当我尝试访问 api/测试路由时,我被重定向到未经授权的部分。
// server.js
const express = require('express');
const passport = require('passport');
const LocalStrategy = require('passport-local').Strategy;
const bcrypt = require('bcrypt');
const session = require('express-session');
const app = express();
const port = 4000;
const cors = require('cors'); // Import the cors middleware
const jwt = require('jsonwebtoken');
// Mock user database
const users = [
{ id: 1, email: '[email protected]', password: '$2b$10$/qyCbk4xtySo4CZQIfwpbunxo1oNQ3.SBdd5uU1YgfhRoIVnDagcm' },
];
app.use(cors({ origin: 'http://localhost:4000', credentials: true }));
// Initialize Passport and express-session
app.use(session({
secret: 'your-secret',
resave: true,
saveUninitialized: true,
cookie: { secure: false }, // Set secure to false if not using HTTPS
}));
app.use(express.json());
app.use(passport.initialize());
app.use(passport.session());
// Configure Passport to use LocalStrategy
passport.use(
new LocalStrategy(
{
usernameField: 'email',
passwordField: 'password',
},
async (email, password, done) => {
const user = users.find((u) => u.email === email);
if (!user) {
return done(null, false, { message: 'Incorrect email or password' });
}
const passwordMatch = await bcrypt.compare(password, user.password);
if (!passwordMatch) {
return done(null, false, { message: 'Incorrect email or password' });
}
return done(null, user);
}
)
);
// Serialize and deserialize user
passport.serializeUser((user, done) => {
done(null, user.id);
});
passport.deserializeUser((id, done) => {
const user = users.find((u) => u.id === id);
done(null, user);
});
// JWT Secret Key (Change this to a more secure secret)
const JWT_SECRET_KEY = 'your-secret-key';
app.post('/api/login', (req, res, next) => {
passport.authenticate('local', (err, user) => {
if (err) {
return next(err);
}
if (!user) {
return res.status(401).json({ message: 'Incorrect email or password' });
}
// If authentication is successful, create a JWT token
const token = jwt.sign({ userId: user.id }, JWT_SECRET_KEY, { expiresIn: '1h' });
// console.log(token)
// Send the JWT token as a response
res.json({ message: 'Login successful', token });
})(req, res, next);
});
app.get('/api/test', (req, res) => {
console.log(req)
if (req.isAuthenticated()) {
res.json({ message: 'This is a test endpoint' });
} else {
res.status(401).json({ message: 'Unauthorized' });
}
});
app.listen(port, () => {
console.log(`Server is running on port ${port}`);
});
这是代码,我也得到了 req.isAuthenticated() 值 isAuthenticated: [Function (anonymous)],
我已经检查了身份验证中间件结构,并且当我在没有身份验证的情况下尝试使用该路由时,我也尝试过使用没有身份验证的路由。
在响应头中,我是这样解析的。 获取 {{baseUrl}}/api/test 授权:持有者@token
这段代码有什么问题吗?如果可能的话,有人可以帮助我吗?
通过
api/test
路线登录成功后,请确保访问/api/login
路线。这是因为您登录成功后,passport.js 将为您创建一个会话。因此,之后当您尝试访问 /api/test
路由时,req.isAuthenticated()
函数将验证会话并返回 true。
可能,您正在尝试在没有会话登录的情况下访问
api/test
路由,因此 req.isAuthenticated()
返回 false。