在 Fluree 中,预设安装的 DB 的任何操作是对所有人公开的,后面会谈怎么关闭,这边先透过 nodejs 直接测试。
实务上可以每个 User 开一个一对一的 Auth,然后把对应不同的 Role 分派给 User Auth,来达到对 User 权限的控管。除此之外也可以有一些团体账户的 Auth,可以由团体管控进行操作。(每个 Auth 就是三个组合: public key, private key, auth id)
沿用之前的 flueeAuth 的 nodejs project,建立一个 user.js:
const fetch = require("node-fetch")
const {
signQuery
} = require("@fluree/crypto-utils")
const BASE_URL = "<http://13.114.145.25>"
const PRIVATE_KEY = "5dc54675dc79e2402c9524391995ac6cb633a835104b0a2f866b25e12cb3b2db" // Guest
// const PRIVATE_KEY = "f0df0e365d6586cc731eeafd4b0a26f7084b21441575c9023a609d9bbc478c01" // devGuildMember
const ledger = "seedao/testing"
const queryType = "query"
const param = JSON.stringify({
select: ["*"],
from: "user"
})
const fetchOpts = signQuery(PRIVATE_KEY, param, queryType, ledger)
const fullURI = `${BASE_URL}/fdb/${ledger}/query`
fetch(fullURI, fetchOpts).then(async (response) => {
const body = await response.text()
console.log(body)
})
其中 private key 这边可以使用 Guest 或 devGuildMember 两种 Auth
如果使用 Guest Auth, 因为他的身份并不具备能读取 user 的权限,拿到的就会是空
如果使用 devGuildMember Auth, 因为具备 root 身份,所以就能拿到 user 信息
# node user.js : private key 使用 guest auth
# []
# node user.js : private key 使用 devGuildMember auth
# [{"_id":351843720888323,"user/wallet":"0x5e6CcE07A609D7550Ffd39beEa0d8B2eeF28FCd3"},{"_id":351843720888321,"user/wallet":"0x5e6CcE07A609D7550Ffd39beEa0d8B2eeF28FCd2","user/email":"[email protected]"},{"_id":351843720888320,"user/wallet":"0x7EA1EaA27b313D04D359bF3e654FE927376e31Bb","user/email":"[email protected]"}]
一样沿用之前的 flueeAuth 的 nodejs project,建立一个 craeteEvent.js
这边要特别留意,sign transaction 是需要 private key 和 public key 的,而 public key 主要是为了要拿 Auth ID。
const fetch = require("node-fetch")
const {
getSinFromPublicKey,
signTransaction
} = require("@fluree/crypto-utils")
const BASE_URL = "<http://13.114.145.25>"
// Guest
const PRIVATE_KEY = "5dc54675dc79e2402c9524391995ac6cb633a835104b0a2f866b25e12cb3b2db"
const PUBLIC_KEY = "03e3c980fc66f7176303248ce5af218403eeb8cd8d65b47f1ae6c8705939e05e04"
// devGuildMember
// const PRIVATE_KEY = "f0df0e365d6586cc731eeafd4b0a26f7084b21441575c9023a609d9bbc478c01"
// const PUBLIC_KEY = "02f197465b80bf60715d5321679c640eb5d99d50eda2b18172be04ed95c7617d2d"
const ledger = "seedao/testing"
const expire = Date.now() + 1000;
const fuel = 100000;
const nonce = 1;
const deps = null;
const tx = JSON.stringify([{
"_id":"event",
"host": 351843720888323,
"participants": [351843720888321, 351843720888320],
"starttime": "#(now)"
}])
const authId = getSinFromPublicKey(PUBLIC_KEY);
const command = signTransaction(authId, ledger, expire, fuel, nonce, PRIVATE_KEY, tx, deps)
Object.assign(command, {"txid-only": false});
const fetchOpts = {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(command)
};
const fullURI = `${BASE_URL}/fdb/${ledger}/command`
fetch(fullURI, fetchOpts).then(async (response) => {
const body = await response.text()
console.log(body)
})
key 这边可以使用 Guest 或 devGuildMember 两种 Auth
如果使用 Guest Auth, 因为他的身份并不具备能写入 event 的权限,就会直接得到 400 的错误信息
如果使用 devGuildMember Auth, 因为具备 root 身份,所以就能成功建立 event
就会得到成功 trasact 的返回
### node user.js : private key 使用 guest auth
# {
# "status":400,
# "message":"Insufficient permissions for predicate: event/host within collection: event.",
# "error":"db/write-permission"
# }
# node user.js : private key 使用 devGuildMember auth
# {
# "tempids":{
# "event":[
# 369435906932738,
# 369435906932738
# ]
# },
# "block":31,
# "hash":"a1c83da483cc5a37e962186351223f9ea34c6a0d0e0a083996509c8d939780be",
# "instant":1669301483947,
# "type":"tx",
# "duration":"19ms",
# "fuel":701,
# "auth":"TfAd9E42QrvaLnJzkezGTGH2JVQ3G69ZeHU",
# "status":200,
# "id":"29abf235a67377a441a54f4ad0c5ea809edca25aedee594524ca55bc26547c03",
# "bytes":680,
# "t":-61,
# "flakes":[
# ...
# ]
# }