瞄准镜通行证-jwt
[英]Scope access passport-jwt
问题描述
Can someone explain to me in detail why the route of /profile has access to the user object. 
有人可以向我详细解释为什么/ profile的路由可以访问用户对象。 I'm currently learning JavaScript and NodeJS your answer will be a big help in my learning Thank you guys. 我目前正在学习JavaScript和NodeJS,您的回答将对我的学习有很大帮助。谢谢。
app.post('/login',function (req, res) {
let email = req.body.email;
let password = req.body.password;
User.getUserByEmail(email, (err, user) => {
if (err) throw err;
if (!user) {
return res.json({
success: false,
message: "User not found!"
});
}
User.comparePassword(password, user.password, (err, isMatch) => {
if (err) throw err;
if (isMatch) {
var token = jwt.sign(user.toJSON(), config.JWT_SECRET, {
expiresIn: '15m'
});
res.json({
success: true,
token: token,
user: {
id: user._id,
email: user.email
}
});
} else {
return res.json({
success: false,
message: "Password incorrect!"
});
}
})
});
});
app.get('/profile', passport.authenticate('jwt', {
session: false
}), (req, res) => {
res.json({user: req.user});
});
2 个解决方案
解决方案1
0 2019-02-27 21:16:39
It is because your passport.authenticate() call populates user to req . 这是因为您的passport.authenticate()调用会填充user req 。
From passports.org: 从passports.org:
app.post('/login',
passport.authenticate('local'),
function(req, res) {
// If this function gets called, authentication was successful.
// `req.user` contains the authenticated user.
res.redirect('/users/' + req.user.username);
});
It is the same for your route, except your path and authentication method is different. 除了您的路径和身份验证方法不同外,其他路由都相同。
See the documentation for more info: http://www.passportjs.org/docs/authenticate/ 有关更多信息,请参见文档: http : //www.passportjs.org/docs/authenticate/
解决方案2
0 2019-02-27 21:16:55
Some background 一些背景
- The function
app.gettakes anurland one or many callbacks with(req, res, next) => {}as their signatureapp.get函数采用一个url和一个或多个以(req, res, next) => {}为签名的回调 - The callbacks are executed one after the other. 回调依次执行。 In anyone of these callbacks you can modify the
reqobject and it will "propagate" to the next callbacks在任何这些回调中, 您都可以修改req对象 ,它将“传播”到下一个回调 - To switch from a callback to the next one, you call
next要从回叫切换到下一个回叫,请致电next
In your case 就你而言
- The call to
passport.authenticate('jwt', {sessions: false})returns a callback , that's executed before you send thejsonresponse.调用passport.authenticate('jwt', {sessions: false})返回一个回调 ,该回调在发送json响应之前执行。 - That callback itself athenticates the user, then "inject" its value into the
reqobject.回调本身使用户着迷 ,然后将其值“注入”到req对象中。 - As I mentioned before, this
reqwill "propagate" to the next callback.如前所述,此req将“传播”到下一个回调。 And that's why when you send yourjsonresponse, itreqalready contains theuserkey这就是为什么当您发送json响应时,它的req已包含user密钥
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.