javascript
web api json_有关使用JSON Web令牌保护无服务器API的速成班
web api json
What a mouthful of a title. Wouldn’t you agree? In this walkthrough you’ll learn about securing your Serverless endpoints with JSON web tokens.
這么大的頭銜。 你不同意嗎? 在本演練中,您將學(xué)習(xí)如何使用JSON Web令牌保護(hù)無服務(wù)器端點(diǎn)。
This will include a basic setup of a Serverless REST API with a few endpoints, and of course an authorizer function. This authorizer will act as the middleware for authorizing access to your resources.
這將包括具有幾個端點(diǎn)的無服務(wù)器REST API的基本設(shè)置,當(dāng)然還有授權(quán)者功能。 該授權(quán)者將充當(dāng)授權(quán)訪問您的資源的中間件。
During the creation process, we’ll use the Serverless framework for simulating a development environment just like you’re used to. Wrapping up the guide we’ll also set up a monitoring tool called Dashbird. It will allow us to simulate the debugging capabilities and overview of a regular Node.js application in a way that’s natural and easy to comprehend. It also has a free tier and doesn’t require a credit card to set up.
在創(chuàng)建過程中,我們將像您一樣使用Serverless框架來模擬開發(fā)環(huán)境。 在編寫指南的同時,我們還將建立一個名為Dashbird的監(jiān)視工具。 這將使我們能夠以自然且易于理解的方式模擬調(diào)試功能和常規(guī)Node.js應(yīng)用程序的概述。 它還有一個免費(fèi)套餐,不需要信用卡即可設(shè)置。
If anything I just mentioned above is new to you, don’t worry. I’ll explain it all below. Otherwise you can freshen up your knowledge by taking a look at these tutorials:
如果我上面剛剛提到的任何東西對您來說都不新鮮,請不要擔(dān)心。 我將在下面解釋所有內(nèi)容。 否則,您可以通過閱讀以下教程來增強(qiáng)知識:
Securing Node.js RESTful APIs with JWT — Authentication and Authorization explained.
使用JWT保護(hù)Node.js RESTful API的安全 -解釋了身份驗(yàn)證和授權(quán)。
A crash course on Serverless with Node.js— Serverless basics explained.
使用Node.js的 Serverless 速成課程 —解釋了Serverless的基礎(chǔ)知識。
Building a Serverless REST API with Node.js and MongoDB — Serverless REST APIs explained.
使用Node.js和MongoDB構(gòu)建無服務(wù)器REST API —說明了無服務(wù)器REST API。
TL; DR (TL;DR)
Before jumping in head first, you can severely hurt my feelings and only read this TL;DR. Or, continue reading the whole article. ?
在先跳頭之前,您可能會嚴(yán)重傷害我的感情,僅閱讀此TL; DR。 或者,繼續(xù)閱讀全文。 ?
Creating the API
創(chuàng)建API
-
--
Adding a database
添加數(shù)據(jù)庫
-
--
Adding the functions
添加功能
-
--
Adding business logic for the users
為用戶添加業(yè)務(wù)邏輯
-
--
Adding the authentication
添加身份驗(yàn)證
-
--
Adding the authorization
添加授權(quán)
Deployment
部署方式
Testing
測試中
Monitoring
監(jiān)控方式
Ready? Let’s jump in!
準(zhǔn)備? 讓我們跳進(jìn)去!
創(chuàng)建API (Creating the API)
First of all, we need to set up the Serverless framework for our local development environment. This framework is the de facto framework for all things related to Serverless architectures. Jump over to their site and follow the instructions to set it up, or reference back to the article I linked above.
首先,我們需要為本地開發(fā)環(huán)境設(shè)置無服務(wù)器框架。 該框架是與無服務(wù)器架構(gòu)有關(guān)的所有事物的事實(shí)上的框架。 跳轉(zhuǎn)到他們的網(wǎng)站并按照說明進(jìn)行設(shè)置,或者參考上面我鏈接的文章 。
The installation process is incredibly simple. You set up an AWS management role in your AWS account, and link it to your installation of the Serverless framework. The actual installation process is just running one simple command.
安裝過程非常簡單。 您在您的AWS賬戶中設(shè)置了一個AWS管理角色,并將其鏈接到您的無服務(wù)器框架的安裝。 實(shí)際的安裝過程只是運(yùn)行一個簡單的命令。
Fire up a terminal window and run the command below.
啟動終端窗口并運(yùn)行以下命令。
$ npm install -g serverlessMoving on, once you have it installed, there’s only one more command to run in the terminal to get a boilerplate Serverless service on your local development machine.
繼續(xù),一旦安裝完畢,在終端中只需要再運(yùn)行一個命令即可在本地開發(fā)計算機(jī)上獲得樣板的無服務(wù)器服務(wù)。
$ sls create -t aws-nodejs -p api-with-authThe command above will generate the boilerplate code you need.
上面的命令將生成您所需的樣板代碼。
Change to the newly created directory called api-with-auth and open it up with your code editor of choice.
轉(zhuǎn)到新創(chuàng)建的名為api-with-auth目錄,然后使用您選擇的代碼編輯器將其打開。
$ cd api-with-authOnce open, you’ll see two main files. A handler.js and a serverless.yml file. The handler.js contains our app logic while the serverless.yml defines our resources.
打開后,您將看到兩個主要文件。 一個handler.js和一個serverless.yml文件。 handler.js包含我們的應(yīng)用程序邏輯,而serverless.yml定義了我們的資源。
Now it’s time to install some dependencies in order to set up our needed authentication/authorization methods, password encryption and ORM for the database interaction.
現(xiàn)在該安裝一些依賴項(xiàng),以設(shè)置我們所需的身份驗(yàn)證/授權(quán)方法,密碼加密和數(shù)據(jù)庫交互的ORM。
$ npm init -y$ npm install --save bcryptjs bcryptjs-then jsonwebtoken mongooseThere’s what we need for production, but for development we’ll grab the Serverless Offline plugin.
這是生產(chǎn)所需的,但是對于開發(fā),我們將獲取Serverless Offline插件。
$ npm install --save-dev serverless-offlineLovely!
可愛!
添加數(shù)據(jù)庫 (Adding a database)
For the persistent data store, we’ll just grab a hosted MongoDB instance on MongoDB Atlas. Here’s a reference for an article where I explained it in detail.
對于持久性數(shù)據(jù)存儲,我們只需在MongoDB Atlas上獲取托管的MongoDB實(shí)例。 這是我詳細(xì)解釋文章的參考。
In the root of the service folder let’s create a db.js file to keep our logic for the database connection. Go ahead and paste in this snippet of code.
在服務(wù)文件夾的根目錄中,我們創(chuàng)建一個db.js文件來保留數(shù)據(jù)庫連接的邏輯。 繼續(xù)并粘貼此代碼段。
This is a rather simple implementation of establishing a database connection if no connection exists. But, if it exists, I’ll use the already established connection. You see the process.env.DB? We'll use a custom secrets.json file to keep our private keys out of GitHub by adding it to the .gitignore. This file will then be loaded in the serverless.yml. Actually, let's do that now.
如果不存在連接,這是建立數(shù)據(jù)庫連接的相當(dāng)簡單的實(shí)現(xiàn)。 但是,如果存在,我將使用已經(jīng)建立的連接。 您看到了process.env.DB嗎? 我們將使用自定義的secrets.json文件,通過將其添加到.gitignore來將私鑰保留在GitHub之外。 然后,該文件將被加載到serverless.yml 。 實(shí)際上,讓我們現(xiàn)在開始。
Add your MongoDB connection string to the db field.
將您的MongoDB連接字符串添加到db字段。
With this file created, let’s move on to the serverless.yml. Open it up and delete all the boilerplate code so we can start fresh. Then, go ahead and paste this in.
創(chuàng)建此文件后,讓我們繼續(xù)到serverless.yml 。 打開它并刪除所有樣板代碼,以便我們重新開始。 然后,繼續(xù)粘貼。
As you can see, it’s just a simple setup configuration. The custom section tells the main configuration to grab values from a secrets.json file. We'll add that file to the .gitignore because pushing private keys to GitHub is a mortal sin punishable by death! Not really, but still, don't push keys to GitHub. Seriously, please don't.
如您所見,這只是一個簡單的設(shè)置配置。 custom部分告訴主配置從secrets.json文件中獲取值。 我們將該文件添加到.gitignore因?yàn)閷⑺借€推送到GitHub是一種致命罪,應(yīng)處以死刑! 并非如此,但仍然不要將鍵推到GitHub。 說真的,請不要。
添加功能 (Adding the functions)
Just a tiny bit of configuring left to do before jumping into the business logic! We need to add the function definitions in the serverless.yml right below the providers section we added above.
在跳入業(yè)務(wù)邏輯之前,只需要進(jìn)行一點(diǎn)點(diǎn)配置即可! 我們需要在上面添加的providers部分下面的serverless.yml添加函數(shù)定義。
There are a total of five functions.
一共有五個功能。
The VerifyToken.js will contain an .auth method for checking the validity of the JWT passed along with the request to the server. This will be our authorizer function. The concept of how an authorizer works is much like how a middleware works in plain old basic Express.js. Just a step between the server receiving the request and handling data to be sent back to the client.
VerifyToken.js將包含一個.auth方法,用于檢查與請求一起傳遞給服務(wù)器的JWT的有效性。 這將是我們的授權(quán)者功能。 授權(quán)者的工作原理很像中間件在普通的基本Express.js中的工作方式。 在服務(wù)器接收請求和處理要發(fā)送回客戶端的數(shù)據(jù)之間的一個步驟。
The login and register functions will do the basic user authentication. We'll add business logic for those in the AuthHandler.js file.
login和register功能將執(zhí)行基本的用戶身份驗(yàn)證。 我們將在AuthHandler.js文件中添加業(yè)務(wù)邏輯。
However, the me function will respond with the current authenticated user based on the provided JWT token. Here's where we'll use the authorizer function.
但是, me函數(shù)將基于提供的JWT令牌與當(dāng)前經(jīng)過身份驗(yàn)證的用戶進(jìn)行響應(yīng)。 這是我們使用授權(quán)者功能的地方。
The getUsers function is just a generic public API for fetching registered users from the database.
getUsers函數(shù)只是用于從數(shù)據(jù)庫中獲取注冊用戶的通用公共API。
From the serverless.yml file above you can make out a rough project structure. To make it clearer, take a look at the image above.
從上面的serverless.yml文件中,您可以得出一個大致的項(xiàng)目結(jié)構(gòu)。 為了更加清晰,請看上圖。
Makes a bit more sense now? Moving on, let’s add the logic for fetching users.
現(xiàn)在更有意義了嗎? 繼續(xù),讓我們添加獲取用戶的邏輯。
為用戶添加業(yè)務(wù)邏輯 (Adding business logic for the users)
Back in your code editor, delete the handler.js file and create a new folder, naming it user. Here you'll add a User.js file for the model, and a UserHandler.js for the actual logic.
返回代碼編輯器,刪除handler.js文件并創(chuàng)建一個新文件夾,將其命名為user 。 在這里,您將添加一個User.js文件的模型和UserHandler.js的實(shí)際邏輯。
Pretty straightforward if you’ve written a Node app before. We require Mongoose, create the schema, add it to Mongoose as a model, finally exporting it for use in the rest of the app.
如果您之前編寫過Node應(yīng)用程序,則非常簡單。 我們需要Mongoose,創(chuàng)建架構(gòu),將其作為模型添加到Mongoose,最后將其導(dǎo)出以在應(yīng)用程序的其余部分中使用。
Once the model is done, it’s time to add basic logic.
模型完成后,就該添加基本邏輯了。
This is a bit tricky to figure out when you see it for the first time. But let’s start from the top.
第一次看到時很難弄清楚。 但是,讓我們從頭開始。
By requiring the db.js we have access to the database connection on MongoDB Atlas. With our custom logic for checking the connection, we've made sure not to create a new connection once one has been established.
通過要求db.js我們可以訪問MongoDB Atlas上的數(shù)據(jù)庫連接。 利用我們用于檢查連接的自定義邏輯,我們確保一旦建立了連接就不會創(chuàng)建新連接。
The getUsers helper function will only fetch all the users, while the module.exports.getUsers Lambda function will connect to the database, run the helper function, and return the response back to the client. This is more than enough for the UserHandler.js. The real fun starts with the AuthProvider.js.
getUsers幫助器函數(shù)將僅獲取所有用戶,而module.exports.getUsers Lambda函數(shù)將連接到數(shù)據(jù)庫,運(yùn)行幫助器函數(shù),并將響應(yīng)返回給客戶端。 對于UserHandler.js ,這UserHandler.js 。 真正的樂趣始于AuthProvider.js 。
添加身份驗(yàn)證 (Adding the authentication)
In the root of your service, create a new folder called auth. Add a new file called AuthHandler.js. This handler will contain the core authentication logic for our API. Without wasting any more time, go ahead and paste this snippet into the file. This logic will enable user registration, saving the user to the database and returning a JWT token to the client for storing in future requests.
在服務(wù)的根目錄中,創(chuàng)建一個名為auth的新文件夾。 添加一個名為AuthHandler.js的新文件。 該處理程序?qū)覀傾PI的核心身份驗(yàn)證邏輯。 不要浪費(fèi)更多的時間,繼續(xù)并將此代碼段粘貼到文件中。 該邏輯將啟用用戶注冊,將用戶保存到數(shù)據(jù)庫中,并將JWT令牌返回給客戶端以存儲在將來的請求中。
First we require the dependencies, and add the module.exports.register function. It's pretty straightforward. We're once again connecting to the database, registering the user and sending back a session object which will contain a JWT token. Take a closer look at the local register() function, because we haven't declared it yet. Bare with me a few more seconds, we’ll get to it in a moment.
首先,我們需要依賴項(xiàng),并添加module.exports.register函數(shù)。 這很簡單。 我們再次連接到數(shù)據(jù)庫,注冊用戶并發(fā)送回包含JWT令牌的會話對象。 請仔細(xì)查看本地register()函數(shù),因?yàn)槲覀兩形磳ζ溥M(jìn)行聲明。 再等我?guī)酌腌?#xff0c;我們待會兒處理。
With the core structure set up properly, let’s begin with adding the helpers. In the same AuthHandler.js file go ahead and paste this in as well.
在正確設(shè)置核心結(jié)構(gòu)之后,讓我們開始添加助手。 在同一AuthHandler.js文件中,繼續(xù)并將其粘貼。
We’ve created three helper functions for signing a JWT token, validating user input, and creating a user if they do not already exist in our database. Lovely!
我們創(chuàng)建了三個幫助器函數(shù),用于對JWT令牌進(jìn)行簽名,驗(yàn)證用戶輸入以及在數(shù)據(jù)庫中尚不存在的情況下創(chuàng)建用戶。 可愛!
With the register() function completed, we still have to add the login(). Add the module.exports.login just below the functions comment.
完成register()函數(shù)后,我們?nèi)匀槐仨毺砑觢ogin() 。 在功能注釋下方添加module.exports.login 。
Once again we have a local function, this time named login(). Let's add that as well under the helpers comment.
再一次,我們有一個本地函數(shù),這次命名為login() 。 我們還要在助手注釋下添加它。
Awesome! We’ve added the helpers as well. With that, we’ve added authentication to our API. As easy as that. Now we have a token-based authentication model with the possibility of adding authorization. That’ll be our next step. Hang on!
太棒了! 我們也添加了助手。 這樣,我們就向API添加了身份驗(yàn)證 。 就這么簡單。 現(xiàn)在,我們有了一個基于令牌的身份驗(yàn)證模型,可以添加授權(quán)。 那將是我們的下一步。 不掛斷!
添加授權(quán) (Adding the authorization)
With the addition of a VerifyToken.js file, we can house all the authorization logic as a separate middleware. Very handy if we want to keep separation of concerns. Go ahead and create a new file called VerifyToken.js in the auth folder.
通過添加VerifyToken.js文件,我們可以將所有授權(quán)邏輯作為單獨(dú)的中間件存放。 如果我們要保持關(guān)注點(diǎn)分離,非常方便。 繼續(xù),在auth文件夾中創(chuàng)建一個名為VerifyToken.js的新文件。
We have a single function exported out of the file, called module.exporst.auth with the usual three parameters. This function will act as a middleware. If you're familiar with Node.js you'll know what a middleware is, otherwise, check this out for a more detailed explanation.
我們從文件中導(dǎo)出了一個函數(shù),稱為module.exporst.auth具有通常的三個參數(shù)。 此功能將充當(dāng)中間件 。 如果你熟悉Node.js的,你就會知道中間件是什么,否則,檢查這出了更詳細(xì)的解釋。
The authorizationToken, our JWT, will be passed to the middleware through the event. We're just assigning it to a local constant for easier access.
我們的JWT的authorizationToken將通過該事件傳遞給中間件。 我們只是將其分配給本地常量,以便于訪問。
All the logic here is just to check whether the token is valid and send back a generated policy by calling the generatePolicy function. This function is required by AWS, and you can grab it from various docs on AWS and from the Serverless Framework examples GitHub page.
這里的所有邏輯只是檢查令牌是否有效,并通過調(diào)用generatePolicy函數(shù)將生成的策略發(fā)送回去。 AWS要求此功能,您可以從AWS上的各種文檔以及無服務(wù)器框架示例GitHub頁面中獲取 。
It’s important because we pass along the decoded.id along in the callback. Meaning, the next Lambda Function which sits behind our VerifyToken.auth authorizer function will have access to the decoded.id in its event parameter. Awesome, right!?
這很重要,因?yàn)槲覀冊赾allback傳遞了decoded.id 。 意思是,位于我們的VerifyToken.auth 授權(quán)者函數(shù)后面的下一個Lambda函數(shù)將可以訪問其event參數(shù)中的decoded.id 。 太好了,對!!
Once we have the token verification completed, all that’s left if to add a route to sit behind the authorizer function. For the sake of simplicity, let’s add a /me route to grab the currently logged user based on the JWT passed along the GET request.
一旦我們完成了令牌驗(yàn)證,剩下的就是添加一條添加到授權(quán)者函數(shù)后面的路由。 為了簡單起見,讓我們添加一個/me路由,以基于GET請求傳遞的JWT來捕獲當(dāng)前登錄的用戶。
Jump back to the AuthHandler.js file and paste this in.
跳回到AuthHandler.js文件并將其粘貼。
Awesome! The last Lambda Function we’ll add in this tutorial will be module.exports.me. It'll just grab the userId passed from the authorizer and call the me helper function while passing in the userId. The me function will grab the user from the database and return it back. All the module.exports.me Lambda does is just retrieves the currently authenticated user. But, the endpoint is protected, meaning only a valid token can access it.
太棒了! 我們將在本教程中添加的最后一個Lambda函數(shù)將是module.exports.me 。 它只會抓住userId從授權(quán)通過,并調(diào)用me助手功能,同時通過在userId 。 me函數(shù)將從數(shù)據(jù)庫中抓取用戶并將其返回。 Lambda所做的所有module.exports.me只是檢索當(dāng)前經(jīng)過身份驗(yàn)證的用戶。 但是,端點(diǎn)是受保護(hù)的,這意味著只有有效的令牌才能訪問它。
Great work following along so far, let’s deploy it so we can do some testing.
到目前為止,我們將繼續(xù)進(jìn)行出色的工作,讓我們進(jìn)行部署,以便進(jìn)行一些測試。
部署方式 (Deployment)
Hopefully, you’ve configured your AWS account to work with the Serverless Framework. If you have, there’s only one command to run, and you’re set.
希望您已將您的AWS賬戶配置為可與無服務(wù)器框架一起使用。 如果有的話,只有一個命令可以運(yùn)行,并且已經(jīng)設(shè)置好。
$ sls deployVoila! Wait for it to deploy, and start enjoying your Serverless API with JWT authentication and authorization.
瞧! 等待它部署,然后開始使用帶有JWT身份驗(yàn)證和授權(quán)的無服務(wù)器API。
You’ll get a set of endpoints sent back to you in the terminal once the functions have been deployed. We’ll be needing those in the next section.
部署功能后,您將在終端中收到一組端點(diǎn)發(fā)送回給您。 在下一節(jié)中,我們將需要這些。
測試中 (Testing)
The last step in any development process should ideally be making sure it all works like it should. This is no exception. One of the two tools I use for testing my endpoints is Insomnia. So, I’ll go ahead and open it up. But, you can use Postman, or any other tool you like.
理想情況下,任何開發(fā)過程的最后一步都應(yīng)該確保所有工作都按預(yù)期進(jìn)行。 也不例外。 我用于測試端點(diǎn)的兩個工具之一是Insomnia 。 因此,我將繼續(xù)打開它。 但是,您可以使用Postman或任何您喜歡的其他工具。
Note: If you want to start by testing everything locally, be my guest. You can always use serverless-offline.
注意 :如果您想從本地進(jìn)行所有測試,請成為我的客人。 您始終可以使用serverless-offline 。
In your terminal, run a simple command:
在您的終端中,運(yùn)行一個簡單的命令:
$ sls offline start --skipCacheInvalidationBut I like to go hardcore! Let’s test directly on the deployed endpoints.
但是我喜歡成為鐵桿! 讓我們直接在部署的端點(diǎn)上進(jìn)行測試。
Starting slow, first hit the /register endpoint with a POST request. Make sure to send the payload as JSON. Hit Send and you'll get a token back! Nice, just what we wanted.
起步緩慢,首先使用POST請求命中/register端點(diǎn)。 確保將有效負(fù)載作為JSON發(fā)送。 點(diǎn)擊發(fā)送 ,您將獲得令牌! 很好,正是我們想要的。
Copy the token and now hit the /me endpoint with a GET request. Don't forget to add the token in the headers with the Authorization key.
復(fù)制令牌,然后使用GET請求訪問/me端點(diǎn)。 不要忘記使用Authorization密鑰在標(biāo)頭中添加令牌。
You’ll get the current user sent back to you. And there it is. Lovely.
您會把當(dāng)前用戶發(fā)回給您。 在那里。 可愛。
Just to make sure the other endpoints work as well, go ahead and hit the /login endpoint with the same credentials as with the /register endpoint you hit just recently.
為了確保其他端點(diǎn)也正常工作,請繼續(xù)使用與最近/login的/register端點(diǎn)相同的憑據(jù)來命中/login端點(diǎn)。
Does it work? Of course it does. There we have it, a fully functional authentication and authorization system implemented in a Serverless environment with JWT and Authorizers. All that’s left is to add a way to monitor everything.
它行得通嗎? 當(dāng)然可以。 我們擁有一個在JWT和Authorizers的無服務(wù)器環(huán)境中實(shí)現(xiàn)的功能齊全的身份驗(yàn)證和授權(quán)系統(tǒng)。 剩下的就是添加一種監(jiān)視所有內(nèi)容的方法。
監(jiān)控方式 (Monitoring)
I usually monitor my Lambdas with Dashbird. It’s been working great for me so far. My point for showing you this is for you too see the console logs from the Lambda Function invocations. They’ll show you when the Lambda is using a new or existing database connection. Here’s what the main dashboard looks like, where I see all my Lambdas and their stats.
我通常使用Dashbird監(jiān)視Lambda。 到目前為止,對我來說一直很好。 向我展示這一點(diǎn)是因?yàn)槟部梢詮腖ambda函數(shù)調(diào)用中看到控制臺日志。 當(dāng)Lambda使用新的或現(xiàn)有的數(shù)據(jù)庫連接時,它們將向您顯示。 這是主儀表板的外觀,在這里我可以查看所有Lambda及其統(tǒng)計信息。
Pressing on one of the Lambda Functions, let’s say register, you’ll see the logs for that particular function. The bottom will show a list of invocations for the function. You can even see which were crashes and cold starts.
按下Lambda函數(shù)之一,即注冊 ,您將看到該特定函數(shù)的日志。 底部將顯示該函數(shù)的調(diào)用列表。 您甚至可以查看哪些是崩潰和冷啟動。
Pressing on the cold start invocation will take you to the invocation page and you’ll see a nice log which says => using new database connection.
按下冷啟動調(diào)用將帶您進(jìn)入調(diào)用頁面,您將看到一個漂亮的日志,其中顯示=> using new database connect 。
Now backtrack a bit, and pick one of the invocations which is not a cold start. Checking the logs for this invocation will show you => using existing database connection.
現(xiàn)在回溯一下,然后選擇一個調(diào)用,這不是一個冷門。 檢查此調(diào)用的日志將顯示=> using existing database connect 。
Nice! You have proper insight into your system!
真好! 您對系統(tǒng)有適當(dāng)?shù)牧私?#xff01;
結(jié)語 (Wrapping up)
Amazing what you can do with a few nice tools. Creating a REST API with authentication and authorization is made simple with Serverless, JWT, MongoDB, and Dashbird. Much of the approach to this tutorial was inspired by some of my previous tutorials. Feel free to check them out below.
使用一些不錯的工具,您可以做什么。 使用Serverless ,JWT,MongoDB和Dashbird可以輕松創(chuàng)建具有身份驗(yàn)證和授權(quán)的REST API。 本教程的許多方法都受到我以前的一些教程的啟發(fā)。 請隨時在下面查看它們。
Adnan Rahi? - MediumRead writing from Adnan Rahi? on Medium. Co-founder @bookvar_co. Teacher @ACADEMY387. Author @PacktPub. Campsite leader…medium.com
AdnanRahi?-中 閱讀AdnanRahi?在Medium上的寫作。 聯(lián)合創(chuàng)始人@bookvar_co。 老師@ ACADEMY387。 作者@PacktPub。 營地負(fù)責(zé)人… medium.com
The approach of using authorizers to simulate middleware functions is incredibly powerful for securing your Serverless APIs. It’s a technique I use on a daily basis. Hopefully you’ll find it of use in your future endeavors as well!
使用授權(quán)者來模擬中間件功能的方法對于保護(hù)無服務(wù)器API的功能非常強(qiáng)大。 我每天都使用這項(xiàng)技術(shù)。 希望您在以后的工作中也會發(fā)現(xiàn)它的用處!
If you want to take a look at all the code we wrote above, here’s the repository. Or if you want to dig deeper into the lovely world of Serverless, have a look at all the tools I mentioned above, or check out a course I authored.
如果您想看一下我們上面編寫的所有代碼, 這里是存儲庫 。 或者,如果您想深入研究Serverless的美好世界,請查看我上面提到的所有工具,或者查看我編寫的課程 。
Hope you guys and girls enjoyed reading this as much as I enjoyed writing it. Do you think this tutorial will be of help to someone? Do not hesitate to share. If you liked it, smash the clap below so other people will see this here on Medium.
希望你們和我喜歡寫這本書一樣喜歡閱讀。 您認(rèn)為本教程對某人有幫助嗎? 不要猶豫,分享。 如果您喜歡它,請粉碎 下面 的 拍手 ,以便其他人可以在Medium上看到。
翻譯自: https://www.freecodecamp.org/news/a-crash-course-on-securing-serverless-apis-with-json-web-tokens-ff657ab2f5a5/
web api json
總結(jié)
以上是生活随笔為你收集整理的web api json_有关使用JSON Web令牌保护无服务器API的速成班的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 经常梦到迷路了是什么征兆
- 下一篇: javascript控制台_如何使用Ja