Comments (7)
disable is DEPRECATED, so change with disallowed
app.service('track_record').hooks({
before : {
update : hooks.disallow(),
create : hooks.disallow(),
remove : hooks.disallow(),
patch : hooks.disallow()
},
after : {
find : response(),
get : response()
}
})
from feathers-rest.
I think what you are asking for is already possible using the disable hook. The disable hook allows to disable access to all or specific service methods for all or specific external providers or to disable it completely:
const hooks = require('feathers-hooks');
app.service('users').before({
// Users can not be created by external access
create: hooks.disable('external'),
// A user can not be deleted through the REST provider
remove: hooks.disable('rest'),
// Disable calling `update` completely (e.g. to only support `patch`)
update: hooks.disable()
});
from feathers-rest.
Oh yes I see now. Apologies, I should have read the docs more closely. Thanks!
from feathers-rest.
It's a great question and granted, it is a little hidden. I created a follow-up issue in feathersjs/docs#93 and will add it to the FAQ.
from feathers-rest.
Hello, i have got one simiral issue.
I am using react-starter-kit.
I use express.
I use feathers like this
const api = feathers();
api.use(compress())
.configure(hooks())
.configure(rest())
.configure(services)
.configure(middleware);
module.exports = api;
const app = express();
app.use('/api/feathers', api);
TestService
'use strict';
const service = require('feathers-sequelize');
const Test= require('./Test-model');
const hooks = require('./hooks');
module.exports = function(){
const app = this;
const options = {
Model: Test(app.get('sequelize')),
};
// Initialize our service with any options it requires
app.use('/Test', service(options));
/// Get our initialize service to that we can bind hooks
const TestService = app.service('/Test');
// Set up our before hooks
TestService .before(hooks.before);
// Set up our after hooks
TestService .after(hooks.after);
};
In my application i am using
fetch("/api/feathers/Test"+query) (GET)
I do not have got user authentication my application can have any visitors.
When a visitor visit the site he can type "/api/feathers/Test"+query in adress bar and get some data
How i can disable this? So only the application can make this rest calls and nobody else?
from feathers-rest.
I would remove the sub-app setup and just add the api/
prefix to you service names and then add authentication as documented and created by the generator. Sub-apps are definitely not recommended because they don't play very nicely with websockets or the authentication plugin.
from feathers-rest.
What u mean remove sub-app? you mean i have to remove const app = express(); ?
And if add authentication don't i need to authenticate every user with login? (i do not have registration system as i do not need it)
from feathers-rest.
Related Issues (20)
- Consider how to handle file upload HOT 5
- Add headers and remote IP
- res.hook should exist in middleware after errors
- Setting 'content-type' header properly with boundary HOT 3
- $in: [] returning unexpected results HOT 2
- JSON-API + feathers-rest HOT 4
- Property 'axios' does not exist on type 'Transport' HOT 4
- $gte query example? HOT 2
- Map route parameters to `params.route` HOT 1
- How to return a pdf download file instead of data ?
- Update returning 204 HOT 2
- An in-range update of feathers is breaking the build 🚨 HOT 1
- Prepare for feathers v3 HOT 9
- Angular http implementation error HOT 1
- Client fails to parse json response on 204 status using fetch HOT 2
- $in operator doesn't work correctly through rest HOT 15
- fn.call is not a function(…) on client side with webpack HOT 2
- Client: Support Service Middleware / Generic Service HOT 5
- support axios? HOT 3
- Custom HTTP status code response HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from feathers-rest.