我正在处理我的网络应用程序中与令牌相关的问题。我已经为用户登录和保护特定路由建立了 JSON Web Token (JWT) 身份验证。奇怪的是,尽管我在登录控制器中成功生成并设置了令牌,但尝试访问受保护的路由会在网络选项卡中触发“未经授权:未提供令牌”错误。虽然令牌和 cookie 在登录期间出现,但它们似乎在中间件阶段消失了。我可以使用一些指导来解决这个问题。我们将非常感谢您的帮助!
相关代码:
用户架构:
const mongoose = require("mongoose");
const validator = require("validator");
const bcrypt = require("bcryptjs");
const jwt = require("jsonwebtoken");
const userSchema = new mongoose.Schema({
//// other thing like name, email and password
tokens: [
{
token: {
type: String,
required: true,
},
},
],
carts: Array,
});
// password hasing
userSchema.pre("save", async function (next) {
if (this.isModified("password")) {
this.password = await bcrypt.hash(this.password, 12);
this.cpassword = await bcrypt.hash(this.cpassword, 12);
}
next();
});
// generting token
userSchema.methods.generateAuthToken = async function () {
try {
const token = jwt.sign({ _id: this._id }, process.env.JWT_SECRET, {
expiresIn: "1d",
});
this.tokens.push({ token });
await this.save();
return token;
} catch (error) {
console.log(error);
}
};
// addto cart data
userSchema.methods.addcartdata = async function (cart) {
try {
this.carts.push(cart);
await this.save();
return this.carts;
} catch (error) {
console.log(error + "Error while adding data to cart");
}
};
const User = new mongoose.model("USER", userSchema);
module.exports = User;
登录控制器:
const loginController = async (req, res) => {
try {
const { email, password } = req.body;
if (!email || !password) {
return res.status(400).json({ error: "Please fill in all the details" });
}
const user = await User.findOne({ email });
if (!user) {
return res.status(400).json({ error: "User not found" });
}
const isMatch = await bcrypt.compare(password, user.password);
if (!isMatch) {
return res.status(400).json({ error: "Invalid credentials" });
}
const token = await user.generateAuthToken();
console.log("Generated Token:", token); // Log the generated token
res.cookie("amazon", token, {
expires: new Date(Date.now() + 24 * 60 * 60 * 1000),
httpOnly: true,
});
console.log("Token Cookie Set:", token); // Log the token set in the cookie
res.status(200).json(user);
} catch (error) {
console.error("Error during login:", error);
res.status(500).json({ error: "An error occurred" });
}
};
中间件:
const jwt = require("jsonwebtoken");
const User = require("../models/userSchema");
const authenticate = async (req, res, next) => {
try {
const token = req.cookies.amazon;
if (!token) {
return res.status(401).send("Unauthorized: No token provided");
}
const verifyToken = jwt.verify(token, process.env.JWT_SECRET);
const rootUser = await User.findOne({
_id: verifyToken._id,
"tokens.token": token,
});
console.log("Token:", token);
console.log("verifyToken:", verifyToken);
if (!rootUser) {
throw new Error("User Not Found");
}
req.token = token;
req.rootUser = rootUser;
req.userID = rootUser._id;
next();
} catch (error) {
console.error("Authentication Error:", error);
res.status(401).send("Unauthorized: Invalid token");
}
};
module.exports = authenticate;
路线:
const express = require("express");
const {
registrationController,
loginController,
logoutController,
validationController,
getProductsController,
getproductoneController,
addtocartController,
cartDetailsController,
deletecartItemController,
} = require("../controller/Controller");
const authenticate = require("../middleware/authenticate");
const router = new express.Router();
// Routes
// Registration
router.post("/register", registrationController);
// Login
router.post("/login", loginController);
// Logout
router.get("/logout", authenticate, logoutController);
// Validate user
router.get("/validuser", authenticate, validationController);
// Get products
router.get("/getproducts", getProductsController);
// Get individual product data
router.get("/getproductsone/:id", getproductoneController);
// Add item to cart (protected by authenticate)
router.post("/addtocart/:id", authenticate, addtocartController);
// Get cart items (protected by authenticate)
router.get("/cartdetails", authenticate, cartDetailsController);
// Remove item from cart (protected by authenticate)
router.delete("/remove/:id", authenticate, deletecartItemController);
module.exports = router;
这就是您在身份验证中间件上获取 cookie 的方式
var cookie = getcookie(req);
//console.log(cookie);
function getcookie(req) {
var cookie = req.headers.cookie;
// user=someone; session=mySessionID
return cookie.split('; ');
}