Object: User
Frontend
CabloyJS manages the current login status of the frontend through the Vuex mechanism, so that other places can directly reference the user information
const op = this.$store.state.auth.user.op;
const agent = this.$store.state.auth.user.agent;
const loggedIn = this.$store.state.auth.loggedIn;
| Name | Description |
|---|---|
| auth.user.op | the current user as operator |
| auth.user.agent | the current user as login |
| auth.loggedIn | logged in or not |
If
user agentis not used, thenop === agent
Backend
CabloyJS injects object user into ctx through the global middleware auth, which facilitates direct access to the user information
const op = this.ctx.user.op;
const agent = this.ctx.user.agent;
const loggedIn = this.ctx.isAuthenticated()
| 名称 | 说明 |
|---|---|
| ctx.user.op | the current user as operator |
| ctx.user.agent | the current user as login |
| ctx.isAuthenticated() | logged in or not |
First Visit Mechanism
When a user open the frontpage page for the first time, the frontend will first perform the backend API route /a/base/auth/echo, check whether the current user has logged in through the returned user information, and store the user information in the Vuex system
egg-born-front/src/inject/pages/app.vue
// get auth first
this.$api.post('/a/base/auth/echo').then(data => {
// Vuex
this.$store.commit('auth/login', {
loggedIn: data.user.agent.anonymous === 0,
user: data.user,
});
};
Login Page
CabloyJS provides a unified configuration mechanism of login page, which can freely combine user/password authentication and the third-party authentication such as GitHub, etc.
For details, please refer to authentication: login page
User Authentication
CabloyJS provides a global middleware auth, which is used to authenticate users in backend API route. If the verification fails, an exception will be thrown automatically, and subsequent logic will be interrupted
The global middleware auth is provided by the module a-base. Its source code is as follows:
module.exports = options => {
return async function auth(ctx, next) {
if (!ctx.isAuthenticated() || !ctx.user.op || !ctx.user.agent) {
// anonymous
await ctx.meta.user.loginAsAnonymous();
} else {
// check if deleted,disabled,agent
await ctx.meta.user.check();
}
// if user
if (options.user && ctx.user.op.anonymous) ctx.throw(401);
// next
await next();
};
};
Disable auth
auth is a global middleware, so it will be automatically attached to all API routes. If you want to disable middleware auth, the configuration is as follows:
src/suite-vendor/test-party/modules/test-party/backend/src/routes.js
{ method: 'post', path: 'party/create', controller: party, middlewares: 'inner', meta: { auth: { enable: false } } },
Configure auth
The middleware auth can also pass in the parameter user, which is used to specify that the current user must be an authenticated user. If the current user is an anonymous user, it will be rejected
a-base-sync/backend/src/routes.js
{ method: 'post', path: 'auth/check', controller: auth,
meta: { auth: { user: true } }
},
Comments: