Frontend and Backend Separation & API Route Permission

CabloyJS is a framework of frontend and backend separation. The separation of frontend and backend puts forward higher requirements for permission control of backend API routes. Therefore, the core of permissions is to control the permissions of backend API routes

Relationship between Function and API Route

The purpose of API route is to provide corresponding API service to the frontend, which is called function. Therefore, one or more API routes correspond to one function

In practice, it is for function authorization, and then specify which function this route corresponds to in API route, so as to realize access control of API route

For example, the function of role management includes the following groups of API routes

a-baseadmin/backend/src/routes.js

{ method: 'post', path: 'role/add', controller: role, meta: { right: { type: 'function', name: 'role' } } },
{ method: 'post', path: 'role/move', controller: role, meta: { right: { type: 'function', name: 'role' } } },
{ method: 'post', path: 'role/delete', controller: role, middlewares: 'transaction', meta: { right: { type: 'function', name: 'role' } } },
{ method: 'post', path: 'role/includes', controller: role, meta: { right: { type: 'function', name: 'role' } } },
{ method: 'post', path: 'role/addRoleInc', controller: role, meta: { right: { type: 'function', name: 'role' } } },
{ method: 'post', path: 'role/removeRoleInc', controller: role, meta: { right: { type: 'function', name: 'role' } } },
{ method: 'post', path: 'role/build', controller: role, middlewares: 'transaction', meta: { right: { type: 'function', name: 'role' } } },
{ method: 'post', path: 'role/dirty', controller: role, meta: { right: { type: 'function', name: 'role' } } },

Relationship between Function and Menu

Menu is a special case of Function:

  1. First, the menu also corresponds to one or more API routes, and its authorization mode is consistent with the function

  2. Secondly, setting the menu attribute of function to 1 becomes a menu. At the same time, assigning a path of frontend page component to menu will display a menu link on the front page

Declaration of Menu

Each module backend has a meta metadata object in which a menu can be declared

src/module/test-party/backend/src/meta.js

const meta = {
  base: {
    functions: {
      kitchenSink: {
        title: 'Kitchen-sink',
        scene: 'tools',
        actionPath: 'kitchen-sink/index',
        sorting: 1,
        menu: 1,
      },
    },
  },
};
Name Description
title menu’s title. If want to support i18n, you can directly add the corresponding language resources
scene menu’s scene, used for menu classification display
actionPath page component route of frontend
sorting sorting for display
menu menu or not. If not menu then function

Special Menu Items

There are two special menu items: Create Atom and Atom List, whose permissions are associated with Atom Actions. For example, when we configure the actions permissions of create and read for party, then we have corresponding permissions for the menus of Create Party and Party List

Therefore, we need to declare these two menu items as follows:

src/module/test-party/backend/src/meta.js

const meta = {
  base: {
    functions: {
      createParty: {
        title: 'Create Party',
        scene: 'create',
        autoRight: 1,
        atomClassName: 'party',
        action: 'create',
        sorting: 1,
        menu: 1,
      },
      listParty: {
        title: 'Party List',
        scene: 'list',
        autoRight: 1,
        atomClassName: 'party',
        action: 'read',
        sorting: 1,
        menu: 1,
      },
    },
  },
Name Description
autoRight 1: indicates auto right, consistent with the corresponding atom action right
atomClassName atomClass name
action atom action name

Bind API Route

Specifing middleware right in backend API route has two functions:

  1. Specify the relationship between backend API route and function

  2. Verify that the current user has access to the backend API route

src/module/test-party/backend/src/routes.js

{ method: 'post', path: 'kitchen-sink/guide/echo9', controller: testKitchensinkGuide,
  meta: {
    right: {
      type: 'function',
      name: 'kitchenSink',
    },
  },
},
Name Description
meta the metadata of route, which can specify parameters related to middleware
right parameters of middleware right
type authorization type, here is function
name function name

Middleware right is a global middleware specially used for authorization verification