我试图制定两个挂钩的政策,但没有。这些中的每一个都有效,并且都返回 next(),但是,当它应该传递给控制器时,返回一个空数组而不是设备列表这是我的 config/policies.js
module.exports.policies = {
'*': ['isAuthorized'], // Everything resctricted here
'UserController': {
'create': true // We dont need authorization here, allowing public access
},
'AuthController': {
'*': true // We dont need authorization here, allowing public access
},
'device' : {
'find' : ['isAuthorized', 'isOwner']
}
};
这是我的政策。政策/isAuthorized.js
module.exports = function (req, res, next) {
var token;
if (req.headers && req.headers.authorization) {
var parts = req.headers.authorization.split(' ');
if (parts.length == 2) {
var scheme = parts[0],
credentials = parts[1];
if (/^Bearer$/i.test(scheme)) {
token = credentials;
}
} else {
return res.json(401, {err: 'Format is Authorization: Bearer [token]'});
}
} else if (req.param('token')) {
token = req.param('token');
// We delete the token from param to not mess with blueprints
delete req.query.token;
} else {
return res.json(401, {err: 'No Authorization header was found'});
}
// aqui se consulta a la funcion verify del archivo jwToken.js q esta disponible dentro de services
jwToken.verify(token, function (err, token) {
if (err) return res.json(401, {err: 'Invalid Token!'});
req.token = token; // This is the decrypted token or the payload you provided
next();
});
};
还有policies/isOwner.js,哪个暂时只是测试
module.exports = function(req, res, next) {
// User is allowed, proceed to the next policy,
// or if this is the last policy, the controller
if (req.param('pass') == 'secret') {
return next();
}
// User is not allowed
// (default res.forbidden() behavior can be overridden in `config/403.js`)
return res.forbidden('You are not permitted to perform this action.');
};
我希望你的帮助和对不起我糟糕的英语。