Node.js FeatherJS身份验证停用用户
我正在使用FeathersJS,并对它提供的身份验证感到满意。我认为这是本地JWT。客户端请求用户管理,并能够禁用某些功能。在用户模型中有字段isDisabled,但很难确定应该在哪里执行检查以及如何设置检查 @feathersjs/feathers:^3.0.2, @FeatherJS/身份验证:^2.1.0, @FeatherJS/authentication jwt:^1.0.1, @FeatherJS/本地身份验证:^1.0.2,Node.js FeatherJS身份验证停用用户,node.js,feathersjs,Node.js,Feathersjs,我正在使用FeathersJS,并对它提供的身份验证感到满意。我认为这是本地JWT。客户端请求用户管理,并能够禁用某些功能。在用户模型中有字段isDisabled,但很难确定应该在哪里执行检查以及如何设置检查 @feathersjs/feathers:^3.0.2, @FeatherJS/身份验证:^2.1.0, @FeatherJS/authentication jwt:^1.0.1, @FeatherJS/本地身份验证:^1.0.2, 这取决于您要检查的位置。您可以在“用户”服务上为get方
这取决于您要检查的位置。您可以在“用户”服务上为get方法创建或:
这取决于你想去哪里检查。您可以在“用户”服务上为get方法创建或:
我直接在我的身份验证钩子中这样做:
const { authenticate } = require('@feathersjs/authentication').hooks
const { NotAuthenticated } = require('@feathersjs/errors')
const verifyIdentity = authenticate('jwt')
function hasToken(hook) {
if (hook.params.headers == undefined) return false
if (hook.data.accessToken == undefined) return false
return hook.params.headers.authorization || hook.data.accessToken
}
module.exports = async function authenticate(context) {
try {
await verifyIdentity(context)
} catch (error) {
if (error instanceof NotAuthenticated && !hasToken(context)) {
return context
}
}
if (context.params.user && context.params.user.disabled) {
throw new Error('This user has been disabled')
}
return context
}
你看,我确实检查了刚刚加载的用户记录,并抛出了一个错误以防万一。由于之前调用了此钩子:在执行任何操作之前,所有用户都被拒绝。我直接在我的authenticate钩子中执行了此操作:
const { authenticate } = require('@feathersjs/authentication').hooks
const { NotAuthenticated } = require('@feathersjs/errors')
const verifyIdentity = authenticate('jwt')
function hasToken(hook) {
if (hook.params.headers == undefined) return false
if (hook.data.accessToken == undefined) return false
return hook.params.headers.authorization || hook.data.accessToken
}
module.exports = async function authenticate(context) {
try {
await verifyIdentity(context)
} catch (error) {
if (error instanceof NotAuthenticated && !hasToken(context)) {
return context
}
}
if (context.params.user && context.params.user.disabled) {
throw new Error('This user has been disabled')
}
return context
}
你看,我确实检查了刚刚加载的用户记录,并抛出了一个错误以防万一。因为这个钩子以前被调用过:在任何操作完成之前,所有用户都被拒绝。至于feathers 4,您可以非常轻松地扩展您的身份验证策略。例如,如果我们希望用户只能登录并验证其JWT,我们将在authentication.ts Typescript中执行以下操作:
import { Id, Query, ServiceAddons } from '@feathersjs/feathers';
import { AuthenticationService, JWTStrategy } from '@feathersjs/authentication';
import { LocalStrategy } from '@feathersjs/authentication-local';
import { expressOauth } from '@feathersjs/authentication-oauth';
import { Application } from './declarations';
declare module './declarations' {
interface ServiceTypes {
'authentication': AuthenticationService & ServiceAddons<any>;
}
}
通过altergetentity扩展JWT策略,在用户处于非活动状态时返回null
class CustomJWTStrategy extends JWTStrategy {
async getEntity(id: Id) {
const entity = await this.entityService.get(id);
if (!entity.active) {
return null;
}
return entity;
}
}
export default function(app: Application): void {
const authentication = new AuthenticationService(app);
authentication.register('jwt', new CustomJWTStrategy());
authentication.register('local', new CustomLocalStrategy());
app.use('/authentication', authentication);
app.configure(expressOauth());
}
至于feathers 4,您可以非常轻松地扩展您的auth策略。例如,如果我们希望用户只能登录并验证其JWT,我们将在authentication.ts Typescript中执行以下操作:
import { Id, Query, ServiceAddons } from '@feathersjs/feathers';
import { AuthenticationService, JWTStrategy } from '@feathersjs/authentication';
import { LocalStrategy } from '@feathersjs/authentication-local';
import { expressOauth } from '@feathersjs/authentication-oauth';
import { Application } from './declarations';
declare module './declarations' {
interface ServiceTypes {
'authentication': AuthenticationService & ServiceAddons<any>;
}
}
通过altergetentity扩展JWT策略,在用户处于非活动状态时返回null
class CustomJWTStrategy extends JWTStrategy {
async getEntity(id: Id) {
const entity = await this.entityService.get(id);
if (!entity.active) {
return null;
}
return entity;
}
}
export default function(app: Application): void {
const authentication = new AuthenticationService(app);
authentication.register('jwt', new CustomJWTStrategy());
authentication.register('local', new CustomLocalStrategy());
app.use('/authentication', authentication);
app.configure(expressOauth());
}
谢谢,达夫。使用自定义验证器。虽然很有魅力,但理解起来有点难。谢谢,达夫。使用自定义验证器。作为一种魅力,但有点难以理解。