因此,我想检查所有http路由到我的hapi rest api以获取有效的api密钥。 我不想使用auth插件,因为除了api令牌检查之外,我还会在某些路由上进行基本身份验证。 我习惯在快递中做这个中间件,但hapi中的正确方法是什么?
我应该创建自己的插件还是使用server.ext来实现这一目标......或者我应该采用另一种方式吗?
到目前为止,这是我完成它的方式
server.ext('onRequest', function (request, next) { //make sure its https if(request.headers['x-forwarded-proto'] && request.headers['x-forwarded-proto'] === "http") { return next(Boom.badRequest('ssl is required')); } else { if (request.headers['x-api-key'] != apiToken) { return next(Boom.unauthorized('api key is incorrect')); } else { next(); } } });So I'd like to check all http routes to my hapi rest api for a valid api key. I don't want to use an auth plugin as I will also have basic auth on some routes in addition to the api token check. I'm used to doing this as middleware in express, but what's the right way in hapi?
Should I create my own plugin or instead use server.ext to accomplish this.. or should I do it yet another way?
So far this is the way I've done it
server.ext('onRequest', function (request, next) { //make sure its https if(request.headers['x-forwarded-proto'] && request.headers['x-forwarded-proto'] === "http") { return next(Boom.badRequest('ssl is required')); } else { if (request.headers['x-api-key'] != apiToken) { return next(Boom.unauthorized('api key is incorrect')); } else { next(); } } });最满意答案
我会使用身份验证插件。 您可以同时使用多种身份验证策略,但不限于一种。 以下是如何执行此操作的示例:
var Hapi = require('hapi'); var server = new Hapi.Server(3000); server.pack.register([require('hapi-auth-basic'), require('hapi-auth-cookie')], function(err) { server.auth.strategy('simple', 'basic', { ... }); server.auth.strategy('session', 'cookie', { ... }); server.route({ method: 'GET', path: '/', auth: { strategies: ['simple', 'session'] }, handler: function(request, reply) { reply('success'); } }); server.start(function() { console.log('Server running at:', server.info.uri); }); });有关更多详细信
指定一个策略时,您可以将strategy属性设置为具有strategy名称的字符串。 指定多个策略时,参数名称必须是strategies并且应该是一个字符串数组,每个字符串都指定要尝试的策略。 然后将按顺序尝试策略,直到一个成功,或者它们都失败了。
I would use an authentication plugin. You can use multiple authentication strategies at the same time, you are not limited to one. Here is an example how to do it:
var Hapi = require('hapi'); var server = new Hapi.Server(3000); server.pack.register([require('hapi-auth-basic'), require('hapi-auth-cookie')], function(err) { server.auth.strategy('simple', 'basic', { ... }); server.auth.strategy('session', 'cookie', { ... }); server.route({ method: 'GET', path: '/', auth: { strategies: ['simple', 'session'] }, handler: function(request, reply) { reply('success'); } }); server.start(function() { console.log('Server running at:', server.info.uri); }); });See Authentication for more details:
When specifying one strategy, you may set the strategy property to a string with the name of the strategy. When specifying more than one strategy, the parameter name must be strategiesand should be an array of strings each naming a strategy to try. The strategies will then be attempted in order until one succeeds, or they have all failed.
更多推荐
发布评论