我无法访问express js中经过身份验证的路由

问题描述 投票:0回答:1

当我尝试访问 api/测试路由时,我被重定向到未经授权的部分。

// server.js
const express = require('express');
const passport = require('passport');
const LocalStrategy = require('passport-local').Strategy;
const bcrypt = require('bcrypt');
const session = require('express-session');
const app = express();
const port = 4000;
const cors = require('cors'); // Import the cors middleware
const jwt = require('jsonwebtoken');

// Mock user database
const users = [
  { id: 1, email: '[email protected]', password: '$2b$10$/qyCbk4xtySo4CZQIfwpbunxo1oNQ3.SBdd5uU1YgfhRoIVnDagcm' },
];

app.use(cors({ origin: 'http://localhost:4000', credentials: true }));

// Initialize Passport and express-session
app.use(session({ 
    secret: 'your-secret', 
    resave: true, 
    saveUninitialized: true,
    cookie: { secure: false }, // Set secure to false if not using HTTPS
}));
app.use(express.json());
app.use(passport.initialize());
app.use(passport.session());

// Configure Passport to use LocalStrategy
passport.use(
  new LocalStrategy(
    {
      usernameField: 'email',
      passwordField: 'password',
    },
    async (email, password, done) => {
      const user = users.find((u) => u.email === email);
      if (!user) {
        return done(null, false, { message: 'Incorrect email or password' });
      }
      const passwordMatch = await bcrypt.compare(password, user.password);
      if (!passwordMatch) {
        return done(null, false, { message: 'Incorrect email or password' });
      }
      return done(null, user);
    }
  )
);

// Serialize and deserialize user
passport.serializeUser((user, done) => {
  done(null, user.id);
});

passport.deserializeUser((id, done) => {
  const user = users.find((u) => u.id === id);
  done(null, user);
});

// JWT Secret Key (Change this to a more secure secret)
const JWT_SECRET_KEY = 'your-secret-key';

app.post('/api/login', (req, res, next) => {
    passport.authenticate('local', (err, user) => {
      if (err) {
        return next(err);
      }
      if (!user) {
        return res.status(401).json({ message: 'Incorrect email or password' });
      }
  
      // If authentication is successful, create a JWT token
      const token = jwt.sign({ userId: user.id }, JWT_SECRET_KEY, { expiresIn: '1h' });
      // console.log(token)
  
      // Send the JWT token as a response
      res.json({ message: 'Login successful', token });
    })(req, res, next);
});

app.get('/api/test', (req, res) => {
  console.log(req)
    if (req.isAuthenticated()) {
      res.json({ message: 'This is a test endpoint' });
    } else {
    res.status(401).json({ message: 'Unauthorized' });
  }
});

app.listen(port, () => {
  console.log(`Server is running on port ${port}`);
});

这是代码,我也得到了 req.isAuthenticated() 值 isAuthenticated: [Function (anonymous)],

我已经检查了身份验证中间件结构,并且当我在没有身份验证的情况下尝试使用该路由时,我也尝试过使用没有身份验证的路由。

在响应头中,我是这样解析的。 获取 {{baseUrl}}/api/test 授权:持有者@token

这段代码有什么问题吗?如果可能的话,有人可以帮助我吗?

node.js express passport.js express-jwt passport-jwt
1个回答
0
投票

通过

api/test
路线登录成功后,请确保访问
/api/login
路线。这是因为您登录成功后,passport.js 将为您创建一个会话。因此,之后当您尝试访问 
/api/test
路由时,
req.isAuthenticated()
函数将验证会话并返回 true。

可能,您正在尝试在没有会话登录的情况下访问 

api/test
路由,因此 
req.isAuthenticated()
返回 false。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.