Node.js 这是安全的身份验证模型吗?
我的nodejs服务器接收来自客户端的请求。此请求包括一个Node.js 这是安全的身份验证模型吗?,node.js,authentication,Node.js,Authentication,我的nodejs服务器接收来自客户端的请求。此请求包括一个cpuId查询参数,在这种情况下,客户机正在识别自己,或者不提供此类参数(这表明它是新来者): let parseRequestData=async req=>{/*…*/}; 让lookupUserByCpuId=cpuId=>{/*…*/}; 让initNewUserWithRandomCpuId=()=>{/*…*/}; 让removeExistingUser=user=>{/*…*/}; 让respondToUserRequest
cpuId
查询参数,在这种情况下,客户机正在识别自己,或者不提供此类参数(这表明它是新来者):
let parseRequestData=async req=>{/*…*/};
让lookupUserByCpuId=cpuId=>{/*…*/};
让initNewUserWithRandomCpuId=()=>{/*…*/};
让removeExistingUser=user=>{/*…*/};
让respondToUserRequest=(用户、路径、查询、正文)=>{/*…*/};
让server=require('http')。createServer(异步(req,res)=>{
//“路径”可能看起来像“/人”
//'query'可能看起来像{cpuId:'183270232873',filter:'age任何人都可以猜测cpuId
,并像其他人一样发出请求。也许吧,但让cpuId
格式更不容易猜测,比如128位uuid。在这种情况下,应该需要通过SSL/HTTPS使用它。
let parseRequestData = async req => { /* ... */ };
let lookupUserByCpuId = cpuId => { /* ... */ };
let initNewUserWithRandomCpuId = () => { /* ... */ };
let removeExistingUser = user => { /* ... */ };
let respondToUserRequest = (user, path, query, body) => { /* ... */ };
let server = require('http').createServer(async (req, res) => {
// `path` could look like "/people"
// `query` could look like { cpuId: '183270232873', filter: 'age<=30', sort: 'ascending:firstName' }
// `body` is a json body in case a body is relevant to the request
let { path, query, body } = await parseRequestData(req);
let user = null;
let claimsToHaveUser = query.hasOwnProperty('cpuId');
if (claimsToHaveUser) {
user = lookupUserByCpuId(query.cpuId);
if (!user) { res.writeHead(400); res.end('Invalid cpuId'); return; }
} else {
user = initNewUserWithRandomCpuId();
user.confirmationTimeout = setTimeout(() => {
removeExistingUser(user);
}, 60 * 60 * 1000);
// When the user confirms email, cell #, etc, we'll clear this timeout
}
// If we get here, `user` is instantiated!
try {
let jsonResponse = respondToUserRequest(user, path, query, body);
} catch(err) {
res.writeHead(500); res.end('An error occurred'); return;
}
if (claimsToHaveUser) jsonResponse.cpuId = user.cpuId;
res.writeHead(200);
res.end(JSON.stringify(jsonResponse));
});