Getting started with uni-id - by intercepting certain requests from users

Last article we talked about creating an instance, before we talked about the basic modules, we talked about how to intercept user requests
Our video tutorial (free) is linked to https://static-b5208986-2c02-437e-9a27-cfeba1779ced.bspapp.com/
Because of the postgraduate entrance examination, it is possible that the articles are shorter and also for the purpose of splitting up each step of operation

Why Intercept

We want to know that some requests from users do not require privileges, such as browsing goods, or browsing without logging in, but users need to confirm their identity when they purchase, so we want to intercept some requests from users.

For example, pre-login purchases or purchases will certainly be blocked and informed of the need to sign in, such as those who need to sign in but do not sign in, we do a block

We also intercept login failures after login, so do some post-login operations (requiring authentication) to discover that login failures do an intercept

The user's request does not correspond to the request in the background, for example, if an A operation does not exist in one of our applications, then the user performs A operation through some channels, such as post/get some non-existent requests, when we inform the illegal request.

How to Intercept

Obviously we don't block login registrations and other requests that don't require privileges/logins to operate and we let them go
At this point we can build an array of intercept fields, and we will let go if the fields exist in the array, otherwise intercept

Complete code (explained below for distribution)

'use strict';
const uniIDs = require('uni-id')
exports.main = async (event, context) => {

	let res = {}; //response
	let params = event.params ?event.params:{}; //Receive Request Data

	const uniID = uniIDs.createInstance({
		context: context
	})
	const noNeedTokens = ['login', 'register', 'logout'];
	if (noNeedTokens.indexOf(event.action) == -1) {
			if (!event.uniIdToken) {
				res = {
					code: 403,
					message: "Not carried token"
				}
				return res;
			} else {
				let check_user = await uniID.checkToken(event.uniIdToken, {});
				if (check_user.code === 0) {
					params.uid = check_user.uid;
				} else {
					res = check_user;
					return res;
				}
			}
	}
	switch (event.action) {
		...Perform corresponding actions
		default: {
			res = {
				code: 402,
				message: "Illegal Request"
			}
			break;
		}
	}	

	//Return data to client
	return res;
};

Build a release array

Here we allow login registration to exit

const noNeedTokens = ['login', 'register', 'logout'];

Release actions that do not require login

Notice the event as above
An action is a judgment of the type of action (such as login and exit)

Here, if we let him pass the array, we let him skip the login failure detection and do it directly

const noNeedTokens = ['login', 'register', 'logout'];
if (noNeedTokens.indexOf(event.action) == -1) {
		Detect whether the login is invalid or not
}
switch (event.action) {
	...Perform corresponding actions
}

Intercept unregistered and invalid logins

uniIdToken is the token that you get when you log in, that is, token
uniID.checkToken is a uni-id authentication operation used to detect visible documents https://uniapp.dcloud.io/uniCloud/uni-id?id=checktoken

The steps are as follows
If uniIdToken does not exist then it is determined that it is not logged in
Set the response result res and return res directly; Skip next steps

Determine whether token is invalid if it exists
Call uniID.checkToken judges (permissions can also be judged here)
If it doesn't expire, we get a uniID. Uid (user id) in the returned result of checkToken
For subsequent operations
Otherwise it will be uniID. Reasons why checkToken failed are returned as response results

const noNeedTokens = ['login', 'register', 'logout'];
if (noNeedTokens.indexOf(event.action) == -1) {
		if (!event.uniIdToken) {
			res = {
				code: 403,
				message: "Not carried token"
			}
			return res;
		} else {
			let check_user = await uniID.checkToken(event.uniIdToken, {});
			if (check_user.code === 0) {
				params.uid = check_user.uid;
			} else {
				res = check_user;
				return res;
			}
		}
}
switch (event.action) {
	...Perform corresponding actions
	default: {
			res = {
				code: 402,
				message: "Illegal Request"
			}
			break;
		}
}

Intercept illegal requests

See switch case inform illegal request if no response action is found

const noNeedTokens = ['login', 'register', 'logout'];
if (noNeedTokens.indexOf(event.action) == -1) {
		if (!event.uniIdToken) {
			res = {
				code: 403,
				message: "Not carried token"
			}
			return res;
		} else {
			let check_user = await uniID.checkToken(event.uniIdToken, {});
			if (check_user.code === 0) {
				params.uid = check_user.uid;
			} else {
				res = check_user;
				return res;
			}
		}
}
switch (event.action) {
	...Perform corresponding actions
	default: {
			res = {
				code: 402,
				message: "Illegal Request"
			}
			break;
		}
}

epilogue

End of this intercept request

Keywords: uni-app uniCloud

Added by Moharo on Sat, 15 Jan 2022 09:17:22 +0200