简体繁体 English

反应：检查由前端验证的用户

[英]React: check user authenticated by the front-end

原文 2019-07-22 03:20:21 8 3 javascript/ reactjs/ laravel/ passport.js

How can I check if a token is true? 如何检查令牌是否为真？ I have an api with laravel passport and the front with react, the user puts email and password, the api checks and if you have user in the db it generates a token and stores it in the local storage, I have a private route, and for that I would need to know if the user is authenticated, the question is, how do I verify that the token is true? 我有一个带有laravel护照的api，前端有react，用户输入电子邮件和密码，api进行检查，如果您在数据库中有用户，它将生成一个令牌并将其存储在本地存储中，我有一条私有路由，并且为此，我需要知道用户是否已通过身份验证，问题是，如何验证令牌为真？ Previously I did a logic, but not worked, because if someone opened the console and put any value in the token, it returned true and the person was free to access the system. 以前我做过一个逻辑，但是没有用，因为如果有人打开控制台并将任何值放入令牌中，它就会返回true，并且该人可以自由访问系统。

I would use this function on my private route, if the user was authenticated I would release the route, so I would need to check on the front, if you have a better idea and can give me an example, thank you in advance! 我会在我的私有路由上使用此功能，如果用户通过了身份验证，我会释放该路由，因此，如果您有更好的主意并且可以举个例子，我需要在前面进行检查，谢谢！

3 个解决方案

I usually check the token to the back end server. 我通常将令牌检查到后端服务器。
So at the front end I use a component that send the token to the backend (usually at componentDidMount) if the response is true I will render the private component and if it is false I will use redirect to the login page. 因此，在前端，我使用一个将令牌发送到后端的组件（通常在componentDidMount上），如果响应为true，则将呈现私有组件，如果为false，则将使用重定向到登录页面。
This is the link https://reacttraining.com/react-router/web/example/auth-workflow 这是链接https://reacttraining.com/react-router/web/example/auth-workflow

无法从前端对令牌进行身份验证，前端可以将令牌保存在localStorage中，您需要在后端发送令牌以进行身份验证。

First of all understand the purpose of the problem. 首先了解问题的目的。 create logic that can used to validate the token. 创建可用于验证令牌的逻辑。 basically renew your token mean renew you session and the user has to refreshed with the latest data for the panel. 基本上更新令牌意味着更新会话，用户必须刷新面板的最新数据。

Token cannot be stored at the client side, it can be initiated and processed at client side but you must always validate, if system feels invalid make a force logout or make the session expired. 令牌不能存储在客户端，可以在客户端启动和处理，但是您必须始终进行验证，如果系统认为无效，请强制注销或使会话过期。

If you have a private route which navigate the user to another location make sure then add a additional to use the same token or generate a different token.create the route to check the flag and retrieve the existing token and utilize. 如果您有一条将用户导航到另一个位置的专用路由，请确保添加一个附加路由以使用相同的令牌或生成不同的令牌。创建路由以检查标志并检索现有令牌并加以利用。

Clear the existing one and create the new one to update the system. 清除现有的一个并创建新的一个以更新系统。 Front end only should have navigation path if validated only approve. 如果仅通过验证，则前端仅应具有导航路径。 No client side authentication. 没有客户端身份验证。