问题
I have implemented passport-local strategy and passport-bearer strategy.
When user logins with username/password credentials, I generate JSON Web Token which returns to requester. On each request I get access_token from query, decode this token from JWT to object and make bearer authorization implemented in /api/policies. And all auth works fine.
But when I provide this access_token to RESTful route i.e. user I got empty array.
The problem, that Sails accepts access_token as criteria.
Example:
GET /user ## Forbidden
GET /user?access_token=<token> ## Empty array
How can I disable or fix it?
回答1:
You would probably be better off sending your access token in a header than in the URL. But if what your asking is how to blacklist a certain property from being used as criteria in a blueprint route, it can be done in the following way in your config/routes.js file:
"GET /user": {blueprint: "find", criteria: {blacklist: ["access_token"]}}
This will override the default blacklist, so you may want to include those defaults in your custom array:
"GET /user": {
blueprint: "find",
criteria: {
blacklist: ["access_token", "limit", "skip", "sort", "populate"]
}
}
来源:https://stackoverflow.com/questions/25790561/sails-disable-criteria-for-rest-in-get