我不知道如何进行这项工作。我有两个文件,permissionCtrl.js
和tokenCtrl.js
。我正在使用nJWT,Node.js / Express.js,Sequelize和Postgres。
许可文件包含链接到令牌文件的hasPermission
函数。 hasPermission函数应该检查在令牌文件中生成的令牌,并返回成功回调的结果或下面显示的消息的403响应。成功后,它将根据用户的角色和访问级别向用户授予对安全路由的访问权限。请注意,tokenCtrl.hasPermission.js
已导入到此文件。
hasPermission.js
exports.hasPermission = (req, res, permission, success) => {
const token = req.get('Authorization');
const hasPermission = tokenCtrl.hasPermission(token, permission); //tokenCtrl.hasPermission not a function error here
console.log('permission', permission);
if (hasPermission) {
return success();
} else {
res.status(403);
return res.json({
error: {
status: 403,
message: 'Unauthorized',
},
});
}
};
tokenCtrl.js
const nJwt = require('njwt');
const secureRandom = require('secure-random');
const signingKey = secureRandom(512, {type: 'Buffer'}); // Create a highly random byte array of 256 bytes
const base64SigningKey = signingKey.toString('base64');
const claims = {
iss: "mysite.com", // The URL of your service
sub: "users/user1234", // The UID of the user in your system
scope: "user, admins"
};
module.exports = {
// Returns token
getToken: (claims, signingKey) => {
const jwt = nJwt.create(claims, signingKey, 'HS512');
console.log(jwt);
const token = jwt.compact();
console.log("Token :" + token);
return (token);
},
// Returns result of token validation
validateToken: (token, signingKey) => {
nJwt.verify(token, signingKey, 'HS512', function(err, verifiedJwt){
if(err){
console.log(err); // Token has expired, has been tampered with, etc
}else{
console.log(verifiedJwt); // Will contain the header and body
}
return (verifiedJwt);
});
},
token_post: (req, res) => {
res.send(this.validateToken(req.header.Authorization, signingKey));
},
getSecret: () => {
const secret = require('../config/secret.json').secret;
console.log('secret', secret);
return secret;
},
hasPermission: (token, resource) => {
const result = this.validateToken(token, signingKey); //this.validateToken not a function error here
console.log(result);
if (result.name === 'JsonWebTokenError') {
return false;
} else if (result.permissions) {
let permissionSet = new Set(result.permissions);
console.log('permissions in token', JSON.stringify(permissionSet));
return permissionSet.has(resource);
} else {
return false;
}
}
}
错误
this.validateToken不是此处的函数错误,如代码注释所示
tokenCtrl.hasPermission不是函数错误,如代码注释中所示
注意:tokenCtrl
文件中的getSecret函数正在被其他文件使用。
您在this
如何绑定箭头功能方面犯规。先前的函数在其内部范围内创建了一个新的空this
,在箭头函数this
中将其绑定到封闭范围。因为您是在导出对象中声明函数,所以您可能希望this
绑定到封闭的对象,但没有。
我建议只声明您的函数,然后将它们添加到导出中。这样,您可以避免使用this
,而只需调用validateToken函数。
const validateToken = (token, signingKey) => {
nJwt.verify(token, signingKey, 'HS512', function(err, verifiedJwt){
if(err){
console.log(err); // Token has expired, has been tampered with, etc
}else{
console.log(verifiedJwt); // Will contain the header and body
}
return (verifiedJwt);
});
};
const hasPermission = (token, resource) => {
const result = validateToken(token, signingKey); //this.validateToken not a function error here
console.log(result);
if (result.name === 'JsonWebTokenError') {
return false;
} else if (result.permissions) {
let permissionSet = new Set(result.permissions);
console.log('permissions in token', JSON.stringify(permissionSet));
return permissionSet.has(resource);
} else {
return false;
}
};
module.exports = {
vaildiateToken,
hasPermission
}