I'd like to show a maintenance page on my site. I plan on saving a Boolean value to the db in order to control when to show the page or not. How can I have the maintenance page show for just my controller routes? I'd like to continue to have sails serve scripts, stylesheets, and images normally.
You could use a policy to achieve this.
// api/policies/inMaintenance.js
module.exports = function(req, res, next) {
var maintenanceMode = ... // get the value
if (maintenanceMode) return res.view('maintenance');
next();
}
// config/policies.js
module.exports.policies = {
'*': 'inMaintenance',
...
}
In your views folder add maintenance.ejs.
All the assets will still be available.
There is one drawback to this approach though, if in config/routes.js you have a route pointing directly to a view it will not go through the policy. Thus, you need all routes to be handled by controllers.
You can check the Sails documentation on policies to better understand how they work.
Related
I need to show a popup when the old domain is redirected to new domain in the nuxt js.
I have modified the . htaccess file and have a modal in the index.vue.
mounted() {
const modal = document.getElementById('modal')
if (document.referrer.indexOf('https://olddomain.com') > -1) {
alert('Previous domain redirected')
modal.style.display = 'block'
}
}
But there is no popup displayed. Is there a better way to do this using nuxt.
You can try the following:
Create a middleware in middleware/popupCheck.js name is up to you..
when you are creating middleware in Nuxt you should export default function, like this:
export default function(context) {
if (context.req.headers['your-custom-header']) {
// Use vuex store to dispatch an action to show a popup or set a cookie
// to listen to. Here the logic should be defined by the implementation.
}
}
The point here is to listen for a header in the request, could be a cookie also, that you have to send from your old site for every request, so make sure it's not something generic, but instead something that you cannot hit easily by mistake..
After you create your middleware you can use it on pages or layouts views, and you should add it in the default object you export:
export default {
middleware: 'popupCheck',
}
Without importing the middleware you just call it by name, this could also be an array if you wish to add multiple middlewares, and the order in that array is important.
There might be a better way to solve this, but this is the first one that came to my mind..
I have an existing Sails V1 project that was generated as an empty app (it uses a React front-end). I'd now like to add in the auth endpoints that would have been created if the app had been generated as a web app. Is that possible?
Yes, it is possible.
You need to hook up the policies and related actions. Your best bet, I would say, is to generate a new project, with the front-end included, and see how that is set up. It utilizes the policy-middleware to call the policy-actions.
module.exports.policies = {
'*': 'is-logged-in',
// Bypass the `is-logged-in` policy for:
'entrance/*': true,
'account/logout': true,
'view-homepage-or-redirect': true,
'deliver-contact-form-message': true,
};
Here you see that the policy.js in the /config folder, calls is-logged-in for all controllers by default. You also see that there is some exceptions added below.
is-logged-in is the file /api/policies/is-logged-in.js:
module.exports = async function (req, res, proceed) {
// If `req.me` is set, then we know that this request originated
// from a logged-in user.
if (req.me) {
return proceed();
}
// Otherwise, this request did not come from a logged-in user.
return res.unauthorized();
};
This is the part that does the check for the logged-in status of the user. You can see that it uses the req.me part, which is set up in the api/hooks/custom/index.js. Here it loads the user from the database and makes the logged in users data available on the req object.
If you don't have, or want to use, this hook, you can exchange req.me with req.session.userId, assuming that you set the userId on the session-object on your login-handler. Example from Sails-code:
....
var userRecord = await User.findOne({
emailAddress: inputs.emailAddress.toLowerCase(),
});
// check user exist
....
// check password
....
//check remember-me
....
// Modify the active session instance.
this.req.session.userId = userRecord.id;
// Send success response (this is where the session actually gets persisted)
return exits.success();
....
I hope this gets you on the right path, at least in terms of where to dig deeper.
I need to create a validation layer for my REST services, I'm using sailsjs.
Someone know how can I do that?
I tried to create a hook but I cant access routes definitions and the hook is called before start policies :'(
The way is something like picture below.
It is perfectly fine to use policies to pre-process requests before they are passed to the controllers. Policies are not just for authentication and acl. They are so versatile you can use them for anything.
E.g.
policies/beforeUpdateTicket.js
module.exports = function(req, res, ok) {
TicketService.checkTicket(req.params.id, null, true).then(function(ticket) {
# You can even modify req.body
req.body.checked = true;
return ok();
}).fail(function(err) {
# Don't go to the controller, respond with error
return res.send(JSON.stringify({
message: 'some_error'
}), 409);
});
};
i have routing file which lock like:
Router.map(function(){
this.route('gameSmall', {path: '/'});
this.route('gameMedium', {path: '/game-medium'});
this.route('gameLarge', {path: '/game-large'});
});
etc.
if i want to limiting access to some of path (only for some user who has password), can i configure it in router file? or only through native js in template?
Iron Router does not support limiting access by a configuration file. Instead you define access in your js source.
You can limit access to routes globally and per route. Both use the onBeforeAction event to evaluate access to the route(s).
onBeforeAction accepts a callback function where you write your access rule.
A global onBeforeAction event might look something like this:
Router.onBeforeAction(function() {
if (!Meteor.isServer) {
// Check the user. Whether logged in, but you could check user's roles as well.
if (!Meteor.userId()) {
this.render('pageNotFound'); // Current route cancelled -> render another page
} else {
this.next(); // Continue with the route -> will render the requested page
}
}
},
{
except: ['gameSmall']
});
Notice the except field in the second parameter. It contains an array of routes to be excluded from the onBeforeAction and therefore these are always rendered. There is also a field only which does the opposite, include routes to be evaluated by the onBeforeAction.
Also note that I used a template pageNotFound (404 page). You can define that page in IR's configuration like this:
Router.configure({
notFoundTemplate: 'pageNotFound'
});
I have a few questions that I couldn't find answers anywhere online.
Does sails.js framework support HTTP PATCH method? If not - does anyone know if there is a planned feature in the future?
By default if I create method in a controller it is accessible with GET request is it the routes.js file where I need to specify that method is accessible only via POST or other type of methods?
How would you create a policy that would allow to change protected fields on entity only for specific rights having users. I.e: user that created entity can change "name", "description" fields but would not be able to change "comments" array unless user is ADMIN?
How would you add a custom header to "find" method which specifies how many items there are in database? I.e.: I have /api/posts/ and I do query for finding specific items {skip: 20; limit: 20} I would like to get response with those items and total count of items that would match query without SKIP and LIMIT modifiers. One thing that comes to my mind is that a policy that adds that that custom header would be a good choice but maybe there is a better one.
Is there any way to write a middle-ware that would be executed just before sending response to the client. I.e.: I just want to filter output JSON not to containt some values or add my own without touching the controller method.
Thank you in advance
I can help with 2 and 5. In my own experience, here is what I have done:
2) I usually just check req.method in the controller. If it's not a method I want to support, I respond with a 404 page. For example:
module.exports = {
myAction: function(req, res){
if (req.method != 'POST')
return res.notFound();
// Desired controller action logic here
}
}
5) I create services in api/services when I want to do this. You define functions in a service that accept callbacks as arguments so that you can then send your response from the controller after the service function finishes executing. You can access any service by the name of the file. For example, if I had MyService.js in api/services, and I needed it to work with the request body, I would add a function to it like this:
exports.myServiceFunction = function(requestBody, callback){
// Work with the request body and data access here to create
// data to give back to the controller
callback(data);
};
Then, I can use this service from the controller like so:
module.exports = {
myAction: function(req, res){
MyService.myServiceFunction(req.body, function(data){
res.json(data);
});
}
}
In your case, the data that the service sends back to the controller through the callback would be the filtered JSON.
I'm sorry I can't answer your other questions, but I hope this helps a bit. I'm still new to Sails.js and am constantly learning new things, so others might have better suggestions. Still, I hope I have answered two of your questions.