带身份验证的Vapor客户端

时间:2017-03-23 08:01:49

标签: swift3 vapor

我需要在服务器上验证我正在尝试从中提取数据我目前已将其连接到服务器:

    let urlString = "\(makeUrl(grammar: grammar))&\(query)"
    let drop = Droplet()

    return try drop.client.get(urlString)

但我似乎无法弄清楚如何获得附加到获取请求的信用。我尝试将用户和密码放入网址,但发现Steam客户端不允许这样做:

    /*
      Userinfo (i.e., username and password) are now disallowed in HTTP and       
      HTTPS URIs, because of security issues related to their transmission
      on the wire.  (Section 2.7.1)
    */

2 个答案:

答案 0 :(得分:2)

通过Vapor Slack频道的轻微推动以及AlamoFire回购中的一些代码潜水,我找到了解决方案。

首先,您需要对用户名和密码进行base64编码,然后将其添加到http标头。

{
  "name": "myApp",
  "version": "0.0.0",
  "license": "MIT",
  "scripts": {
    "ng": "ng",
    "start": "ng serve",
    "build": "ng build",
    "test": "ng test",
    "lint": "ng lint",
    "e2e": "ng e2e"
  },
  "private": true,
  "dependencies": {
    "@angular/common": "^2.4.0",
    "@angular/compiler": "^2.4.0",
    "@angular/core": "^2.4.0",
    "@angular/forms": "^2.4.0",
    "@angular/http": "^2.4.0",
    "@angular/platform-browser": "^2.4.0",
    "@angular/platform-browser-dynamic": "^2.4.0",
    "@angular/router": "^3.4.0",
    "@ng-bootstrap/ng-bootstrap": "^1.0.0-alpha.20",
    "angular2-logger": "^0.5.1",
    "bootstrap": "^3.3.7",
    "core-js": "^2.4.1",
    "rxjs": "^5.1.0",
    "socket.io-client": "^1.7.2",
    "ts-helpers": "^1.1.1",
    "zone.js": "^0.7.6"
  },
  "devDependencies": {
    "@angular/cli": "1.0.0-rc.0",
    "@angular/compiler-cli": "^2.4.0",
    "@types/jasmine": "2.5.38",
    "@types/node": "~6.0.60",
    "@types/socket.io-client": "^1.4.29",
    "codelyzer": "~2.0.0",
    "jasmine-core": "~2.5.2",
    "jasmine-spec-reporter": "~3.2.0",
    "karma": "~1.4.1",
    "karma-chrome-launcher": "~2.0.0",
    "karma-cli": "~1.0.1",
    "karma-jasmine": "~1.1.0",
    "karma-jasmine-html-reporter": "^0.2.2",
    "karma-coverage-istanbul-reporter": "^0.2.0",
    "protractor": "~5.1.0",
    "ts-node": "~2.0.0",
    "tslint": "~4.4.2",
    "typescript": "~2.0.0"
  }
}

答案 1 :(得分:0)

与错误状态一样,将明文用户名/密码凭证包含为GET uri参数是一个巨大的安全风险。你应该(至少)在POST电话中发送它们。

查看User Authentication with Vapor上的博文,看看使用Vapor设置用户身份验证的相当不错的示例。这个博客现在有点老了(Vapor从那时起经历了很多变化),但我认为其中的所有内容都应该有效。至少在概念上。

另外,你加入了Vapor Slack频道并在那里提问:) qutheory.slack.com