0

我正在尝试将用户 ID 从服务器传递FlowRouter.getParam('id');到服务器以将文件上传到亚马逊。这是一个管理员帐户,因此我使用FlowRouter.getParam('id');来访问正确的用户个人资料信息。问题是我没有正确传递 id,所以这一切都只是错误并停止工作。

如何正确传递 id?

小路uploadFile.js 

let _uploadFileToAmazon = ( file ) => {
  var id = FlowRouter.getParam('id');
  const uploader = new Slingshot.Upload( "uploadProfileImgAdmin", id );
  uploader.send( (file), ( error, url ) => {
    if ( error ) {
      Bert.alert( error.message, "warning" );
      _setPlaceholderText();
    } else {
      _addUrlToDatabase( url );
    }
  });
};

小路server/uploadFile.js 

Slingshot.createDirective( "uploadProfileImgAdmin", Slingshot.S3Storage, {
  bucket: "bhr-app",
  region: "ap-southeast-2",
  acl: "public-read",
  authorize: function (id) {
    console.log("user id: ", id);
    return Files.findOne( { "userId": id } );
  },
  key: function ( file ) {
    var user = Meteor.users.findOne( _id: id );

    return "profile-images" + "/" + user.emails[0].address + "/" + file.name;
  }
});
4

1 回答 1

2

首先,为了获取当前用户的 id,你应该this.userId在服务器上使用authorize方法,不要简单地信任客户端传递的数据(确保用户实际上是管理员并验证参数)。

添加到上传的元上下文应该是一个对象(您正在传递一个字符串),它可用作指令方法的第二个参数。

const uploader = new Slingshot.Upload("uploadProfileImgAdmin", {id});

在服务器上,您的指令的方法获取您传递的file和:meta

Slingshot.createDirective( "uploadProfileImgAdmin", Slingshot.S3Storage, {
  bucket: "bhr-app",
  region: "ap-southeast-2",
  acl: "public-read",
  authorize: function (file, meta) {
    console.log("user id: ", meta.id);
    // validate meta, make sure that the user is an admin and 
    // return a Boolean or throw an error
  },
  key: function (file, meta) {
    var user = Meteor.users.findOne(meta.id);
    return "profile-images" + "/" + user.emails[0].address + "/" + file.name;
  }
});
于 2016-08-15T05:00:25.660 回答