我将环回用作应用程序的API服务器。我正在建立一个类似社交的网络,需要通过电子邮件邀请用户。为了将被邀请者与邀请者相关联,我希望邀请者创建一个与他的userId关联的“请求令牌”,然后通过电子邮件以以下格式将其发送:domain.com/register?token=XXXXXX
内置的访问令牌模型对于此目的似乎是完美的,因为它是使用的基本模型,因此其想法是创建一个继承自AccessToken模型的新模型“ RequestToken”,但是,该新模型随后用于身份验证目的,例如好吧,我不要。
以下是我的配置文件。值得一提的是,下面看到的“客户”模型正在扩展回送“用户”模型。
/server/model-config.json:
"_meta": {
"sources": [
"loopback/common/models",
"loopback/server/models",
"../common/models",
"./models"
],
"mixins": [
"loopback/common/mixins",
"loopback/server/mixins",
"../node_modules/loopback-ds-timestamp-mixin",
"../common/mixins",
"./mixins"
]
},
"User": {
"dataSource": "db",
"public": false
},
"AccessToken": {
"dataSource": "db",
"public": false,
"relations": {
"user": {
"type": "belongsTo",
"model": "Customer",
"foreignKey": "userId"
}
}
},
"ACL": {
"dataSource": "db",
"public": false
},
"RoleMapping": {
"dataSource": "db",
"public": false,
"options": {
"strictObjectIDCoercion": true
}
},
"Role": {
"dataSource": "db",
"public": false
},
"Email": {
"dataSource": "mail",
"public": false
},
"Customer": {
"dataSource": "db",
"public": true
},
"Friend": {
"dataSource": "db",
"public": true
},
"Memory": {
"dataSource": "db",
"public": true
},
"RequestToken": {
"dataSource": "db",
"public": true
}
}
在“客户”下,我还尝试添加以下内容:
"relations": {
"accessTokens": {
"type": "hasMany",
"model": "AccessToken",
"foreignKey": "userId",
"options": {
"disableInclude": true
}
}
}
common / customer.json
{
"name": "Customer",
"base": "User",
"idInjection": true,
"options": {
"validateUpsert": true
},
"mixins": {
"TimeStamp": true
},
"properties": {
"firstName": {
"type": "string",
"required": true
},
"lastName": {
"type": "string",
"required": true
},
"dob": {
"type": "date"
},
"country": {
"type": "string"
}
},
"validations": [],
"relations": {
"accessTokens": {
"type": "hasMany",
"model": "AccessToken",
"foreignKey": "userId",
"options": {
"disableInclude": true
}
},
"requestTokens": {
"type": "hasMany",
"model": "RequestToken",
"foreignKey": "userId",
"options": {
"disableInclude": true
}
}
},
"acls": [
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
}
],
"methods": {}
}
common / request-token.json
{
"name": "RequestToken",
"base": "AccessToken",
"idInjection": true,
"options": {
"validateUpsert": true
},
"properties": {},
"validations": [],
"relations": {
"user": {
"type": "belongsTo",
"model": "Customer",
"foreignKey": "ownerId"
}
},
"acls": [],
"methods": {}
}
摘要:
如何创建新的“ RequestToken”模型,扩展环回“ AccessToken”模型,但继续使用内置的AccessToken模型进行身份验证等?有可能吗?一旦我从request-token.json文件中取出第'"base": "AccessToken"'行,所有身份验证方法就重新起作用。
非常感谢!
答案 0 :(得分:0)
看来我找到了解决方案。在server.js中,我需要告诉应用使用AccessToken模型。
server.js
...
app.use(loopback.token({
model: app.models.accessToken,
}));
...
我刚刚添加了它
const app = loopback();
在LB2文档中,文档引用了它以通过cookie进行身份验证。 https://loopback.io/doc/en/lb2/Making-authenticated-requests.html 我正在使用Loopback3。在LB3文档中,他们不再提及这种方式,因此,如果有其他解决方案,很乐意更改接受的答案。
欢呼