I'm looking the best way to "restrict" specific routes, I'm going to explain it with an example:
I have two users:
-user1 id:123
-user2 id:456
Client Side (Angular):
//LOGGED AS USER 123
$http.post('www.domain.com/api/user/123')
.then(function (data) {
// here I should receive the data from user 123
})
The code above it's easy to do, but I want to rescrict this endpoint (from server side) only for user 123. If user 456 try to get that endpoint shoul be kicked. Example:
//LOGGED AS USER 456
$http.post('www.domain.com/api/user/123')
.then(function (data) {
// should return error (forbidden resource)
})
As you can see, if your are logged as user 456, you could get data from "api/user/123", but you could get from "api/user/456"
QUESTION:
What is the best way to do it with Node/Express/JWT ??
via Julián B
No comments:
Post a Comment