分享程序员开发的那些事...
更新时间:2023-12-03 19:51:52
首先使用用户名/电子邮件和密码登录.如果用户名和密码有效,您将从服务器获得授权令牌.然后使用该令牌向服务器发出其他特权请求.
Login initially with the username/email and password. You will get an authorization token back from the server if the username and password are valid. Then use that token to make further privileged requests to the server.
您不需要在客户端上保存有关用户的任何个人数据(电子邮件或密码).但是,如果您不想让用户下次使用该应用程序时再次登录,则可以保存令牌.保存令牌时,应使用安全存储选项. flutter_secure_storage 插件使用 KeyStore 在Android上.
You don't need to save any personal data about the user (email or password) on the client. You can save the token, though, if you don't want to make the user log in again the next time they use the app. When saving the token you should use a secure storage option. The flutter_secure_storage plugin uses KeyChain on iOS and KeyStore on Android.
您可以在后端使用所有想要的用户ID.不过,我不知道需要将它们传递给客户端.在后端,您可以查询用户ID,然后使用它从数据库中获取其他信息.
You can use the user IDs all you want on the backend. I don't know of any need to pass them to the client, though. On the backend you can query the user ID and then use it to fetch other information from the database.
以下是文档中的示例:
Here is an example from the documentation:
class NewsFeedController extends ResourceController {
NewsFeedController(this.context);
ManagedContext context;
@Operation.get()
Future<Response> getNewsFeed() async {
var forUserID = request.authorization.ownerID;
var query = Query<Post>(context)
..where((p) => p.author).identifiedBy(forUserID);
return Response.ok(await query.fetch());
}
}
客户端仅传递令牌.渡槽基于该令牌为您查找用户ID.现在您知道了用户ID.
The client only passed in the token. Aqueduct looks up the user id for you based on that token. Now you know the user ID.
您的其他表可以在用户ID列中添加一列,以便只有该用户才能保存和检索其数据.在上面的示例中,帖子具有作者,而作者具有ID,即用户ID.
Your other tables can have a column for the user ID so that only that user may save and retrieve their data. In the example above, Posts have an Author and an Author has an ID, that is, the user ID.
where((p) => p.author).identifiedBy(forUserID)
等效于
where((p) => p.author.id).equalTo(forUserID)
您可以在高级中阅读有关此内容的信息.文档中的查询部分.