Hello, I have a question regarding the custom events that can be made in the business logic:
Is it possible to find out which user is triggering the event? for example, if the event was triggered from an Android client, can I know if the user is logged in? or anonymous? However if it is not a built in feature, lets assume that I added the ‘BackendlessUser’ object in the arguments that are about to trigger the event. Is it possible to check , in the backend side, if that ‘BackendlessUser’ object is a real existing user with valid token?
Here is an example:
Let’s say this is code is running on my Android client:
HashMap args = new HashMap();
args.put( "currentUser", Backendless.CurrentUser() );
Backendless.Events.dispatch( "my_event", args, new AsyncCallback<Map>()
{
@Override
public void handleResponse( Map result )
{
System.out.println( "received result " + result );
}
@Override
public void handleFault( BackendlessFault backendlessFault )
{
System.out.println( "got error " + backendlessFault.toString()
);
}
});
Where in the backend I would have:
@BackendlessEvent( "my_event")
public class FooEventHandler extends CustomEventHandler
{
@Override
public Map handleEvent( RunnerContext context, Map eventArgs )
{
// add your code here
BackendlessUser user = (BackendlessUser) eventArgs.get("currentUser");
//TODO: Validate user
return Collections.emptyMap();
}
}
Now the real question here, is how do I validate the user in the backend. The reason I am asking this is for security, where I don’t want someone to somehow find the API keys of the app, and will simply be able to make anonymous API requests, so validating the user before preforming any changes is necessary.