我一直想用nodejs建立一个后端应用程序,其中我有两个模式:用户和Profile。我试图使用护照来验证它,但似乎代码有问题。当我第一次执行的时候,它能正常工作,但之后我做了一些修改,好像我搞砸了,现在我无法找出我的代码有什么问题。现在当我在postman中执行登录路径后,我收到了一个token,但是当我使用这个token根据token中的payload获取当前用户的资料时,即使在头(Authorization)中添加了token,我也得到了未授权。
app.js
const express = require('express');
const bodyParser = require('body-parser');
const mongoose = require('./db/mongo');
const passport = require('passport')
const config = require('./config/config')
const setContentTypeJSON = require('./middleware/set-content-type-json');
const usersRouter = require('./routes/auth-routes');
const app = express();
app.use(setContentTypeJSON);
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
//Passport Middleware
app.use(passport.initialize())
require('./config/passport')(passport)
app.use(usersRouter);
const PORT = process.env.PORT || config.port;
mongoose.connect(config.mongoURL, { useNewUrlParser: true })
.then(() => {
console.log("Connection established!")
app.listen(PORT);
})
.catch(() => {
console.log("Connection failed!")
})
passport.js
const JwtStrategy = require('passport-jwt').Strategy;
const ExtractJwt = require('passport-jwt').ExtractJwt;
const mongoose = require('mongoose');
const User = mongoose.model('users');
const keys = require('../config/config');
const opts = {};
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
opts.secretOrKey = keys.secretOrKey;
module.exports = passport => {
passport.use(
new JwtStrategy(opts, (jwt_payload, done) => {
User.findById(jwt_payload.id)
.then(user => {
if (user) {
return done(null, user);
}
return done(null, false);
})
.catch(err => console.log(err));
})
);
};
auth.routes.js
const express = require('express');
const router = express.Router();
const passport = require('passport')
const jwt = require('jsonwebtoken')
const authController = require('../controllers/auth')
router.post("/signup", authController.userSignup);
router.post('/login', authController.userLogin);
router.get('/current', authController.current);
module.exports = router;
auth.js
const bcrypt = require('bcrypt');
const jwt = require('jsonwebtoken');
const passport = require('passport');
const config = require('../config/config');
const User = require('../models/user');
exports.userLogin = (req, res, next) => {
const email = req.body.email;
const password = req.body.password;
User.findOne({ email })
.then(user => {
if (!user) {
return res.status(404).json({
email: 'User not found'
})
}
bcrypt.compare(password, user.password)
.then(isMatch => {
if (isMatch) { //user login successful
const payload = {email: user.email, userId: user._id};
jwt.sign(payload,
config.secretOrKey,
{expiresIn: 3600},
(err,token)=>{
if(err){
res.status(404).json({
error: err
})
}
res.json({
success: true,
email: payload.email,
id: payload.userId,
token: 'Bearer '+token,
})
})
} else {
return res.status(400).json({
password: 'Password Incorrect'
});
}
})
});
}
exports.current = passport.authenticate('jwt',
{session: false}),(req,res)=>{
res.json(req.user)
}
如果你想参考一下我用来创建Schemas的两个模型文件,分别是。
User.js
const mongoose = require('mongoose')
const uniqueValidator = require('mongoose-unique-validator')
const userSchema = mongoose.Schema({
email: {type: String, required: true, unique: true},
password: {type: String,required: true} ,
resetToken: String,
resetTokenExpiration: Date
});
userSchema.plugin(uniqueValidator);
module.exports = mongoose.model("users",userSchema);
Profile.js
const mongoose = require('mongoose')
const Schema = mongoose.Schema;
const profileSchema = mongoose.Schema({
user:{
type: Schema.Types.ObjectId,
ref: 'users'
},
fullname: {
type: String,
required: true
},
college:{
type:String,
required: true
},
department: {
type: String,
required: true
},
achievements:{
type: [String],
}
});
module.exports = mongoose.model("profile",profileSchema);
任何帮助将是感激的
有一个小错误。在这里的auth.js文件中,我替换了以下内容
exports.current = passport.authenticate('jwt',{session: false}),(req,res)=>{
...
}
与
exports.current = (req,res)=>{
...
}
而在auth-routes.js文件中,我编辑了
router.get('/current',passport.authenticate('jwt',{session: false}),authController.current);
这是个错误,也许我需要再次修改我的es6基础知识。它的工作。