Sails disable criteria for REST in GET

Question

Sails disable criteria for REST in GET

I implemented a passport-local strategy and passport strategy.

When a user logs in with credentials with username / password, I generate a JSON Web Token that returns to the requester. For each request, I get access_token from the request, decode this token from the JWT to an object and issue bearer authorization implemented in /api/policies . And all auth works fine.

But when I provide this access_token RESTful route, i.e. user , I got an empty array.

The problem is that Sails accepts access_token as criteria.

Example:

GET /user ## Forbidden GET /user?access_token=<token> ## Empty array

How to disable or fix it?

+1

rest sails.js

ghaiklor Sep 11 '14 at 14:47

source share

1 answer

sgress454 · Accepted Answer · 2014-09-12T00:23:03+0000

You are probably better off sending the access token in the header than in the URL. But if your request is how the blacklist of a certain property is used as criteria in the project route, it can be done as follows in the config / routes.js file :

 "GET /user": {blueprint: "find", criteria: {blacklist: ["access_token"]}}

This will override the default blacklist, so you can include these defaults in your own array:

 "GET /user": { blueprint: "find", criteria: { blacklist: ["access_token", "limit", "skip", "sort", "populate"] } }

Sails disable criteria for REST in GET

More articles: