是否有任何方法可以限制对 Parse CloudCode 应用程序中给定 URL/路由的访问?
app.get( '/', function ( req, res )
{
res.render('home');
} );
// only allow access to this 'route' if the user making the request is an admin
app.get('/admin', function(req, res)
{
var user = Parse.User.current();
// user is always null. No way to check their user privileges.
res.render('admin');
});
据我所知,问题是无法访问 Parse.User.current() 或 main.js 文件中的请求用户。创建然后从客户端访问“isAdmin”CloudCode 函数似乎是防止未经授权的用户访问 URL 的错误方法。
提前致谢。
最佳答案
由于我的情绪低落,我无法评论你的帖子。但是你尝试过这个文档吗?
您必须为其 Express 云使用解析制作的中间件:parseExpressCookieSession 和 parseExpressHttpsRedirect。然后您可以在云代码中使用 Parse.User.current() 轻松访问用户数据。
您可以在 Parse SDK 引用 #parseExpressCookieSession 上查看示例代码
You can add Parse.User authentication and session management to your Express app using the parseExpressCookieSession middleware. You just need to call Parse.User.logIn() in Cloud Code, and this middleware will automatically manage the user session for you.
You can use a web form to ask for the user's login credentials, and log in the user in Cloud Code when you receive data from this form. After you call Parse.User.logIn(), this middleware will automatically set a cookie in the user's browser. During subsequent HTTP requests from the same browser, this middleware will use this cookie to automatically set the current user in Cloud Code. This will make ACLs work properly in Cloud Code, and allow you to retrieve the entire current user object if needed. ...
关于javascript - 在 Parse Cloud Code 中按角色限制 url 访问,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31857579/