Google-cloud-node: GCP Node.js How-To Guide contains conflicting information regarding app.yaml handlers
In the Security section of the Using app.yaml page (https://cloud.google.com/appengine/docs/flexible/nodejs/configuring-your-app-with-app-yaml#security), the documentation mentions that the handler script property is ignored and the handler login property is only used by Go, Python, and Java. In the Securing URLs for cron section of the Scheduling Jobs with cron.yaml page (https://cloud.google.com/appengine/docs/flexible/nodejs/scheduling-jobs-with-cron-yaml#Node.js_app_yaml_Securing_URLs_for_cron), the documentation instructs the user to use the handler login property to require admin access. This would seem to be at odds with the prior page. Is this property allowed? If not, how do you secure URLs?
bamapookie
All 5 comments
@jmdobry @jonparrott @JustinBeckwith any ideas?
stephenplusplus
on 8 Jun 2016
@JustinBeckwith can give an authoritative answer.
theacodes
on 8 Jun 2016
@JustinBeckwith Friendly ping!
stephenplusplus
on 20 Jun 2016
Yeah the docs are a little off here. The login and script properties won't do anything with node.js. Some of the features you're looking at only really make sense in the context of a runtime that's trying to be compatible with App Engine standard (like python, java, and go).
If you're trying to lock down an individual endpoint so only logged in users or admins can access a page, I'd suggest just using passportjs.
JustinBeckwith
on 21 Jun 2016
Thanks @JustinBeckwith. I'm going to close since this is a tracker for issues with our client library for the Google Cloud APIs. Feel free to continue discussing if you have any more questions @bamapookie.
stephenplusplus
on 21 Jun 2016
Related issues
charly37
路
3Comments
arbesfeld
路
4Comments
ddunkin
路
3Comments
jackzampolin
路
3Comments
sabrehagen
路
4Comments
Most helpful comment
@JustinBeckwith can give an authoritative answer.