我有一个使用 Discord 来验证用户身份的应用程序。在后端,在某些端点上,我需要检查发出请求的用户是否是给定公会中的管理员。
例如:
PATCH "/set-bot-config-for-guild/:guildId"我创建了一个身份验证中间件。它是一个返回 RequestHandler 函数的函数,如下所示:
export function authenticateAdmin(guildId: string) {
return async (req: Request; res: Response; next: NextFunction) => {
// get user auth token from req.cookies.token
...
// verify token with Discord auth api, get user id
...
// get user roles in given guild, from Discord api
...
// get admin role id of given guild from Discord api using guildId
...
// check if user has admin role in given guild
...
if (userIsAdminInGuild) {
next()
}
else {
return res.status(401).send("Unauthorized");
}
}
}
本来我想这样称呼这个中间件:
router.patch(
"/set-bot-config-for-guild/:guildId",
authenticateAdmin(guildId),
async (req: Request, res: Response) => {
...
}
);
问题是,
guildId:guildId编辑:经过更多调查,结果发现我也无法在中间件中访问
req.params.guildId它有效,但如果有人有更“优雅”的解决方案,请帮助我。
您可以访问中间件本身中的
guildId像这样定义路线
router.patch(
"/set-bot-config-for-guild/:guildId",
authenticateAdmin,
async (req: Request, res: Response) => {
...
}
);
在中间件中,如果将其定义为函数,您将拥有
requestexport const authenticateAdmin=async (req: Request; res: Response; next: NextFunction) => {
const guildId=req.params?.guildId;
// get user auth token from req.cookies.token
...
// verify token with Discord auth api, get user id
...
// get user roles in given guild, from Discord api
...
// get admin role id of given guild from Discord api using guildId
...
// check if user has admin role in given guild
...
if (userIsAdminInGuild) {
next()
}
else {
return res.status(401).send("Unauthorized");
}
}