问题
How can we password protect our Deployd data accessed via URL?
Currently our users' data is visible on oursite.com/users. How can we make it password protected so that only we,the site developers, can see our users' data via oursite.com/users? (This is my first API and Deployd app.)
Many, many thanks!
I found the following, if any of these look like they would work: https://www.npmjs.com/package/dpd-curl-proxy https://www.npmjs.com/package/passport-oauth
回答1:
Try in your 'get' event
if (!me)
cancel('You donot have access');
This will restrict 'users' -resource from accessed without login.
To restrict access to certain user group - Use roles. That will look like,
if (!me && !me.Admin) cancel('You donot have access');
You can try MARS CMS https://github.com/moorthi07/MarsCMS as boilerplate to rapid learning or prototype. This covers lots of Deployd's features like authentication , authorization, REST calls, ngResource examples.
来源:https://stackoverflow.com/questions/38234149/protecting-api-url-data-from-being-seen-curl