@SorinGFS As @DMehaffy mentioned, mine is a public API built using ASP.Net WebAPI and the backend is built using Strapi. That way, my front end (built using ReactJS) only communicates with WebAPI without having any knowledge of Strapi ever existing.
Earlier, I was using MongoDB (although I am a SQL Server guy), but using Strapi on top of PostgreSQL seems powerful and faster. Best of all, I need not write any specific StoredProcedure or Views. Also, with Strapi, I get an amazing Dashboard kind of way to handle Data.
@DMehaffy If there are any snippets you have for validating the request using Headers, it would be best.
Although, I believe modifying this code should be more than enough to extract the token from Header.
Replacing ctx.request.query.token to ctx.request.header.token:
if ((ctx.request && ctx.request.header && ctx.request.header.authorization) ||
(ctx.request && ctx.request.header && ctx.request.header.token)) {
// init `id` and `isAdmin` outside of validation blocks
let id;
let isAdmin;
if (ctx.request && ctx.request.header && ctx.request.header.token) {
// find the token entry that match the token from the request
const [token] = await strapi.query('token').find({token: ctx.request.header.token});
if (!token) {
throw new Error(`Invalid token: This token doesn't exist`);
} else {
if (token.user && typeof token.token === 'string') {
id = token.user.id;
}
isAdmin = false;
}
//delete ctx.request.query.token;
}
}