我目前正在使用/学习 Json Web 令牌,并学习如何在未来的应用程序中实现受保护的路由,因为我正在关注“学习 Mern Stack”youtube 视频。我正在使用 Postman,当我为我的应用程序创建一个新的时,它也会创建一个令牌,当我以该用户身份登录时,我的代码仍然有效,并且我得到了相同的令牌,但是当我尝试输入该令牌时作为不记名令牌,它会出现错误。我发现的是:
const express = require("express");
const router = express.Router();
const {
registerUser,
loginUser,
getMe,
} = require("../controllers/userController.js");
const { protect } = require("../middleware/authMiddleware.js");
router.post("/", registerUser);
router.post("/login", loginUser);
router.get("/me", protect, getMe);
module.exports = router;
const jwt = require("jsonwebtoken");
const asyncHandler = require("express-async-handler");
const User = require("../models/userModel");
const protect = asyncHandler(async (req, res, next) => {
let token;
if (
base64.RawURLEncoding.req.headers.authorization &&
base64.RawURLEncoding.req.headers.authorization.startsWith("Bearer")
) {
try {
// Get token from header
token = req.headers.authorization.split(" ")[1];
// Verify token
const decoded = jwt.verify(token, process.env.JWT_SECRET);
// Get user from the token
req.user = await User.findById(decoded.id).select("-password");
next();
} catch (error) {
console.log(error);
res.status(401);
throw new Error("Not authorized");
}
}
if (!token) {
res.status(401);
throw new Error("Not authorized, no token");
}
});
module.exports = { protect };
const jwt = require("jsonwebtoken");
const bcrypt = require("bcryptjs");
const asyncHandler = require("express-async-handler");
const User = require("../models/userModel");
// @desc Register new user
// @route POST /api/users
// @access Public
const registerUser = asyncHandler(async (req, res) => {
const { name, email, password } = req.body;
if (!name || !email || !password) {
res.status(400);
throw new Error("Please add all fields");
}
// Check if user exists
const userExists = await User.findOne({ email });
if (userExists) {
res.status(400);
throw new Error("User already exists");
}
// Hash password
const salt = await bcrypt.genSalt(10);
const hashedPassword = await bcrypt.hash(password, salt);
// Create user
const user = await User.create({
name,
email,
password: hashedPassword,
});
if (user) {
res.status(201).json({
_id: user.id,
name: user.name,
email: user.email,
token: generateToken(user._id),
});
} else {
res.status(400);
throw new Error("Invalid user data");
}
});
// @desc Authenticate a user
// @route POST /api/users/login
// @access Public
const loginUser = asyncHandler(async (req, res) => {
const { email, password } = req.body;
// Check for user email
const user = await User.findOne({ email });
if (user && (await bcrypt.compare(password, user.password))) {
res.json({
_id: user.id,
name: user.name,
email: user.email,
token: generateToken(user._id),
});
} else {
res.status(400);
throw new Error("Invalid credentials");
}
});
// @desc Get user data
// @route GET /api/users/me
// @access Private
const getMe = asyncHandler(async (req, res) => {
res.status(200).json(req.user);
});
// Generate JWT
const generateToken = (id) => {
return jwt.sign({ id }, process.env.JWT_SECRET, {
expiresIn: "30d",
});
};
module.exports = {
registerUser,
loginUser,
getMe,
};