Authentication on Server side routes in Meteor
What is the best way (most secure and easiest) to authenticate a user for a server side route?
Software/Versions
I\'m using the latest Iron Router 1.* and
-
I think I have a secure and easy solution for doing this from within IronRouter.route(). The request must be made with a valid user ID and auth token in the header. I call this function from within Router.route(), which then gives me access to this.user, or responds with a 401 if the authentication fails:
// Verify the request is being made by an actively logged in user // @context: IronRouter.Router.route() authenticate = -> // Get the auth info from header userId = this.request.headers['x-user-id'] loginToken = this.request.headers['x-auth-token'] // Get the user from the database if userId and loginToken user = Meteor.users.findOne {'_id': userId, 'services.resume.loginTokens.token': loginToken} // Return an error if the login token does not match any belonging to the user if not user respond.call this, {success: false, message: "You must be logged in to do this."}, 401 // Attach the user to the context so they can be accessed at this.user within route this.user = user // Respond to an HTTP request // @context: IronRouter.Router.route() respond = (body, statusCode=200, headers) -> this.response.statusCode statusCode this.response.setHeader 'Content-Type', 'text/json' this.response.writeHead statusCode, headers this.response.write JSON.stringify(body) this.response.end()And something like this from the client:
Meteor.startup -> HTTP.get "http://yoursite.com/pdf-server", headers: 'X-Auth-Token': Accounts._storedLoginToken() 'X-User-Id': Meteor.userId() (error, result) -> // This callback triggered once http response received console.log resultThis code was heavily inspired by RestStop and RestStop2. It's part of a meteor package for writing REST APIs in Meteor 0.9.0+ (built on top of Iron Router). You can check out the complete source code here:
https://github.com/krose72205/meteor-restivus
加载中...
- 热议问题