0

我已经使用羽毛生成器启动了一个非常简单的应用程序。我想知道如何向身份验证端点添加一个钩子,以防止用户在其状态设置为“已阻止”时登录。

我知道如何在用户服务上创建钩子,但我想我希望这个钩子在身份验证服务上,我不太确定在哪里做这个。

谢谢

4

1 回答 1

1

您可以通过实施自定义策略 ( doc )来做到这一点

假设您使用本地策略(电子邮件+密码)

然后你可以做这样的事情:

const { AuthenticationService, JWTStrategy } = require('@feathersjs/authentication');
const { NotAuthenticated } = require('@feathersjs/errors');
const { LocalStrategy } = require('@feathersjs/authentication-local');

    // Extend the LocalStrategy
    class CustomLocalStrategy extends LocalStrategy {
      async authenticate(authentication, params) {
        let resp;

        // Normal authentication
        try {
          resp = await super.authenticate(authentication, params);
        } catch (e) {
          if (e instanceof NotAuthenticated) {
            throw new NotAuthenticated('Not authenticated', {
              reason: 'invalid'
            });
          }
        }

        // Check if user is blocked, blocked should be a bool in the user model
        if (resp.user.blocked) {
          throw new NotAuthenticated('Not authenticated', {
            reason: 'blocked'
          });
        }

        return resp;
      }
    }

    // Register the strategy
    module.exports = app => {
      const authentication = new AuthenticationService(app);
      authentication.register('local', new CustomLocalStrategy());
      app.use('/authentication', authentication);
    };
于 2020-02-11T21:51:49.627 回答