LoopbackJS - 用户邀请的令牌
LoopbackJS - Tokens for user invites
我正在使用环回作为我的应用程序的 API 服务器。我正在建立一个社交网络,需要通过电子邮件邀请用户。为了将被邀请者与邀请者相关联,我希望邀请者创建一个与他的 userId 关联的 'request token',然后通过电子邮件以如下格式发送:domain.com/register?token=XXXXXX
内置的访问令牌模型作为基础模型似乎非常适合此目的,因此我们的想法是创建一个继承自 AccessToken 模型的新模型 "RequestToken",但是,随后使用了新模型也用于身份验证目的,我不想要。
以下是我的配置文件。值得一提的是,下面看到的 "Customer" 模型正在扩展 Loopbacks "User" 模型。
/server/model-config.json:
"_meta": {
"sources": [
"loopback/common/models",
"loopback/server/models",
"../common/models",
"./models"
],
"mixins": [
"loopback/common/mixins",
"loopback/server/mixins",
"../node_modules/loopback-ds-timestamp-mixin",
"../common/mixins",
"./mixins"
]
},
"User": {
"dataSource": "db",
"public": false
},
"AccessToken": {
"dataSource": "db",
"public": false,
"relations": {
"user": {
"type": "belongsTo",
"model": "Customer",
"foreignKey": "userId"
}
}
},
"ACL": {
"dataSource": "db",
"public": false
},
"RoleMapping": {
"dataSource": "db",
"public": false,
"options": {
"strictObjectIDCoercion": true
}
},
"Role": {
"dataSource": "db",
"public": false
},
"Email": {
"dataSource": "mail",
"public": false
},
"Customer": {
"dataSource": "db",
"public": true
},
"Friend": {
"dataSource": "db",
"public": true
},
"Memory": {
"dataSource": "db",
"public": true
},
"RequestToken": {
"dataSource": "db",
"public": true
}
}
在 "Customer" 下,我还尝试包括:
"relations": {
"accessTokens": {
"type": "hasMany",
"model": "AccessToken",
"foreignKey": "userId",
"options": {
"disableInclude": true
}
}
}
common/customer.json
{
"name": "Customer",
"base": "User",
"idInjection": true,
"options": {
"validateUpsert": true
},
"mixins": {
"TimeStamp": true
},
"properties": {
"firstName": {
"type": "string",
"required": true
},
"lastName": {
"type": "string",
"required": true
},
"dob": {
"type": "date"
},
"country": {
"type": "string"
}
},
"validations": [],
"relations": {
"accessTokens": {
"type": "hasMany",
"model": "AccessToken",
"foreignKey": "userId",
"options": {
"disableInclude": true
}
},
"requestTokens": {
"type": "hasMany",
"model": "RequestToken",
"foreignKey": "userId",
"options": {
"disableInclude": true
}
}
},
"acls": [
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
}
],
"methods": {}
}
common/request-token.json
{
"name": "RequestToken",
"base": "AccessToken",
"idInjection": true,
"options": {
"validateUpsert": true
},
"properties": {},
"validations": [],
"relations": {
"user": {
"type": "belongsTo",
"model": "Customer",
"foreignKey": "ownerId"
}
},
"acls": [],
"methods": {}
}
总结:
如何创建一个新的 "RequestToken" 模型,扩展 Loopbacks "AccessToken" 模型,但继续使用内置的 AccessToken 模型进行身份验证等?有可能吗?一旦我从 request-token.json 文件中取出 '"base": "AccessToken"' 行,所有身份验证方法都会再次起作用。
非常感谢!
看来我找到了解决办法。在 server.js 内,我需要告诉应用程序使用 AccessToken 模型。
server.js
...
app.use(loopback.token({
model: app.models.accessToken,
}));
...
我刚刚添加了它
const app = loopback();
文档在 LB2 文档中引用它以通过 cookie 进行身份验证。
https://loopback.io/doc/en/lb2/Making-authenticated-requests.html
我正在使用 Loopback3。在 LB3 文档中,他们不再提及这种方式,因此如果有其他解决方案,很乐意更改已接受的答案。
干杯
我正在使用环回作为我的应用程序的 API 服务器。我正在建立一个社交网络,需要通过电子邮件邀请用户。为了将被邀请者与邀请者相关联,我希望邀请者创建一个与他的 userId 关联的 'request token',然后通过电子邮件以如下格式发送:domain.com/register?token=XXXXXX
内置的访问令牌模型作为基础模型似乎非常适合此目的,因此我们的想法是创建一个继承自 AccessToken 模型的新模型 "RequestToken",但是,随后使用了新模型也用于身份验证目的,我不想要。
以下是我的配置文件。值得一提的是,下面看到的 "Customer" 模型正在扩展 Loopbacks "User" 模型。
/server/model-config.json:
"_meta": {
"sources": [
"loopback/common/models",
"loopback/server/models",
"../common/models",
"./models"
],
"mixins": [
"loopback/common/mixins",
"loopback/server/mixins",
"../node_modules/loopback-ds-timestamp-mixin",
"../common/mixins",
"./mixins"
]
},
"User": {
"dataSource": "db",
"public": false
},
"AccessToken": {
"dataSource": "db",
"public": false,
"relations": {
"user": {
"type": "belongsTo",
"model": "Customer",
"foreignKey": "userId"
}
}
},
"ACL": {
"dataSource": "db",
"public": false
},
"RoleMapping": {
"dataSource": "db",
"public": false,
"options": {
"strictObjectIDCoercion": true
}
},
"Role": {
"dataSource": "db",
"public": false
},
"Email": {
"dataSource": "mail",
"public": false
},
"Customer": {
"dataSource": "db",
"public": true
},
"Friend": {
"dataSource": "db",
"public": true
},
"Memory": {
"dataSource": "db",
"public": true
},
"RequestToken": {
"dataSource": "db",
"public": true
}
}
在 "Customer" 下,我还尝试包括:
"relations": {
"accessTokens": {
"type": "hasMany",
"model": "AccessToken",
"foreignKey": "userId",
"options": {
"disableInclude": true
}
}
}
common/customer.json
{
"name": "Customer",
"base": "User",
"idInjection": true,
"options": {
"validateUpsert": true
},
"mixins": {
"TimeStamp": true
},
"properties": {
"firstName": {
"type": "string",
"required": true
},
"lastName": {
"type": "string",
"required": true
},
"dob": {
"type": "date"
},
"country": {
"type": "string"
}
},
"validations": [],
"relations": {
"accessTokens": {
"type": "hasMany",
"model": "AccessToken",
"foreignKey": "userId",
"options": {
"disableInclude": true
}
},
"requestTokens": {
"type": "hasMany",
"model": "RequestToken",
"foreignKey": "userId",
"options": {
"disableInclude": true
}
}
},
"acls": [
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
}
],
"methods": {}
}
common/request-token.json
{
"name": "RequestToken",
"base": "AccessToken",
"idInjection": true,
"options": {
"validateUpsert": true
},
"properties": {},
"validations": [],
"relations": {
"user": {
"type": "belongsTo",
"model": "Customer",
"foreignKey": "ownerId"
}
},
"acls": [],
"methods": {}
}
总结:
如何创建一个新的 "RequestToken" 模型,扩展 Loopbacks "AccessToken" 模型,但继续使用内置的 AccessToken 模型进行身份验证等?有可能吗?一旦我从 request-token.json 文件中取出 '"base": "AccessToken"' 行,所有身份验证方法都会再次起作用。
非常感谢!
看来我找到了解决办法。在 server.js 内,我需要告诉应用程序使用 AccessToken 模型。
server.js
...
app.use(loopback.token({
model: app.models.accessToken,
}));
...
我刚刚添加了它
const app = loopback();
文档在 LB2 文档中引用它以通过 cookie 进行身份验证。 https://loopback.io/doc/en/lb2/Making-authenticated-requests.html 我正在使用 Loopback3。在 LB3 文档中,他们不再提及这种方式,因此如果有其他解决方案,很乐意更改已接受的答案。
干杯