Welcome to ShenZhenJia Knowledge Sharing Community for programmer and developer-Open, Learning and Share
menu search
person
Welcome To Ask or Share your Answers For Others

Categories

This is axios call I have in my frontend that stores the user's ID in my backend database. But when this application is deployed and the url isn't localhost for that backend server, can't a user just see it from the developer console and trigger it however much he/she wants? How can I use JWT to fix this problem. So far I have spotify Oauth that gives a user an access and refresh token that spotify passes to the url after login. I save those tokens to local storage. Those spotify tokens give me access to their private spotify information such as their userID which I want to add to my database. So as I'm adding that (below is the code), the endpoints need some kind of Authentication so non-authenticated clients can trigger them.

Frontend

 userExists = () => {
    const userid = {
        name: this.props.userID
    }
    axios.post('http://localhost:5000/users/add', userid)
        .then(res => console.log(res.data))
        .catch(err => console.log(err));
}

Backend

const router = require('express').Router();
let User = require('../models/user.model');
router.route('/').get((req, res) => {
    User.find()
        .then(users => res.json(users))
        .catch(err => res.status(400).json('Error: ' + err));
});

router.route('/add').post((req, res) => {
    const name = req.body.id;

    const newUser = new User({
        id,
    });
    User.exists({id})
    .then(username => {

        if (!username){ 
            newUser.save()
                .then(() => res.json('User added!'))
                .catch(err => res.status(400).json('Error: ' + err));
        }
        else{
            res.status(200).send("User Already Exists");
        }

    })
});
question from:https://stackoverflow.com/questions/66051915/having-http-endpoints-in-frontend-code-security

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
292 views
Welcome To Ask or Share your Answers For Others

1 Answer

Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
Welcome to ShenZhenJia Knowledge Sharing Community for programmer and developer-Open, Learning and Share
...