Dart Aqueduct服务器基本授权

问题描述 投票:0回答:1

我正在学习如何使用Aqueduct框架进行身份验证。

在我的channel.dart文件中,我有一条路线:

router
  .route('/protected') 
  .link(() => Authorizer.basic(validator))
  .link(() => ProtectedController());

但我不知道如何创建validator。在docs中,我看到我可以在不使用AuthServer的情况下制作自定义Authorizer。代码示例如下:

class BasicValidator implements AuthValidator {
  @override
  FutureOr<Authorization> validate<T>(AuthorizationParser<T> parser, T authorizationData, {List<AuthScope> requiredScope}) {}
    var user = await userForName(usernameAndPassword.username);
    if (user.password == hash(usernameAndPassword.password, user.salt)) {
      return Authorization(...);
    }

    return null;
  }
}

我想做一个基本的工作示例,但这是我能得到的最接近的:

class BasicValidator implements AuthValidator {
  @override
  FutureOr<Authorization> validate<T>(AuthorizationParser<T> parser, T authorizationData, {List<AuthScope> requiredScope}) {

    final validUsername = 'bob';
    final validPassword = 'password123';

    // How do I get the parsed username?
    // How do I get the parsed password?

    if (parsedUsername == validUsername && parsedPassword == validPassword) {
      // How do I create an Authorization?
      return Authorization(...);
    }

    return null;
  }

  // What is this?
  @override
  List<APISecurityRequirement> documentRequirementsForAuthorizer(APIDocumentContext context, Authorizer authorizer, {List<AuthScope> scopes}) {
    return null;
  }
}

有谁能告诉我一个基本授权验证器的基本工作示例?

dart authorization aqueduct
1个回答
1
投票

当使用authorizationData时,AuthBasicCredentialsAuthorizer.basic的一个例子。这种类型的对象具有usernamepassword字段,这些字段来自解析请求中的“授权”标头。

Authorization对象是与授权资源所有者相关的数据的容器(例如其用户ID)。后续控制器使用它来控制授权,而无需再次查找授权用户;您应该使用您可用的任何授权信息填充它。

在OpenAPI文档生成期间使用documentRequirementsForAuthorizer。使用验证器的Authorizer会将返回的安全要求编码到受保护的OpenAPI操作中。

另见http://aqueduct.io/docs/auth/authorizer/#using-authorizers-without-authserver

@override
FutureOr<Authorization> validate<T>(AuthorizationParser<T> parser, T authorizationData, {List<AuthScope> requiredScope}) {

    final validUsername = 'bob';
    final validPassword = 'password123';

    final credentials = authorizationData as AuthBasicCredentials;

    if (credentials.username == validUsername 
    && credentials.password == validPassword) {

      return Authorization(
       null, // no client ID for basic auth 
       await getUserIDFromUsername(validUsername), // This is your problem to solve
       this, // always this
       credentials: credentials // if you want to pass this info along 
       );
    }

    return null;
  }
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.