创建 bcryptjs 和 JWT 助手

问题描述 投票:0回答:0

如何在 javascript 中创建 bcryptjs 和 JSON 网络令牌助手以及 app.js、路由器 index.js 和身份验证中间件

bcryptjs

const bcrypt = require("bcryptjs");

const salt = bcrypt.genSaltSync(10);

const hashPassword = (plainPassword) => {
  return bcrypt.hashSync(plainPassword, salt);
};

const comparePassword = (plainPassword, hashPassword) => {
  return bcrypt.compareSync(plainPassword, hashPassword);
};

module.exports = { hashPassword, comparePassword };

智威汤逊

const jwt = require("jsonwebtoken");
require("dotenv").config();

const SECRET = process.env.SECRET_KEY; // create .env and put in SECRET_KEY=...

const signToken = (payload) => {
  return jwt.sign(payload, SECRET);
};

const verifyToken = (token) => {
  return jwt.verify(token, SECRET);
};

module.exports = { signToken, verifyToken };

app.js

const express = require("express");
const cors = require("cors");
const app = express();
const port = 3000;

const router = require("./router/index");

app.use(cors());
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(router);

app.listen(port, () => {
  console.log(`Listening on port ${port}`);
});

路由器 index.js

const Controller = require("../controller/controller");
const errorHandler = require("../handler/errorHandler");
const authN = require("../middleware/auth");

const router = require("express").Router();

router.post("/register", Controller.register);
router.post("/login", Controller.login);

router.use(errorHandler);

module.exports = router;

authN 中间件

const { verifyToken } = require("../helper/jwt");

const { User } = require("../models/index");

const authN = async (req, res, next) => {
  try {
    const headers = req.headers.access_token;

    if (!headers) {
      throw {
        name: "unauthorized",
      };
    }

    const payload = verifyToken(headers);

    const user = await User.findByPk(payload.id);

    if (!user) {
      throw {
        name: "unauthorized",
      };
    }

    req.userData = {
      id: payload.id,
      email: payload.email,
    };

    next();
  } catch (error) {
    next(error);
  }
};

module.exports = authN;

授权

const authZ = async (req, res, next) => {
  try {
    // deconstruct userData from req from authN
    const { id, role } = req.userData;

    // get postId from params
    const postId = req.params.id;

    // find the post that wants to be deleted
    const currentPost = await Post.findByPk(postId);

    if (role.toLowerCase() !== "admin") {
      // if not admin, match post id
      if (currentPost.authorId === id) {
        return next();
      } else {
        // if id doesn't match
        throw {
          name: "unauthorized",
        };
      }
    }
    // if admin, authorized
    next();
  } catch (err) {
    next(err);
  }
};

module.exports = authZ;

这些代码用于在 javascript 中创建 bcryptjs 和 JSON 网络令牌助手以及 app.js、路由器 index.js 和身份验证中间件

课堂作业请忽略这个,除非你是我的教授 :)

javascript node.js express bcrypt
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.