将 Google App Engine 自定义子域与用户关联

发布于 2024-10-21 17:24:08 字数 1315 浏览 4 评论 0原文

我有一个在 GAE 上运行的应用程序,并且希望允许用户自己使用子域Google 应用域(例如 myapp.example.com),用于托管自己的自定义版本我的应用程序。

添加子域很容易...只需按 id 添加应用 Google 应用程序,并为其分配一个自定义子域。

但由于我想让他们能够自定义其网站,因此我希望将自定义子域与用户相关联。这成为一个安全问题,因为我不知道如何将设置自定义子域的人员与登录到我的应用程序的用户关联起来。

我想如果我加入应用市场 (100 美元),我就可以做到这一点...通过添加安装中的配置步骤并要求管理员用户。有人这样做过吗?我需要成为市场的一部分吗?

我还可以要求管理员将 TXT 条目添加到域的 DNS,并验证她是否这样做了(与 Google 验证域的方式相同)。这必须在 GAE 之外完成,因为 GAE API 不会支持DNS查询

请注意,我不能只匹配用户登录时的域名后缀,因为来自一个域的多个人(例如 [电子邮件受保护][email protected])可能正在使用我的应用程序,我只想允许设置子域的管理员能够自定义该子域。

有人这样做过吗?有什么解决办法吗?

I have an application running on GAE, and would like to allow the user to use a subdomain on their own google app domain (e.g. myapp.example.com) to host their own customized version of my app.

It's easy to add the subdomain... just add the app by id on their Google app, and assign it a custom subdomain.

But since I want to give them the ability to customize their site, I want to associate the custom subdomain with a user. This becomes a security issue, since I don't know how to associate the person that setup the custom subdomain with a user logged into my app.

I think I could do it if I joined the app market place ($100)... by adding a configuration step in the installation and asking for a admin user. Has anyone done this? Do I need to be part of the marketplace?

I could also ask the admin to add a TXT entry to the domain's DNS, and verify that she did it (the same way Google verifies domains). This would have to be done outside of GAE, since the GAE API doesn't support DNS queries.

Note that I can't just match the domain endings on the user login since multiple people from one domain (e.g. [email protected] and [email protected]) might be using my app, and I only want to allow the admin that setup the subdomain to be able to customize that subdomain.

Has anyone done this? Any solutions?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

梦幻之岛 2024-10-28 17:24:08

这很难。您可以使用应用程序市场,而且您是对的,它允许您在设置之前向管理员征求配置信息。这可能是您的最佳选择,并且还允许您向更多用户公开您的应用程序,并使单点登录成为可能。

如果您不想这样做,可以通过多种方式要求管理员证明所有权。您可以要求他们使用您在其 www 子域(或您的应用程序不提供服务的任何其他子域)上指定的 URL 创建资源。您还可以要求他们将您的应用程序添加到域两次,一次在他们想要提供服务的域下,一次在您组成的验证子域下。

This is tough. You could use the Apps Marketplace, and you're right that it would allow you to solicit configuration information from admins before setting it up. That's likely your best option, and also allows you to expose your app to more users, as well as making single-signin possible.

If you don't want to do that, there are a couple of ways you could ask admins to prove ownership. You could ask them to create a resource with a URL you specify on their www subdomain (or any other subdomain your app doesn't serve off). You could also ask them to add your app to the domain twice, once under the one they want to serve off, and once under a validation subdomain that you make up.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文