How to implement a mechanism for temporary access to a site or application?

R

RaidMilod2020-05-21 23:35:15

OAuth

RaidMilod, 2020-05-21 23:35:15

For example, there is a site with authorization, with roles and other necessary things, how to give certain users temporary access to the necessary information (for example, after payment) for a day or a week. Interested in the mechanism itself, so as not to fence possible crutches. Where to read about this at least approximately, Google gives me something completely wrong

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

M

McBernar, 2020-05-21
@McBernar

Well, I would just issue a token with expire in the period you need. And, accordingly, in closed routes, I checked the token for validity.
There is a wonderful jwt for express.

X

xmoonlight, 2020-05-21
@xmoonlight

Link collections of links (content groups) to user roles.
Take out such groups in a separate subsection.

I

Igor, 2020-05-22
@loonny

Suppose the client pays for 05/21/2020 access for 7 days, it turns out that the content will be available to him until the 28th. We turn 05/28/2020 into a timestamp and fix it in the database, for example, in the end_day column. When requesting a page, compare the current date with the end_day of the logged-in user, if end_day is greater, there is access, if it is less, there is no access. It is not even necessary to delete from the database later, because if he pays again, the operation will be repeated and the data in the database will simply be overwritten