我有一个前端 localhost:3000/Login。单击按钮,它会重定向到后端 localhost:8080/auth 以处理 google OAUTH2。身份验证后,我在 cookie 和会话中设置 accessToken 并重定向到前端 localhost:3000/Home。
由于某种原因,在将来调用我的后端时,它说我的 accessToken 未定义。所以它正确地设置了它们,然后它们由于某种原因消失了?我的 accessToken 理想情况下仅存储在后端。
这是我的index.js 文件(入口点),我在其中定义我的 cors 策略:
const io = new Server(server, {
cors: {
origin: "http://localhost:3000",
methods: ["GET", "POST"],
credentials: true,
},
});
var corsOptions = {
origin: "*",
credentials: true,
};
const loginroute = require("./routes/auth"); //import routing from routes/login
const youtubeRoutes = require("./routes/youtube")(io);
app.use(cors(corsOptions));
//app.use(cors)
这是我的 auth.js 文件,我在成功身份验证时设置了 cookie:
router.get("/success", (req, res) => {
console.log("access: ", req.user.accessToken);
// Save accessToken in session
req.session.accessToken = req.user.accessToken;
console.log("session object:", req.session.accessToken);
console.log("myVal", req.isAuthenticated());
res.cookie("accessToken", req.user.accessToken, { maxAge: 24 * 60 * 60 * 1000 }); // 1 day
//Note the above line does work properly ^^
console.log("Cookie set!");
console.log(req.cookies.accessToken);
console.log("saving refreshToken.. ");
console.log(req.user);
res.cookie("refreshToken", req.user.refreshToken, { maxAge: 24 * 60 * 60 * 1000 }); // 1 day
res.redirect(
"http://localhost:3000/Project/YoutubeApp/Home?accessToken=" + req.session.accessToken
);
});
这是我的 youtube.js 文件的一部分,其中我的 cookie 未定义:
async function verifyToken(req, res, next) {
//everything below is blank {} or undefined for console.logs
console.log("do I have a token: ", req.cookies.accessToken); //accessToken is not stored at this point for some reason
console.log("do I have a token2: ", JSON.stringify(req.cookies)); //accessToken is not stored at this point for some reason
console.log("do I have a token3: ", JSON.stringify(req.session.accessToken)); //accessToken is not stored at this point for some reason
const token = req.headers.authorization.split(" ")[1];
//token = null;
if (!token) {
return res.status(401).json({ error: "Missing token" });
}
try {
console.log("my token is: ", token);
console.log("my headers are: ", req.headers);
const response = await axios.get(
`https://oauth2.googleapis.com/tokeninfo?access_token=${token}`
);
const tokenInfo = response.data;
// Check if the token is valid
if (!tokenInfo.error) {
// Token is valid, proceed as before
req.tokenInfo = tokenInfo;
next();
} else {
// Token is invalid, refresh the token
console.log("TESTINGINGG: " + response.data);
const refreshedToken = await refreshAccessToken(req.cookies.refreshToken);
console.log("Old accessToken: ", accessToken);
if (!refreshedToken) {
console.log("INVALID-Token on backend");
return res.status(401).json({ error: "Invalid token" });
}
req.tokenInfo = {
...tokenInfo,
access_token: refreshedToken,
};
next();
}
} catch (error) {
console.error("Error verifying token:", error);
return res.status(500).json({ error: "Internal server error" });
}
}
我尝试按照网络选项卡进行操作,看起来它在 cookie 中正确设置了它们,但是当它重定向到前端时,我再也看不到 localhost:8080 的 cookie。仅本地主机:3000。 (然而,cookie 设置为 localhost:3000。我觉得很奇怪)。
我可能有点误解网络选项卡,但无论哪种方式,任何答案都会非常有帮助!要么回答我做错了什么,要么回答我误解了重定向/cookie 设置及其实际工作?
提前谢谢您!
p.s 我知道这类似于:重定向后 Cookie 消失
但我似乎无法解决我的问题。