Amazon web services 我应该把Cognito删除用户逻辑放在前端还是后端?
对于在我的网站中创建cognito用户,逻辑如下。Amazon web services 我应该把Cognito删除用户逻辑放在前端还是后端?,amazon-web-services,aws-lambda,amazon-dynamodb,Amazon Web Services,Aws Lambda,Amazon Dynamodb,对于在我的网站中创建cognito用户,逻辑如下。 Register.jsx import { Auth } from "aws-amplify"; ... // create user in Cognito User Pool in frontend const signUpResponse = await Auth.signUp({ username, pass
Register.jsx
import { Auth } from "aws-amplify";
...
// create user in Cognito User Pool in frontend
const signUpResponse = await Auth.signUp({
username,
password,
attributes: {
email: email
}
})
// using lambda function and api gateway for this request
// in order to create user in my "User" table in Dynamodb
const createAdminResponse = await APIHandler.createAdmin(payload)
...
用户表-id(字符串):分区键 对于用户删除,我正在考虑最好的方法是什么。
这是我当前用于删除数据库中用户的lambda函数
'use strict'
const AWS = require('aws-sdk');
exports.handler = async function (event, context, callback) {
const documentClient = new AWS.DynamoDB.DocumentClient();
let responseBody = "";
let statusCode = 0;
const { id } = event.pathParameters;
const params = {
TableName : "User",
Key: {
id: id,
}
};
try{
const data = await documentClient.delete(params).promise();
responseBody = JSON.stringify(data);
statusCode = 204
}catch(err){
responseBody = `Unabel to delete admin: ${err}`;
statusCode = 403
}
const response = {
statusCode: statusCode,
headers:{
"Content-Type": "application/json",
"access-control-allow-origin": "*"
},
body: responseBody
}
return response
}
我正在考虑是删除前端cognito用户池中的用户,还是包含在上面的lambda函数中,还是创建一个单独的lambda函数。这是从文档中复制的
const AWS = require('aws-sdk');
AWS.config.update({
accessKeyId: 'access key id',
secretAccessKey: 'secret access key',
region: 'region',
});
const cognito = new AWS.CognitoIdentityServiceProvider();
await cognito.adminDeleteUser({
UserPoolId: 'pool id',
Username: 'username',
}).promise();
如果我在lambda函数中使用它,我还需要在代码中包含我的aws配置,这不是很糟糕的做法吗?但是我不确定我应该在哪里使用代码,
有人能给我一些建议吗?设计真的取决于你,它取决于多个因素,但我在这里草拟了一些选项
如果我在frontned中使用访问密钥和密钥,我应该如何保护它?我们可以使用角色而不是密钥