如何在Racer / DerbyJS上创建服务器端应用程序逻辑?

问题描述:

我正在学习新的 DerbyJS 堆栈的来龙去脉,我找不到办法放置应用程序逻辑服务器端。声明的意图是所有代码都应该能够在服务器和客户端中运行。但是,我需要隐藏某些数据,并且只有在根据用户会话信息进行身份验证时才会发送到客户端。如何使用 Racer 商店完成此操作?

I'm learning the ins and outs of the new DerbyJS stack, and I can't find a way to put application logic server-side. The stated intent is that all code should be able to run both in the server, and in the client. However, I need certain data to be kept hidden, and only sent to the client if authenticated based on user session info. How can I accomplish this using a Racer store?

您可以将服务器端应用程序逻辑放在 app / server 目录中。在服务器上,Derby应用程序公开了Express中间件,因此您可以在此之前链接其他中间件。例如,如果用户未登录,您可以使用身份验证中间件来阻止呈现某些路由。

You can place server-side application logic in the app/server directory. On the server, Derby apps expose an Express middleware, so you can chain other middleware before this. For example, you could have an authentication middleware that prevents certain routes from being rendered if the user is not logged in.

但是,这不是一个充分的身份验证解决方案,因为数据更新是通过Socket.IO作为消息传入的,并且它们不会通过初始页面请求通过的Express中间件。

However, this is not a sufficient solution to authentication, because data updates come in as messages over Socket.IO, and they won't go through the Express middleware that initial page requests go through.

我们将添加一个简单的解决方案,可以对用户进行身份验证,然后在订阅或修改数据时根据路径对其进行授权,但这尚未实现。这是需要完成的事情清单中的重点,而且Derby仍处于快速发展阶段。

We are going to add a simple solution that makes it possible to authenticate users and then authorize them based on the path whenever they subscribe to or modify data, but this is not implemented yet. This is high on the list of things that need to be done, and Derby is still under rapid development.