node.js - 节点访问权限 | 动态网址授权
问题描述
我正在使用节点 acl 将我的休息端点授权到我的节点应用程序中。
基于角色的授权非常适合以下网址。
acl.allow([{
roles: ['user'],
allows: [{
resources: ['/books/v1/single'],
permissions: ['post'],
},
{
resources: ['/books/v1/book/list'],
permissions: ['get'],
},
]
},
{
roles: ['admin'],
allows: [{
resources: ['/books/v1/list'],
permissions: ['get'],
}
]
}]);
但是,当我尝试添加动态网址时,它无法按预期工作,并给出错误,这意味着未经授权需要更多权限。
acl.allow([{
roles: ['user'],
allows: [{
resources: ['/books/v1/single'],
permissions: ['post'],
},
{
resources: ['/books/v1/book/list'],
permissions: ['get'],
},
]
},
{
roles: ['admin'],
allows: [{
resources: ['/books/v1/list'],
permissions: ['get'],
},
{
resources: ['/books/v1/user/:userID/book/:bookID'],
permissions: ['get', 'put', 'delete'],
},
{
resources: ['/users/v1/list'],
permissions: ['get'],
},
{
resources: ['/users/v1/:userId'],
permissions: ['get', 'post', 'put', 'delete'],
}
]
}]);
因此,它为动态 url 的其余端点提供未经授权的错误,即/users/v1/:userId或/books/v1/user/:userID/book/:bookID
可以使用 node-acl 库实现的任何方式/方法。
解决方案
That's because node acl does not actually support hierarchy. It is really just a flat list, so it is explicitly checking for the string to match the resource. This is just a fundamental problem with the package. Since all the functionality is contained in the middleware, and it just isn't extensible there is no way to do what you want with this package without making a change so that it accepts a custom handler to decide what to pass to the middleware check.
Here's an example of the relevant open issue from 2017-08. The lack of funcitonality here is exactly why solutions like PolicyServer and Authress exist which do handle wildcard middleware and dynamic resource hierarchies.
推荐阅读
- freemarker - 如何配置 Maven Freemarker 以识别 `@include_page` 标签?
- apache-spark - 有没有办法在 Apache Spark 中创建按事件时间排序的窗口分区?
- python-3.x - 在进程之间共享 NetworkX 图,无需额外的内存成本(只读)
- r - 我应该如何在 ggplot2 中使用我的数据创建线图,还是需要在 R 中重构我的数据?
- javascript - 使用 API 的自动完成功能在 Django 中不起作用
- aws-lambda - AWS SAM - 附加策略附加到 Lambda 的 SQS 事件执行角色
- android - 如何捕获 java.lang.IllegalArgumentException 'eglChooseConfig failed'
- rabbitmq - RabbitMQ 崩溃说端口被占用
- spring - org.springframework.beans.factory.BeanDefinitionStoreException:无法处理配置类的导入候选
- sql - 重复行累积