Master Fastify Authorization: Protect Your API Routes

Поделиться
HTML-код
  • Опубликовано: 7 ноя 2024

Комментарии • 20

  • @santig1399
    @santig1399 11 месяцев назад +3

    Clear, concise, and really good explanation. Nice video!

  • @timashoff
    @timashoff 2 месяца назад +1

    clear explanation! please, keep making content

  • @myriamluce1287
    @myriamluce1287 10 месяцев назад +1

    This was exactly what I needed, thank you! Well done video.

  • @MyCodingDiary
    @MyCodingDiary 11 месяцев назад +1

    Love it! ❤Thanks... New subscriber ❣️

  • @jjrise
    @jjrise Год назад

    awesome... this is exactly what I needed to find today. Thank you very much!

  • @MelroyvandenBerg
    @MelroyvandenBerg 8 месяцев назад +1

    Maybe also try to create a typescript example of your api? Since that makes a lot of sense I think. Creating at least some kind of type safety .. or?

  • @enryunto8087
    @enryunto8087 Год назад +1

    keep it up, good content!

  • @ahmaddanesh1163
    @ahmaddanesh1163 Год назад

    Awesome💯

  • @nathanalberg
    @nathanalberg Год назад

    One things missing.... can't you apply middleware at the register level? ... eg... lock down all of `/api/v1/users` and not `/api/v1/projects`... something like:
    fastify.register(projectRoutes, { prefix: '/api/v1/users', prehandler: auth }); ???

  • @vijaysinhparmar
    @vijaysinhparmar 9 месяцев назад

    If you pass it in header , it will be visible in the browser and anyone can pick that secure key right?

    • @doingandlearning
      @doingandlearning  9 месяцев назад +1

      Yeah. This approach is helpful for server-server communication but not safe for client-server. The example here was more to show a naive approach while dealing with headers.

    • @vijaysinhparmar
      @vijaysinhparmar 9 месяцев назад

      @@doingandlearning Could you please share for webapplication as well

    • @doingandlearning
      @doingandlearning  9 месяцев назад +1

      @@vijaysinhparmar I'm creating a JWT vid which would be a better approach there :)

  • @hey_me0707
    @hey_me0707 Год назад +1

    thats pretty gud

  • @cdexzswzaqME
    @cdexzswzaqME 5 месяцев назад

    but isnt the x-api-key exposed to client side
    i mean anyone can see it

    • @doingandlearning
      @doingandlearning  Месяц назад

      Yes. Absolutely. So this isn't a full security solution. I talk about others in followup videos but as part of a security solution or even as a first step, the xapikey approach is a possible element.

  • @HimanshuPatel-wn6en
    @HimanshuPatel-wn6en 7 месяцев назад

    Why no new videos ?