Skip to content
Start building
Back

How to handle this situation

  • 0
  • Databases
  • Self Hosted
  • Web
View on Discord
nightwielder
19 Nov, 2023, 15:42

I have a collection of post, with an attribute called userId, where I keep the poster's ID. And the posts are made by calling

TypeScript
databases.createDocument(db, col, ID.unique(), {...data, userId: currentUser.$id}

This obviously sends a POST request to the Appwrite server but what worries me is, someone can use DevTools to mimic that request and put something else in the userId field, and it would seem as though someone else has posted that. What to do in this case?

TL;DR
The user wants to know if they can achieve the same functionality in a custom endpoint on a different server as they can with an Appwrite function endpoint. They provide code examples and explain that they want to prevent someone from spoofing the ID when making a post request to the server. They are concerned that someone may use DevTools to manipulate the `userId` field. The user is looking for guidance on how to handle this situation. Solution: To prevent someone from spoofing the ID, the user can authenticate the request by validating the user's credentials in the custom endpoint. This can be done by retrieving the headers from the request and getting the
D5
19 Nov, 2023, 15:43

With a function you can get the user that is triggering it so you prevent someone from spoofing the ID

nightwielder
19 Nov, 2023, 15:53

Thanks! With an Appwrite function endpoint, I can do that.

But can I also do the same in a custom endpoint in a different server? Here's what I want to do, in my web app:

TypeScript
// User is logged in
fetch("https://mycustomserver.com/", {method: 'POST', headers: 'SOME MAGIC'});

And in my server:

TypeScript
headers = request.get_headers()
user = users.get_from_cookies(headers['cookies'])

Something like this. I hope I'm clear.

D5
19 Nov, 2023, 16:23

No idea. I think best way is going with functions and their SDK

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more