我将NodeJs 12与Mongodb和Angular 8结合使用。我尝试在我的应用程序Heroku上进行部署。在本地,当我尝试通过登录名和密码进行连接时,它可以很好地工作,我将JWT存储在Cookie中,当我尝试进入受保护的路由时,它就起作用了,因为我抓住了我的cookie jwt。但是,当我在Heroku上部署此应用程序时,我可以使用jwt创建一个cookie,但是我不能进入受保护的路线。
怎么了?
app.js
app.get("/api/toto", checkAuth, (req, res) => {
res.status(200).json({ message: "Le route toto" });
});
check-auth.js
try {
const token = req.cookies.auth || req.headers.authorization.split(".")[1];
const decoded = jwt.verify(token, process.env.SECRET_KEY);
req.userData = { email: decoded.email, userId: decoded.userId };
next();
} catch (error) {
res.status(401).json({ message: "Auth failed!" });
}
auth-rotue.js
const token = await jwt.sign(
{
id: findUser._id,
prenom: findUser.prenom,
roles: findUser.roles,
email: findUser.email
},
process.env.SECRET_KEY,
{ expiresIn: 300000 }
);
res.cookie("auth", token, {
expires: new Date(Date.now() + 300000),
secure: true,
httpOnly: true
});
return res.status(200).json({
success: true,
token: token,
user: {
name: findUser.name,
email: findUser.email,
age: findUser.age,
roles: findUser.roles
},
expiresIn: 1200,
message: "Authentication is succesfull !"
});
token-interceptor.ts
intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
const token = this.tokenService.GetToken();
const headersConfig = {
'Content-Type': 'application/json'
};
if (token) {
headersConfig['Auth'] = `${token}`;
}
const _req = req.clone({ setHeaders: headersConfig, withCredentials: true });
return next.handle(_req);
}
auth-service.ts
private link = "yourlink";
private urlPostLogin = this.link + "/api/auth/login";
private protect = this.link + "/api/toto";
constructor(private http: HttpClient, private router: Router) {}
login(body): Observable<any> {
return this.http.post(this.urlPostLogin, body);
}
toto() {
return this.http.get<any>(this.protect);
}
token-service.ts
GetToken() {
return this.cookieService.get("auth");
}
SetToken(token) {
this.cookieService.set(
"auth",
token,
new Date(Date.now() + 300000),
"/",
"/",
true,
"None"
);
// this.cookieService.set("auth", token, new Date(Date.now() + 300000));
}
DeleteToken() {
this.cookieService.delete("auth");
}
GetPayload() {
const token = this.GetToken();
let payload;
if (token) {
console.log("jwt_decode(token): ", jwt_decode(token))
payload = jwt_decode(token);
}
return payload;
}
我发现,如何进入受保护的路由,在节点中,我对此进行了更改:
{
secure: false,
httpOnly: false
}