0

I am most definitely doing something wrong, but how am I suppose to validate that the user is in the DB, if I don't have it's ID? I want to verify that he has entered all the good infos and compare those infos with the infos on his account, that I would fetch like that: user/{id}, but I don't have his id. Or maybe the user login has nothing to do with the REST API? I am lost!

EDIT: And I have an Authorization: Basic Auth, but that is maybe more related to the user of the API then the user of the application?

4

1 回答 1

2

你真的不想让GET /user/:id某人登录你的应用程序,你想要一个完全独立的东西来登录。我有一个POST /login或类似的东西,将用户名和密码发送给它,然后/login可以对他们进行身份验证并设置会话/cookie /... 而且,如果您愿意,它可以发回当前用户的 JSON。结果将是这样的:

$.ajax({
    url: '/login',
    data: { ... },
    success: function(data) {
        app.current_user = new User(data);
        // etc...
    },
    error: function() {
        // Tell 'em to login properly.
    }
});

app将是您的应用程序的全局命名空间,并且User将是您的客户端用户模型。

您不是fetch当前用户,您登录他们,然后直接从一组用户数据中实例化他们。

于 2013-10-28T05:56:21.033 回答