我尝试使用composer开发一个块链式Web应用程序。 我编写了“.acl”文件来实现访问控制,我还向不同的参与者发出了不同的ID,然后启动了REST服务器。
接下来我要问的是,REST服务器如何识别我的身份?
就像,一种参与者被命名为“交易者”,我指定“交易者”无法访问链码中的函数“A”,但是REST服务器生成了“A”的API,然后我写了一个简单的html文件并发送对localhost:3000的POST请求,我可以直接调用此函数。我甚至不知道我通过什么样的身份访问这个界面。
我对此感到困惑,有人可以帮助我吗?
答案 0 :(得分:2)
还记得你是如何启动REST服务器的吗?您必须指定商业网卡,并且可能是具有所有读写权限的管理员卡。最有可能的是,您通过护照禁用了身份验证。
有了这两个元素,您当然可以通过调用任何可用的API函数来执行任何操作。
您可以参考composer-rest-server unit Unit1;
interface
uses
System.SysUtils, System.Types, System.UITypes, System.Classes, System.Variants,
FMX.Types, FMX.Controls, FMX.Forms, FMX.Graphics, FMX.Dialogs,
IdBaseComponent, IdThreadComponent, FMX.StdCtrls, FMX.Layouts,
FMX.Controls.Presentation, FMX.ScrollBox, FMX.Memo, System.IOUtils,
AndroidAPI.JNIBridge,
Androidapi.JNI.JavaTypes,
android.os.StatFs,
Posix.Unistd;
type
TForm1 = class(TForm)
Memo1: TMemo;
Button1: TButton;
Layout1: TLayout;
AniIndicator1: TAniIndicator;
Layout2: TLayout;
STOP: TButton;
Layout3: TLayout;
Label1: TLabel;
IdThreadComponent1: TIdThreadComponent;
Button2: TButton;
procedure IdThreadComponent1Run(Sender: TIdThreadComponent);
procedure Button1Click(Sender: TObject);
procedure STOPClick(Sender: TObject);
procedure Button2Click(Sender: TObject);
procedure IdThreadComponent1Stopped(Sender: TIdThreadComponent);
procedure IdThreadComponent1Terminate(Sender: TIdThreadComponent);
private
{ Private declarations }
public
{ Public declarations }
breakit: boolean;
//createnewrandfileActive: boolean;
copydataActive: boolean;
procedure CopyData();
procedure CreateNewRandFile(Fsize : Int64);
function CheckDiskSize(aDir : String): Int64;
end;
var
Form1: TForm1;
implementation
{$R *.fmx}
uses Androidapi.Helpers;
procedure TForm1.Button1Click(Sender: TObject);
begin
breakit := false;
IdThreadComponent1.Start;
end;
function TForm1.CheckDiskSize(aDir : String): Int64;
var aStatFS : JStatFs;
//aTmpAvailableSpace : Int64;
begin
aStatFS := TJStatFs.JavaClass.init(StringToJString(aDir));
//aTmpAvailableSpace := aStatFS.getBlockSize * aStatFS.getAvailableBlocks;
//aTmpAvailableSpace := aStatFS.getAvailableBytes;
//aStatFS := nil;
result := aStatFS.getAvailableBytes;
end;
procedure TForm1.CreateNewRandFile(Fsize : Int64);
var
FileStream1: TFileStream;
RandomFileToCopy : string;
Rand1 : Int64;
begin
//createnewrandfileActive := true;
//memo1.BeginUpdate;
//memo1.Lines.Add('Begin CreateNewRandFile');
//memo1.EndUpdate;
// create random file
if Fsize > CheckDiskSize(TPath.GetTempPath) then Fsize := CheckDiskSize(TPath.GetTempPath);
//memo1.lines.add('free space: ' + IntToStr(CheckDiskSize((TPath.GetTempPath))));
//memo1.lines.add('create file size: ' + IntToStr(Fsize));
Randomize;
RandomFileToCopy := TPath.GetTempPath + TPath.DirectorySeparatorChar + 'random.fil';
//memo1.Lines.Add(RandomFileToCopy);
if FileExists(RandomFileToCopy) = false then
begin
FileStream1 := TFileStream.Create(RandomFileToCopy, fmCreate or fmOpenWrite or fmShareDenyWrite);
try
while FileStream1.Size < Fsize do
begin
Rand1 := Random(2147483600);
FileStream1.WriteBuffer(Rand1, SizeOf(Rand1));
//Label1.Text := IntToStr(FileStream1.Size);
if breakit = true then break;
end;
finally
FileStream1.Free;
end;
end;
//memo1.lines.add('free space ' + IntToStr(CheckDiskSize(TPath.GetTempPath)));
//memo1.BeginUpdate;
//memo1.Lines.Add('End of CreateNewRandFile');
// memo1.EndUpdate;
//createnewrandfileActive := false;
end;
procedure TForm1.Button2Click(Sender: TObject);
begin
CreateNewRandFile(128000000); // create a 128mb file
end;
procedure TForm1.CopyData();
var
DriveStr : String;
RandomFileToCopy : String;
FileNameCounter : integer;
FolderCounter : integer;
FolderName : string;
FolderArea : string;
RandomFileName : String;
begin
copydataActive := true;
breakit := false;
FileNameCounter := 0;
FolderCounter := 0;
//memo1.BeginUpdate;
//memo1.Lines.Add('Begin of Copy');
//memo1.EndUpdate;
DriveStr := TPath.GetTempPath() + TPath.DirectorySeparatorChar;
//memo1.Lines.Add('DriveStr ' + DriveStr);
RandomFileToCopy := DriveStr + 'random.fil';
//memo1.Lines.Add('RandomFileToCopy ' + RandomFileToCopy);
//memo1.Lines.Add('Creating Random File...');
// create random file
CreateNewRandFile(64000000); //64 mb file
inc(FolderCounter);
FolderName := 'rand' + IntToStr(FolderCounter);
//memo1.Lines.Add('FolderName ' + FolderName);
FolderArea := TPath.GetTempPath() + TPath.DirectorySeparatorChar + FolderName;
//memo1.Lines.Add('FolderArea ' + FolderArea);
while DirectoryExists(FolderArea) = true do
begin
inc(FolderCounter);
FolderName := 'rand' + IntToStr(FolderCounter);
FolderArea := TPath.GetTempPath() + TPath.DirectorySeparatorChar + FolderName;
if breakit = true then break;
end;
TDirectory.CreateDirectory(FolderArea);
while CheckDiskSize(FolderArea) > 0 do
begin
if breakit = true then break;
//memo1.Lines.Add('CreateDir(FolderName) ' + FolderName);
//FolderArea := FolderArea + TPath.DirectorySeparatorChar;
//memo1.Lines.Add('FolderArea ' + FolderArea);
RandomFileName := FolderArea + 'ran' + IntToStr(FileNameCounter) + '.fil';
//memo1.Lines.Add('RandomFileName ' + RandomFileName);
FileNameCounter := 0;
while FileNameCounter<126 do
begin
inc(FileNameCounter);
//while FileExists(RandomFileName) do
//begin
RandomFileName := FolderArea + TPath.DirectorySeparatorChar + 'ran' + IntToStr(FileNameCounter) + '.fil';
//end;
//memo1.Lines.Add(RandomFileName);
//Label1.Text := RandomFileName;
try
//if FileExists(RandomFileName) = true then DeleteFile(RandomFileName);
TFile.Copy(RandomFileToCopy, RandomFileName);
Except
On E: Exception Do
begin
//memo1.BeginUpdate;
showmessage(E.ClassName + ' ERROR: ' + E.Message);
//memo1.EndUpdate;
breakit := true;
end;
end;
if breakit = true then break;
end;
while DirectoryExists(FolderArea) = true do
begin
inc(FolderCounter);
FolderName := 'rand' + IntToStr(FolderCounter);
FolderArea := TPath.GetTempPath() + TPath.DirectorySeparatorChar + FolderName;
if breakit = true then break;
end;
TDirectory.CreateDirectory(FolderArea);
end;
//memo1.BeginUpdate;
//memo1.Lines.Add('End of Copy');
//memo1.EndUpdate;
//memo1.Lines.Add('Deleting Created Fillers');
copydataActive := false;
end;
procedure TForm1.IdThreadComponent1Run(Sender: TIdThreadComponent);
begin
if breakit = true then
begin
IdThreadComponent1.Stop;
exit;
end;
if copydataActive = false then
begin
AniIndicator1.Enabled := true;
CopyData();
end;
sleep(500);
end;
procedure TForm1.IdThreadComponent1Stopped(Sender: TIdThreadComponent);
begin
AniIndicator1.Enabled := false;
end;
procedure TForm1.IdThreadComponent1Terminate(Sender: TIdThreadComponent);
begin
AniIndicator1.Enabled := false;
end;
procedure TForm1.STOPClick(Sender: TObject);
begin
breakit := true;
IdThreadComponent1.Stop;
end;
end.
来实施您的身份验证方案。
您应该在ACL权限文件中为某些组(例如“患者”,“医生”,“付款人”)允许的内容编写规则。请参阅passport authentication instructions中的“授予网络访问控制”部分,其中包含一些非常相似的示例。
如果错误的实体尝试,则非法API调用将会失败。