Open bugdanov opened 7 years ago
For server-side operations, instead of relying on a ephemeral accessToken and checking for source IP in remote methods.
We could use Role.registerResolver() in server/boot/role_local-admin.js to define the localAdmin role (https://loopback.io/doc/en/lb3/Defining-and-using-roles.htm)
From context, we could check
The http headers and query can be forwarded from the remote method definition https://loopback.io/doc/en/lb3/Using-current-context.html
Then we could define in config.local.json a username and a hardcoded accessToken (to use in server-side scripts or from tunelled http clients)
The user could be created in server/boot/create-roles-and-users.js
For server-side operations, instead of relying on a ephemeral accessToken and checking for source IP in remote methods.
We could use Role.registerResolver() in server/boot/role_local-admin.js to define the localAdmin role (https://loopback.io/doc/en/lb3/Defining-and-using-roles.htm)
From context, we could check
The http headers and query can be forwarded from the remote method definition https://loopback.io/doc/en/lb3/Using-current-context.html
Then we could define in config.local.json a username and a hardcoded accessToken (to use in server-side scripts or from tunelled http clients)
The user could be created in server/boot/create-roles-and-users.js