的副本,并通过actions数组循环,以便为每个操作调用另一个函数tokenWrapper() 。 In the end it returns the modified copy of the resource. 最后,它返回资源的修改副本。
The tokenWrapper method first of all creates a copy of preexisting resource action. tokenWrapper方法首先创建一个预先存在的资源操作的副本。 This copy has a trailing underscore. 此副本具有尾随下划线。 So query() becomes _query() . 所以query()变成了_query() 。 Afterwards a new method overwrites the original query() method. 然后,新方法将覆盖原始query()方法。 This new method wraps _query() , as suggested by Andy Joslin, to provide the auth token with every request send through that action. 正如Andy Joslin所建议的那样,这个新方法包装_query() ,为每个通过该动作发送的请求提供auth令牌。
The good thing with this approach is, that we still can use the predefined actions which come with every angularjs resource (get, query, save, etc.), without having to redefine them. 这种方法的好处是,我们仍然可以使用每个angularjs资源(获取,查询,保存等)附带的预定义操作,而无需重新定义它们。 And in the rest of the code (within controllers for example) we can use the default action name. 在其余代码中(例如在控制器内),我们可以使用默认操作名称。
解决方案2
34 2013-07-17 08:56:20
Another way is to use an HTTP interceptor which replaces a "magic" Authorization header with the current OAuth token. 另一种方法是使用HTTP拦截器,用当前的OAuth令牌替换“魔术”授权头。 The code below is OAuth specific, but remedying that is a simple exercise for the reader. 下面的代码是针对OAuth的,但对于读者而言,这是一个简单的练习。
// Injects an HTTP interceptor that replaces a "Bearer" authorization header
// with the current Bearer token.
module.factory('oauthHttpInterceptor', function (OAuth) {
return {
request: function (config) {
// This is just example logic, you could check the URL (for example)
if (config.headers.Authorization === 'Bearer') {
config.headers.Authorization = 'Bearer ' + btoa(OAuth.accessToken);
}
return config;
}
};
});
module.config(function ($httpProvider) {
$httpProvider.interceptors.push('oauthHttpInterceptor');
});
解决方案3
21 2013-11-07 14:16:29
I really like this approach: 我真的很喜欢这种方法:
http://blog.brunoscopelliti.com/authentication-to-a-restful-web-service-in-an-angularjs-web-app http://blog.brunoscopelliti.com/authentication-to-a-restful-web-service-in-an-angularjs-web-app
where the token is always automagically sent within the request header without the need of a wrapper. 其中令牌始终在请求标头内自动发送,而不需要包装器。
// Define a new http header
$http.defaults.headers.common['auth-token'] = 'C3PO R2D2';
解决方案4
9 2012-06-24 18:35:59
You could create a wrapper function for it. 您可以为它创建包装函数。
app.factory('Todo', function($resource, TokenHandler) {
var res= $resource('http://localhost:port/todos.json', {
port: ':3001',
}, {
_query: {method: 'GET', isArray: true}
});
res.query = function(data, success, error) {
//We put a {} on the first parameter of extend so it won't edit data
return res._query(
angular.extend({}, data || {}, {access_token: TokenHandler.get()}),
success,
error
);
};
return res;
})
解决方案5
5 2013-05-23 13:38:10
I had to deal with this problem as well. 我也必须处理这个问题。 I don't think if it is an elegant solution but it works and there are 2 lines of code : 我不认为它是否是一个优雅的解决方案,但它的工作原理有两行代码:
I suppose you get your token from your server after an authentication in SessionService for instance. 我想您在SessionService中进行身份验证后从服务器获取令牌。 Then, call this kind of method : 然后,调用这种方法:
angular.module('xxx.sessionService', ['ngResource']).
factory('SessionService', function( $http, $rootScope) {
//...
function setHttpProviderCommonHeaderToken(token){
$http.defaults.headers.common['X-AUTH-TOKEN'] = token;
}
});
After that all your requests from $resource and $http will have token in their header. 之后,来自$ resource和$ http的所有请求都会在其标题中包含令牌。
解决方案6
3 2014-03-26 21:11:07
Another solution would be to use resource.bind(additionalParamDefaults), that return a new instance of the resource bound with additional parameters 另一个解决方案是使用resource.bind(additionalParamDefaults),它返回与其他参数绑定的资源的新实例
var myResource = $resource(url, {id: '@_id'});
var myResourceProtectedByToken = myResource.bind({ access_token : function(){
return tokenHandler.get();
}});
return myResourceProtectedByToken;
The access_token function will be called every time any of the action on the resource is called. 每次调用资源上的任何操作时,都会调用access_token函数。
解决方案7
1 2012-06-24 14:09:31
I might be misunderstanding all of your question (feel free to correct me :) ) but to specifically address adding the access_token for every request, have you tried injecting the TokenHandler module into the Todo module? 我可能误解了你的所有问题(随意纠正我:))但是要专门为每个请求添加access_token ,你试过将TokenHandler模块注入Todo模块吗?
// app
var app = angular.module('app', ['ngResource']);
// token handler
app.factory('TokenHandler', function() { /* ... */ });
// inject the TokenHandler
app.factory('Todo', function($resource, TokenHandler) {
// get the token
var token = TokenHandler.get();
// and add it as a default param
return $resource('http://localhost:port/todos.json', {
port: ':3001',
access_token : token
});
})
You can call Todo.query() and it will append ?token=none to your URL. 您可以调用Todo.query() ,它会将?token=none附加到您的URL。 Or if you prefer to add a token placeholder you can of course do that too: 或者,如果您更喜欢添加令牌占位符,您当然也可以这样做:
http://localhost:port/todos.json/:token
Hope this helps :) 希望这可以帮助 :)
解决方案8
1 2014-10-06 12:52:19
Following your accepted answer, I would propose to extend the resource in order to set the token with the Todo object: 根据您接受的答案,我建议扩展资源,以便使用Todo对象设置令牌:
.factory('Todo', ['$resource', 'TokenHandler', function($resource, tokenHandler) {
var resource = $resource('http://localhost:port/todos/:id', {
port:":3001",
id:'@id'
}, {
update: {method: 'PUT'}
});
resource = tokenHandler.wrapActions( resource, ["query", "update"] );
resource.prototype.setToken = function setTodoToken(newToken) {
tokenHandler.set(newToken);
};
return resource;
}]);
In that way there is no need to import the TokenHandler each time you want to use the Todo object and you can use: 这样,每次要使用Todo对象时都不需要导入TokenHandler,您可以使用:
todo.setToken(theNewToken);
Another change I would do is to allow default actions if they are empty in wrapActions : 我要做的另一个改变是允许默认操作,如果它们在wrapActions为空:
if (!actions || actions.length === 0) {
actions = [];
for (i in resource) {
if (i !== 'bind') {
actions.push(i);
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.