- vagrant homestead ‘latest’:
Currently, I’m using Nuxt.js as frontend and Strapi as the api backend. The project is a CMS that will have multiple user’s logging in and storing their own information in the database. I’ve got the user credentials working fine using the $strapi.user variable to check for validation, and then a middleware script to check if the user has been authorized in order for them to have access beyond the logon screen.
Since everyone would share a “products” table to store their own entries, there needs to be differentiation in the table itself, such as a UUID, or unique user id, that would allow the api to determine if the table entry belongs to the user requesting it. So if I were to create the api without using strapi, the backend would crosscheck the UUID and make sure that it only retrieves the table entries for that user. One option is to do a $strapi.find() using the UUID from the $strapi.users on the nuxt client side, but this would expose this information to the client side, and allow for injection from other users. It would be better to have all this info relegated to the server side so that it isn’t exposed to the client. Another option is to create a proxy api, that first gets the user’s UUID, and does the $strapi.find() on the server, filters results for UUID, and then feeds the filtered results to the client.