I've been working on a NodeJs web application that uses APi's and a number of differently branded Front-end's for different sellers. Sellers can list their product by visiting appropriate Front-End.However I've hit a problem where there is no logic preventing sellers accessing other seller accounts. There are several API's that interact with the product, so an idea was to filter all API's against the seller ID to prevent the wrong seller accessing the wrong product. i.e When Seller A lists a product, an sellerID is recorded against product. So if Seller B tries to access the UpdateProducts API against Seller A product, their Login ID will not match the saved sellerID and it will be denied. I think this will work but checking access against every products sounds taxing.Are there any better way to do this ?
Submitted June 20, 2020 at 07:32PM by Orange-100
No comments:
Post a Comment