Comments (4)
I think you asked this same question on stack overflow, so here's my answer again:
Regardless of your language/framework, all routes are able to be hit by anyone, unless you block them at load-balancer or similar level.
Rather than thinking about the problem as "how to block" access, you should be thinking about the problem like "how can I ensure that this user is authenticated to use this route". Using things like cookies or tokens is the way to go.
You can use actionhero's middleware to apply access rules to specific actions, and return errors to the use if they aren't allowed.
Here's an example project that does these types of things:
- Actions for dealing with the session: https://github.com/evantahler/actionhero-angular-bootstrap-cors-csrf/blob/master/actions/session.js
- Middleware which uses that session data for access: https://github.com/evantahler/actionhero-angular-bootstrap-cors-csrf/blob/master/initializers/session.js
- and finally another action (route/url) which requires the
logged-in-session
middleware: https://github.com/evantahler/actionhero-angular-bootstrap-cors-csrf/blob/master/actions/showDocumentation.js
from actionhero-tutorial.
Thanks for the answer!
I know you can authenticate a user to have access to an api, I have already implemented that part with tokenization, but what I am wondering is just like you do a get request and you pass the parameters by url?id=12, I should not able able to do that in post request? means it should only go by a payload not a url. like in ajax you say data:data, if you ca please answer me on that part? it would be great!! Thanks
from actionhero-tutorial.
Ah!
It seems like you are asking for a feature to disable URL parameters for specific routes (It is valid to provide ? params in a POST, and it is a topic of debate which method (payload vs params) has priority.
Open an issue on the main actionhero project asking for this feature, and describing in detail (with examples) what you would like to be able to do
from actionhero-tutorial.
Thanks evan, that is right.
I will create an issue regarding it.
from actionhero-tutorial.
Related Issues (20)
- blockedConnectionTypes is not working HOT 2
- Npm remove doesn't work HOT 1
- Error: Cannot find module 'winston' HOT 2
- TypeError: actionhero.Process is not a constructor HOT 1
- Error 426 during websocket connection
- npm start fails HOT 1
- Middleware is not invoked in test
- Action required: Greenkeeper could not be activated 🚨
- Task not run. HOT 1
- getting started: ActionheroClient is undefined HOT 2
- Generated Initializer syntax HOT 3
- Update to Typescript HOT 1
- Relative URLs of config files are incorrect in tutorial
- DevelopmentMode configuration incorrect
- 404 on module files in tutorial.
- Setting up of rootEndPointType is unnecessary in first tutorial
- No topic for "Creating Initializers"
- 404 error on Middlware.ts and Actionhero tutorial docs of Middleware
- Need actionhero v14 documentation for migrating a project to v22. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from actionhero-tutorial.