I have set policies at the controller level for few controllers and the specific actions in the controllers. But if i have a model with the name test and when I call the API localhost:<port>/test it returns the response of the whole data which is there under test. Basically it does a test.find()
How do I restrict this ? Something like:
{
"test":"isAuthenticated"
}
I'm using passportjs along with sails.
You can create a policies.js inside config folder and specify the policies for the controller there.
{
// Apply 'isLoggedIn' to all actions by default
'*': 'isLoggedIn',
ProfileController: {
'foo': 'isAdmin'
}
}
isAdmin.js is a js file inside policies directory. You can get more information here
Found a way to add it in the API level.
in my routes:
'/modelName': { policy: 'isAuthenticated' }
Related
I need to show a popup when the old domain is redirected to new domain in the nuxt js.
I have modified the . htaccess file and have a modal in the index.vue.
mounted() {
const modal = document.getElementById('modal')
if (document.referrer.indexOf('https://olddomain.com') > -1) {
alert('Previous domain redirected')
modal.style.display = 'block'
}
}
But there is no popup displayed. Is there a better way to do this using nuxt.
You can try the following:
Create a middleware in middleware/popupCheck.js name is up to you..
when you are creating middleware in Nuxt you should export default function, like this:
export default function(context) {
if (context.req.headers['your-custom-header']) {
// Use vuex store to dispatch an action to show a popup or set a cookie
// to listen to. Here the logic should be defined by the implementation.
}
}
The point here is to listen for a header in the request, could be a cookie also, that you have to send from your old site for every request, so make sure it's not something generic, but instead something that you cannot hit easily by mistake..
After you create your middleware you can use it on pages or layouts views, and you should add it in the default object you export:
export default {
middleware: 'popupCheck',
}
Without importing the middleware you just call it by name, this could also be an array if you wish to add multiple middlewares, and the order in that array is important.
There might be a better way to solve this, but this is the first one that came to my mind..
I'm new to sails, using 1.0.
I created an app with the --minimal command line switch and now I wish to add in some functionality.
I've already successfully added the ORM functionality (by adding sails-hook-orm, config/datasources and config/models.
Now I wish to enable the automatic blueprint routes. I've already added config/blueprint like so:
module.exports.blueprints = {
prefix: '/api/v1',
actions: true,
rest: true,
// shortcuts: true,
};
Now, if I manually add in the routes and actually write the standalone actions, for example, like below:
'GET /api/v1/users/:id': { action: 'users/find-one' },
It works. But I was expecting that blueprint would abstract those away from me when I set rest: true on the config...
What else should I check?
By the documentation is just put rest as true (is true by default), and this should work, seem like you have missing something else. Check if you have your controller created and your model with the same name.
controllers
UserController.js
models
User.js
If you don't have the controller created then the blueprint is not going to work
I'm using FlowRouter in a Meteor app. In one case, a resource is not available until a certain date/time, so we redirect to another route. Is there anyway to replace the route to the restricted resource with the path to the redirect such that the restricted resource route will not appear in the browser history. Doing will make the history (using back, forward) more UX friendly.
I can achieve this in FlowRouter's triggersEnter for the route, by stepping outside of FlowRouter with something like:
if(restricted) {
return window.location.replace(`/waitingroom/${resourceId}/user/${Meteor.userId()}`);
}
...but this causes a page reload, which is sort of undesirable.
Any idears?
Functions pass to triggersEnter have the 2nd param named redirect you can use it to redirect to other pages without reloading the page and having a clean history:
FR.route('/restricted-route', {
name: 'RestrictedRoute',
triggersEnter: [function(context, redirect) {
redirect('/replace-route');
}]
});
FR.route('/replace-route', {
name: 'ReplaceRoute',
action() {
// ...
}
});
Updated
I am not sure why it's required to be sync. Anyway FlowRouter uses Page.js behind the scene to do navigation, if you can not use redirect then this should work:
FR.route('/restricted-route', {
name: 'RestrictedRoute',
triggersEnter: [function(context, redirect) {
Meteor.setTimeout(() => {
FlowRouter._page.replace('/replace-route');
}, 1000);
}]
});
Note: this is not the public API, therefore you should test it carefully before using in production.
i have routing file which lock like:
Router.map(function(){
this.route('gameSmall', {path: '/'});
this.route('gameMedium', {path: '/game-medium'});
this.route('gameLarge', {path: '/game-large'});
});
etc.
if i want to limiting access to some of path (only for some user who has password), can i configure it in router file? or only through native js in template?
Iron Router does not support limiting access by a configuration file. Instead you define access in your js source.
You can limit access to routes globally and per route. Both use the onBeforeAction event to evaluate access to the route(s).
onBeforeAction accepts a callback function where you write your access rule.
A global onBeforeAction event might look something like this:
Router.onBeforeAction(function() {
if (!Meteor.isServer) {
// Check the user. Whether logged in, but you could check user's roles as well.
if (!Meteor.userId()) {
this.render('pageNotFound'); // Current route cancelled -> render another page
} else {
this.next(); // Continue with the route -> will render the requested page
}
}
},
{
except: ['gameSmall']
});
Notice the except field in the second parameter. It contains an array of routes to be excluded from the onBeforeAction and therefore these are always rendered. There is also a field only which does the opposite, include routes to be evaluated by the onBeforeAction.
Also note that I used a template pageNotFound (404 page). You can define that page in IR's configuration like this:
Router.configure({
notFoundTemplate: 'pageNotFound'
});
I'd like to show a maintenance page on my site. I plan on saving a Boolean value to the db in order to control when to show the page or not. How can I have the maintenance page show for just my controller routes? I'd like to continue to have sails serve scripts, stylesheets, and images normally.
You could use a policy to achieve this.
// api/policies/inMaintenance.js
module.exports = function(req, res, next) {
var maintenanceMode = ... // get the value
if (maintenanceMode) return res.view('maintenance');
next();
}
// config/policies.js
module.exports.policies = {
'*': 'inMaintenance',
...
}
In your views folder add maintenance.ejs.
All the assets will still be available.
There is one drawback to this approach though, if in config/routes.js you have a route pointing directly to a view it will not go through the policy. Thus, you need all routes to be handled by controllers.
You can check the Sails documentation on policies to better understand how they work.