使用另一个表字段作为数据存储身份验证的所有者字段

发布于 2025-01-13 01:57:05 字数 1927 浏览 2 评论 0原文

您的问题与哪个类别相关？ DataStore（GraphQL API）

放大 CLI 版本 7.6.23

您正在使用哪些 AWS 服务？ DataStore（GraphQL API）

提供其他详细信息，例如代码片段。 请务必删除所有敏感数据。

我正在尝试构建一项服务，让人们可以购买某些“人”的订阅并使用他们的信息。我想限制人们，使他们只能在订阅某种媒体后才能访问该媒体的数据。

这是基本结构：

type Post @model {
  id: ID!
  text: String!
  personID: ID! @index(name: "byPerson")
  person: Person! @belongsTo(fields: ["personID"])
}

type Person @model {
  id: ID!
  name: String!
  posts: [Post] @hasMany(indexName: "byPerson", fields: ["id"])
}

type Subscription @model {
  id: ID!
  personID: ID! @index(name: "byPerson")
  person: Person! @belongsTo(fields: ["personID"])
  userSub: String! // or whatever data we need to reference the user
}

所以我们有对人员的订阅，并且人员可以有多个帖子。如果您想获取用户应该能够看到的帖子，则无需获取人员。

应该实现什么：

用户应该只能获取他们订阅的人的帖子。我可以想到两种方法，但它们都需要我更改/更新数据。由于所有数据都存在，因此我不喜欢此类解决方案。

解决方案#1：

为每个用户添加一个组，将其附加到帖子中，并在用户订阅后立即将其添加到组中。

type Post @model @auth(rules: [{ allow: groups, groupsField: "groups" }]) {
  id: ID!
  text: String!
  personID: ID! @index(name: "byPerson")
  person: Person! @belongsTo(fields: ["personID"])
  groups: String!
}

不是粉丝，这需要我每次创建一个人时创建一个组已创建，我基本上在每篇文章中都有重复的信息。

解决方案#2：

使用所有者字段并在用户订阅后立即附加用户。

type Post @model @auth(rules: [{ allow: owner, ownerField: "subscribers" }]) {
  id: ID!
  text: String!
  personID: ID! @index(name: "byPerson")
  person: Person! @belongsTo(fields: ["personID"])
  subscribers: [String]
}

也不是粉丝，我需要在用户订阅/取消其订阅后立即编辑所有帖子。这里的误差幅度和计算量可能很大

我曾考虑过使用自定义解析器（不知道这是否有效，我还没有完全理解它）或自定义 lambda 身份验证检查。自定义 lambda 身份验证检查会导致 DataStore 前端出现一些问题。显然我需要手动刷新 API 的令牌或类似的东西。

我想做什么？

我很想使用订阅 userSub 字段作为帖子的所有者字段。这有可能（使用 DataSync）吗？

原文

Which Category is your question related to?
DataStore (GraphQL API)

Amplify CLI Version
7.6.23

What AWS Services are you utilizing?
DataStore (GraphQL API)

Provide additional details e.g. code snippets. Be sure to remove any sensitive data.

I am trying to build a service where people can buy subscriptions to certain "Persons" and consume their information. I want to restrict people so that they can only access the data of a certain medium when they are subscribed to it.

Here is the basic structure:

type Post @model {
  id: ID!
  text: String!
  personID: ID! @index(name: "byPerson")
  person: Person! @belongsTo(fields: ["personID"])
}

type Person @model {
  id: ID!
  name: String!
  posts: [Post] @hasMany(indexName: "byPerson", fields: ["id"])
}

type Subscription @model {
  id: ID!
  personID: ID! @index(name: "byPerson")
  person: Person! @belongsTo(fields: ["personID"])
  userSub: String! // or whatever data we need to reference the user
}

So we have Subscriptions to Persons and Persons can have multiple posts. It is not necessary to fetch a Person if you want to fetch the Posts that a user should be able to see.

What should be possible:

Users should only be able to fetch the posts of the persons that they are subscribed to. There are two ways that I can think of doing but they all require me to change/update data. Since all the data is present, I am not a fan of such solutions.

Solution #1:

Add a group to each user, attach it to the post and add the user to the group as soon as he subscribed

type Post @model @auth(rules: [{ allow: groups, groupsField: "groups" }]) {
  id: ID!
  text: String!
  personID: ID! @index(name: "byPerson")
  person: Person! @belongsTo(fields: ["personID"])
  groups: String!
}

Not a fan, it requires me to create a group each time a Person is created and I basically have duplicated information here with each post.

Solution #2:

Use an owner field and attach the user as soon as he subscribes

type Post @model @auth(rules: [{ allow: owner, ownerField: "subscribers" }]) {
  id: ID!
  text: String!
  personID: ID! @index(name: "byPerson")
  person: Person! @belongsTo(fields: ["personID"])
  subscribers: [String]
}

Not a fan as well, I need to edit all the postings as soon as a user subscribes/cancels his subscriptions. The margin of error and amount of calculations here could be huge

I have thought about using a custom resolver (no idea if that works, I don't fully understand it yet) or a custom lambda auth check. The custom lambda auth check causes some issues in the frontend with DataStore. Apparently I need to manually refresh the token for the API or something like that.