Comments (4)
I'm not to keen on that jsonrpcx extension and I believe that a system for authentication should be handled within JSON-RPC without the need for extensions. It would be easy to do something like this (not checked for validity):
var jayson = require('jayson');
var methods = {
protected_method: authed(function(args, done) {
// do something
done();
})
};
var server = jayson.server(methods, {
collect: true, // all params in one argument
params: Object // params are always an object
});
// bless a fn with auth parameters
function authed(fn) {
return function(args, done) {
var auth = args.auth;
// validate auth token
return fn.call(this, args, done); // pass on like a middleware
};
}
from jayson.
I know that this issue is over a year old now but I am currently evaluating using jayson to implement rpc and and currently dealing with how I can secure individual endpoints. @tedeh Your example is spot on for creating that middleware to validate authentication before running the method logic. In my special case, I am using the "jayson/promise" server so that the services I already have setup to return promises will still work without having to attach the extra "then" block to return the result of the promise in a callback. When clamping the "authed" function around the original function, the option to return a resolved promise no longer seems to work and have to resort to returning the resolved promise result in the callback. Is there something I am missing that can turn the implementation above to support the promise ability of "jayson/promise"?
from jayson.
This works for me:
var jayson = require('../../promise');
var _ = require('lodash');
var server = jayson.server({
add: authed(function(args) {
return new Promise(function(resolve, reject) {
var sum = _.reduce(args, (sum, value) => sum + value, 0);
resolve(sum);
})
})
});
server.http().listen(3000);
function authed(fn) {
return function(args) {
return new Promise(function(resolve, reject) {
const isValid = Math.random() >= 0.5;
if(isValid) {
// key line: pass resolve and reject to promise returned by fn
fn(args).then(resolve, reject);
} else {
reject({code: 5, message: 'invalid credentials provided'});
}
})
}
}
from jayson.
Thanks man, this was the missing link I was looking for. TBH this was the first time I have had the need to look at these middleware-like functions and manipulate them so this helps a lot. With some slight modification to your above example, I have it setup where the body of the original function only needs to return the value we want in the result field of the response instead of having to wrap the body of the method in a new Promise. Here is what I converged on:
var jayson = require('../../promise');
var _ = require('lodash');
var server = jayson.server({
add: authed(function(args) {
return _.reduce(args, (sum, value) => sum + value, 0);
})
});
server.http().listen(3000);
function authed(fn) {
return function(args) {
return new Promise(function(resolve, reject) {
const isValid = Math.random() >= 0.5;
if(isValid) {
// key line: pass resolve and reject to promise returned by fn
resolve(fn(args));
} else {
reject({code: 5, message: 'invalid credentials provided'});
}
})
}
}
The only difference here is really just a matter of preference and implementation I guess.
Thank you for responding back on this and for keeping up this package, it has been pretty easy to work with so far and the documentation already provided does a swell job in answering most questions I would have had.
from jayson.
Related Issues (20)
- data size limit on client requests HOT 2
- TCP client timeout support HOT 3
- gzip compression + alternate headers for server middleware HOT 1
- Compliant JSON-RPC 2.0 client notifications HOT 1
- Server.call type definitions and docs outdated HOT 4
- Server.prototype.call in jayson/promise should return a callback HOT 1
- Reason: TypeError: asn.define is not a function HOT 1
- Does this library expose signal to abort request in flight? HOT 1
- multiple parallel request from a stream HOT 1
- Few Questions
- How to run testing against Jayson HOT 1
- Handling cancelled request HOT 2
- "undefined" params works while "null" params not HOT 1
- @type dependencies should be devDependencies HOT 4
- can Jayson do "bidirectional" calling over websockets? HOT 1
- do tcp.connect every request is very heavy HOT 1
- Server CORS docs issue
- Request timing out after 5 seconds. HOT 2
- Can Jayson RpcClient and RpcRequest support abortController?
- Security vulnerability in ws package, upgrade to at least 8.17.1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jayson.