如何管理API权限? javascript

本文介绍了如何管理API权限? javascript的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我已经编写了一些客户端应用程序并尝试对其进行测试.原来只有我可以使用它.其他任何人都会得到这样的错误.

I've written some client-side app and tried to test it. How it turned out only I can use it. Anyone else will get such error.

{ "error": { "errors": [ { "domain": "global", "reason": "forbidden", "message": "Forbidden" } ], "code": 403, "message": "Forbidden" } }

是什么意思?怎么解决呢? 有我的代码.我收到了电子邮件，姓名，姓氏和用户照片.我想获取YouTube频道订阅者的数量，并在以后与youtube合作.例如，我想直接从网站上对一些视频进行评分.

What does it mean? How to solve this? There is my code. There i'm getting Email, name, surname and user photo. I want to get the number of youtube channel subscribers and work with youtube later. For example I want to rate some videos directly from the site.

function resultFindUserByEmail() { if (ajaxRet['isUserFinded']) { cf_JSON.clear(); cf_JSON.addItem( 'email',email ); var jsonstr = cf_JSON.make(); ajax_post('doyoutubelogin','loginres','index.php',jsonstr,c_dologin); }else{ gapi.client.init({ discoveryDocs: ["www.googleapis/discovery/v1/apis/people/v1/rest"], clientId: OAUTH2_CLIENT_ID, scope: OAUTH2_SCOPES }).then(function () { var request = gapi.client.people.people.get({ 'resourceName': 'people/me' }).then(function(response) { var parsedResponse = JSON.parse(response.body).names; surname = parsedResponse[0].familyName; name = parsedResponse[0].givenName; photo = JSON.parse(response.body).photos[0].url; addYoutubeUser(); }); }); } } function addYoutubeUser() { cf_JSON.clear(); cf_JSON.addItem( 'Email',email ); cf_JSON.addItem( 'Firstname',name ); cf_JSON.addItem( 'Lastname',surname ); cf_JSON.addItem( 'Image',photo ); var jsonstr = cf_JSON.make(); ajax_post('addyoutubeuser','loginres','index.php',jsonstr,c_dologin); } var API_KEY = '<Key removed for posting>'; var API_KEY1='<Key removed for posting>'; var OAUTH2_CLIENT_ID = '<Key removed for posting>'; var OAUTH2_CLIENT_ID1 = '<Key removed for posting>'; var OAUTH2_SCOPES = 'www.googleapis/auth/youtube.force-ssl'; var DISCOVERY_DOCS = ["www.googleapis/discovery/v1/apis/gmail/v1/rest"]; var GoogleAuth; function handleClientLoad() { // Load the API's client and auth2 modules. // Call the initClient function after the modules load. gapi.load('client:auth2', initClient); } function initClient() { // Retrieve the discovery document for version 3 of YouTube Data API. // In practice, your app can retrieve one or more discovery documents. var discoveryUrl = 'www.googleapis/discovery/v1/apis/youtube/v3/rest'; // Initialize the gapi.client object, which app uses to make API requests. // Get API key and client ID from API Console. // 'scope' field specifies space-delimited list of access scopes. gapi.client.init({ 'apiKey': API_KEY, 'discoveryDocs': [discoveryUrl,"www.googleapis/discovery/v1/apis/gmail/v1/rest"], 'clientId': OAUTH2_CLIENT_ID, 'scope': OAUTH2_SCOPES }).then(function () { GoogleAuth = gapi.auth2.getAuthInstance(); //GoogleAuth.grant(OAUTH2_SCOPES); // Listen for sign-in state changes. GoogleAuth.isSignedIn.listen(updateSigninStatus); // Handle initial sign-in state. (Determine if user is already signed in.) var user = GoogleAuth.currentUser.get(); setSigninStatus(); // Call handleAuthClick function when user clicks on // "Sign In/Authorize" button. $('#sign-in-or-out-button').click(function() { handleAuthClick(); }); $('#revoke-access-button').click(function() { revokeAccess(); }); }); } function handleAuthClick() { if (GoogleAuth.isSignedIn.get()) { // User is authorized and has clicked 'Sign out' button. GoogleAuth.signOut(); } else { // User is not signed in. Start Google auth flow. GoogleAuth.signIn(); } } function revokeAccess() { GoogleAuth.disconnect(); } function setSigninStatus(isSignedIn) { var user = GoogleAuth.currentUser.get(); var isAuthorized = user.hasGrantedScopes(OAUTH2_SCOPES); if (isAuthorized) { $('#sign-in-or-out-button').html('Sign out'); $('#revoke-access-button').css('display', 'inline-block'); $('#auth-status').html('You are currently signed in and have granted ' + 'access to this app.'); //// get gmail Email gapi.client.init({ 'apiKey': API_KEY, 'discoveryDocs': ["www.googleapis/discovery/v1/apis/gmail/v1/rest"], 'clientId': OAUTH2_CLIENT_ID, 'scope': OAUTH2_SCOPES }).then(function () { var request = gapi.client.gmail.users.getProfile({ 'userId': 'me' }).then(function(response) { email = JSON.parse(response.body).emailAddress; cf_JSON.clear(); cf_JSON.addItem( 'email',email ); var jsonstr = cf_JSON.make(); tryFindUserByEmail(jsonstr); }); }); // try to find email } else { $('#sign-in-or-out-button').html('Вход через Youtube'); $('#revoke-access-button').css('display', 'none'); $('#auth-status').html('You have not authorized this app or you are ' + 'signed out.'); } } function updateSigninStatus(isSignedIn) { setSigninStatus(); }

推荐答案

您需要检查API网址中的某些身份验证，例如 用户名，ipaddress，令牌等. 根据该参数，您可以控制对API请求的权限.例如

You need to check some authentication in the API url like username , ipaddress , token etc. Based on the parameter you can control the permission on your API request.for example

some/thing?username="testuser"&ipaddress="323.2323.232.32"

您可以使用下面的函数找到参数值

You can find the parameters value using the function below

function getParameterByName(name, url) { if (!url) url = window.location.href; name = name.replace(/[\[\]]/g, "\\$&"); var regex = new RegExp("[?&]" + name + "(=([^&#]*)|&|#|$)"), results = regex.exec(url); if (!results) return null; if (!results[2]) return ''; return decodeURIComponent(results[2].replace(/\+/g, " ")); }

然后让您检查并实施针对特定用户的错误和重定向.

And then make you check and implement your error and redirection for specific users.

我想它将对您有所帮助，谢谢！

I guess it will help full for you , Thanks !