我正在尝试使用get request
将bearer token
发送到受保护的路由,并且即使在通过标头发送令牌之后它也会返回unautorized
。
我在节点js中使用bearer token,使用mlab远程数据库表达js app我注册了新用户,然后我使用该电子邮件登录并向我发送了一个令牌(如预期的那样)。
当我通过其他路线的标题发送此令牌而没有登录时,它返回Unautorized
。
我的步骤是
1)使用新邮件注册
2)登录请求成功
3)失败的qazxsw poi路线qazxsw poi,并返回Unauthorized。
get request
localhost:5000/api/users/current
文件有
数据成功存储在远程db user.js
,但我无法弄清楚是什么问题。 // users.js for authentication and authorization
const express = require("express");
const router = express.Router();
const gravatar = require("gravatar");
const bcrypt = require("bcryptjs");
const keys = require("../../config/keys");
const jwt = require("jsonwebtoken");
const passport = require("passport");
// Load User Model to check existing email is used for registration or not?
const User = require("../../models/User");
// @route GET request to api/users/test
// @description Tests users route
// @access Public, without login
router.get("/test", (req, res) => res.json({ msg: "Users Works" }));
// @route GET request to api/users/register
// @description new registration of user.
// @access Public, without login first register
router.post("/register", (req, res) => {
User.findOne({ email: req.body.email }).then(user => {
if (user) {
return res.status(400).json({ email: "Email value exists already." });
} else {
console.log("no user found of this email in DB");
const avatar = gravatar.url(req.body.email, {
s: "200", //Size of gravatar in pixels
r: "pg", //rating,
d: "mm" //default value= 'mm'
});
// create user
const newUser = new User({
name: req.body.name,
email: req.body.email,
avatar,
password: req.body.password
});
// gensalt(noOfSalts_of_Iterations,(err,salt_result)=>{})
bcrypt.genSalt(10, (err, salt) => {
// hash(plaintext,salt,callback(err,resultant ciphertext))
bcrypt.hash(newUser.password, salt, (err, hash) => {
if (err) {
console.log("error in bcrypt.hash()");
throw err;
}
//assign salted hash to password
newUser.password = hash;
// Save new password in datebase, overriding plaintext;
newUser
.save()
.then(user => res.json(user)) // if yes,then send it as argument in brackets.
.catch(err =>
console.log("Error occured in saving hash password in DB\n")
);
});
});
}
});
});
// @route GET request to api/users/login
// @description Login/signing-in registered user. return JWT token
// @access Public
router.post("/login", (req, res) => {
const email = req.body.email;
const password = req.body.password;
// find user to match it's password
User.findOne({ email: req.body.email }).then(user => {
//check if no user
if (!user) {
return res.status(404).json({ email: "User's email found." });
}
// else if do this..
// if user's email-id is found then match it's password-hash with local-database
bcrypt.compare(password, user.password).then(isMatch => {
if (isMatch) {
// user pswd matched => then return JWT token back for authentication
// res.json({ msg: "Success" });
const payload = { it: user.id, name: user.name, avatar: user.avatar };
// created JWT token
// now sign token
// jwt.sign(payload, secretKey, expire-time, callback );
// jwt.sign
jwt.sign(
payload,
keys.secretOrKey,
{ expiresIn: 3600 },
(err, token) => {
res.json({
success: true,
token: "bearer " + token
});
}
);
} else {
// pswd doesn't matched
return res.status(400).json({ password: "Password didn't match" });
}
});
});
});
// @route GET request to api/users/current - current user with token
// @description Return current user
// @access Private, can't go without login
router.get(
"/current",
passport.authenticate("jwt", { session: false }),
(req, res) => {
res.json({ msg: "Success" });
}
);
module.exports = router;
我对这个项目的Github回购是mlab
请查看代码行Users.js第88行,有效负载ID存储在'it'中
但在你的passport.js
this
你正在通过id解压缩它,所以如果你在这里使用jwt_payload.it,你将获得消息成功