0

I am totally new to Action HeroJS and I was wondering how can I restricted users to access my action herojs rest API, url from the browser? I have even put the route as POST, but it is still accessible by get method?

Just like in java when we specify a rest api as post, it will not be accessible by get or browser url? How can I accomplish this?

Edit: Contacted the Action Hero, on github, they were pretty helpful, the solution was: in web.js, put simpleRouting : false, and it should resolve the Issue. Before you could access a post routed action, from the URL but after doing this you cannot!! accessing a POST using get will return you a 404.

Thanks @Evan

Manam
  • 354
  • 5
  • 16

1 Answers1

1

Regardless of your language/framework, all routes are able to be hit by anyone, unless you block them at load-balancer or similar level.

Rather than thinking about the problem as "how to block" access, you should be thinking about the problem like "how can I ensure that this user is authenticated to use this route". Using things like cookies or tokens is the way to go.

You can use actionhero's middleware to apply access rules to specific actions, and return errors to the use if they aren't allowed.

Here's an example project that does these types of things:

Evan
  • 3,191
  • 4
  • 29
  • 25
  • Thanks for the help, but I do not think this answers my questions reason? I know you can authenticate a user to have access to an api, I have already implemented that part with tokenization, but what I am wondering is, just like you do a get request and you pass the parameters by url?id=12, I should not able able to do that in post request? means it should only go by a payload not a url. like in ajax you say data:data, if you ca please answer me on that part? it would be great!! Thanks. – Manam Apr 11 '16 at 16:23
  • This conversation was moved (and resolved) here => https://github.com/evantahler/actionhero/issues/818 – Evan Apr 12 '16 at 04:57