[英]Scope access passport-jwt
Can someone explain to me in detail why the route of /profile has access to the user object. 有人可以向我详细解释为什么/ profile的路由可以访问用户对象。 I'm currently learning JavaScript and NodeJS your answer will be a big help in my learning Thank you guys.
我目前正在学习JavaScript和NodeJS,您的回答将对我的学习有很大帮助。谢谢。
app.post('/login',function (req, res) {
let email = req.body.email;
let password = req.body.password;
User.getUserByEmail(email, (err, user) => {
if (err) throw err;
if (!user) {
return res.json({
success: false,
message: "User not found!"
});
}
User.comparePassword(password, user.password, (err, isMatch) => {
if (err) throw err;
if (isMatch) {
var token = jwt.sign(user.toJSON(), config.JWT_SECRET, {
expiresIn: '15m'
});
res.json({
success: true,
token: token,
user: {
id: user._id,
email: user.email
}
});
} else {
return res.json({
success: false,
message: "Password incorrect!"
});
}
})
});
});
app.get('/profile', passport.authenticate('jwt', {
session: false
}), (req, res) => {
res.json({user: req.user});
});
It is because your passport.authenticate()
call populates user
to req
. 这是因为您的
passport.authenticate()
调用会填充user
req
。
From passports.org: 从passports.org:
app.post('/login',
passport.authenticate('local'),
function(req, res) {
// If this function gets called, authentication was successful.
// `req.user` contains the authenticated user.
res.redirect('/users/' + req.user.username);
});
It is the same for your route, except your path and authentication method is different. 除了您的路径和身份验证方法不同外,其他路由都相同。
See the documentation for more info: http://www.passportjs.org/docs/authenticate/ 有关更多信息,请参见文档: http : //www.passportjs.org/docs/authenticate/
app.get
takes an url
and one or many callbacks with (req, res, next) => {}
as their signature app.get
函数采用一个url
和一个或多个以(req, res, next) => {}
为签名的回调 req
object and it will "propagate" to the next callbacks req
对象 ,它将“传播”到下一个回调 next
next
passport.authenticate('jwt', {sessions: false})
returns a callback , that's executed before you send the json
response. passport.authenticate('jwt', {sessions: false})
返回一个回调 ,该回调在发送json
响应之前执行。 req
object. req
对象中。 req
will "propagate" to the next callback. req
将“传播”到下一个回调。 And that's why when you send your json
response, it req
already contains the user
key json
响应时,它的req
已包含user
密钥
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.