1

我正在 CapnProto 中实施一项服务。该服务遵循以下步骤(大致):

  1. 在服务器上进行身份验证
  2. 一旦通过身份验证,就可以通过服务接口(对象能力)进行操作。

我想实现以下目标:

interface Authorization {
   login @0 (userName :User) -> (result :Service);
}

interface Service {
   # doOperation needs userName in order to operate, as an implicit
   # parameter, when the RPC arrives. I do not want to use an explicit 
   # userName parameter. Otherwise, a user could claim to
   # be someone else in a function parameter. To achieve this I need
   # to know who is the userName that holds this capability from inside
   # doOperation. I want to avoid token authentication 
   # for each operation.
   # Thus, the RPC I am implementing is stateful.
   doOperation @0 (param1 :A); 
   #...
}

我想要的是,从 doOperation 中,我可以识别正在使用该功能的用户(我想知道她的用户名)。即:

  • 我解决的是已知使用服务功能的用户具有该权限(因为服务是调用登录的结果)

  • 问题是我有很多这样的用户,对于他们中的每一个,我想在第一步中做服务能力的用户和她的登录之间的匹配。

4

1 回答 1

1

It turns out that this was very simple.

When creating Service interface in code, just pass the authentication information and save it in the Service object, like this:

class ServiceImpl : public Service::Server {
   string userId_;
public:
   explicit ServiceImpl(string userId) : userId_(move(userId)) {}
protected:
   kj::Promise<void> doOperatoration(DoOperationContext ctx) override {
        //use userId_ here

   }
};

class AuthorizationImpl : public Authorization::Server {
protected:
   kj::Promise<void> login(LoginContext ctx) override {
       std::string user = ctx.getParams().getUserName();
       //Here I forward the authentication state to the service
       ctx.getResults().setService(kj::heap<ServiceImpl>(user);     
       //..
   }
};
于 2019-08-24T08:26:18.583 回答