Migrating to Sails.js 0.12 - middleware migration

吃可爱长大的小学妹 提交于 2020-01-06 19:52:50

问题


I am migrating an old sails.js project which was written in 0.10.5 to 0.12.x. Since the original code was written a long time ago and may have some "non-conforming" code I decided to re-build the project by starting a new sails project and slowly migrating the models/controllers/services while keeping only necessary policies and configuration files.

So far I managed to get the project to lift and now I am starting to deal with the authentication. Ideally, I intend to move to use passport with jwt to replace existing express-jwt.

My old config/http.js looks like so:

module.exports.http = {
    bodyParser: function() {
        //return require('body-parser')({limit: '900mb'});
        var opts = { limit:'50mb' };
        var fn;

        // Default to built-in bodyParser:
        fn = require('skipper');
        return fn(opts);
    },
    customMiddleware: function(app) {

        var bodyParser = require('body-parser');
        var expressJwt = require('../libs/express-jwt');
        var experssJwtConfig = require('./jwt.js').jwt;

        app.use(function(req, res, next) {
            res.setHeader("Access-Control-Allow-Origin", "*");
            next();
        });

        app.use('/api', expressJwt({secret: experssJwtConfig.secret}));

        app.use(bodyParser.json());
        app.use(bodyParser.urlencoded());

        if(process.env.NODE_ENV == 'development') {
            // just for local/development - serve static files      
        }
    }
}

If I understand correctly (I am not well versed in the stack) this code overrides the default body parser (using skipper allowing large files - this is specified in bodyParser), and in addition, changes the middleware used:

  • Includes a middleware to add Access-Control-Allow-Origin.

  • For routes under 'api' it invokes the express-jwt middleware which in this implementation (not sure it's the default behavior) looks for the token and then add the user to the request object (which is then used in most of the controllers).

  • Adds body parser's (body-parser) json and urlencode to the middleware chain.

My question here is whether I should keep it more or less the same or should I change it? Are there any obvious anti-patterns or security risks? If I use skipper, do I need the body parser json/urlencode middleware?

Would I be able to achieve comparable flows using more standard passport/jwt code? If so, can I achieve this kind of stack with sails-auth or should I role my own?


回答1:


Yes, you can remove the custom middleware. Latest pattern is easier to manage. For starters,

  • Access-Control-Allow-Origin can be set in config/cors.js

  • You can use passport-jwt in a more sailsy way by making use of sails-auth module. And splitting the logic into services, using policies to manage the flow etc. The problem with sails-auth is, the module in npm has been published over an year ago. It has several bugs. The GitHub repo though has stable version.

I have made a bare minimum auth server in sails, which you can extend for various passport strategies. The server supports local, bearer, JWT strategies out of the box.

Sails Auth Server



来源:https://stackoverflow.com/questions/42229717/migrating-to-sails-js-0-12-middleware-migration

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!