I have a meteor site in which the login process is done via github. Github has aa very easy API and I can easily do this. However, when this authentication process is done, I have no idea how to validate requests made by the client. I think I need to use the collection's allow
and deny
methods, but how do I know which user made the request. I haven't seen any cookie information. Any help would be appreciated ?
allow
and deny
pass the userId along with the object trying to be updated...
We do it like this:
Fundraiser.allow({
insert: function (userId, fundraiser) {
return userId;
},
update: function (userId, fundraiser, fields) {
return fundraiser.userId === userId;
},
remove: function (userId, fundraiser) {
return fundraiser.userId === userId;
}
});
Kind of, and its default expiration time is 90 days :
console.log("sessions:", Meteor.user().services.resume.loginTokens)
Unfortunately services.resume.loginTokens
is not valid for storage according to Mongo, so use UserSession .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.