Angular 拦截器 - 如果刷新令牌拦截器失败,我如何注销?
[英]Angular interceptor - how do I logout if refresh token interceptor fails?
问题描述
Info
信息
I am creating an interceptor to use my refresh token to update my access token if I get a 401. The workflow looks like this now:如果我得到 401,我正在创建一个拦截器来使用我的刷新令牌来更新我的访问令牌。 现在的工作流程如下所示:
Sends request > gets 401 > sends refresh request > updates access token > sends new request发送请求 > 获取 401 > 发送刷新请求 > 更新访问令牌 > 发送新请求
I am currently working with promises instead of observables.我目前正在使用 promises 而不是 observables。
Question题
How do I logout if the last request fails?如果最后一个请求失败,我如何注销?
Sends request > gets 401 > sends refresh request > updates access token > sends new request > fails > log out发送请求 > 获取 401 > 发送刷新请求 > 更新访问令牌 > 发送新请求 > 失败 > 注销
I have a simple method for logging out, but I cannot find where to put it within the interceptor.我有一个简单的注销方法,但我找不到将它放在拦截器中的位置。
Code代码
export class RefreshInterceptor implements HttpInterceptor {
currentUser: User | null = null;
private isRefreshing = false;
private refreshTokenSubject: BehaviorSubject<any> = new BehaviorSubject<any>(
null
);
constructor(private authenticationService: AuthenticationService) {
this.authenticationService.currentUser.subscribe(
user => (this.currentUser = user)
);
}
intercept(
request: HttpRequest<any>,
next: HttpHandler
): Observable<HttpEvent<any>> {
return next.handle(request).pipe(
catchError(error => {
// check if user is signed in
if (!this.currentUser) {
return throwError(error);
}
// handle only 401 error
if (error instanceof HttpErrorResponse && error.status === 401) {
return from(this.handle401Error(request, next));
} else {
return throwError(error);
}
})
);
}
/**
* Adds the new access token as a bearer header to the request
* @param request - the request
* @param token - the new access token
*/
private async addToken(request: HttpRequest<any>, token: string) {
const currentUser = this.authenticationService.currentUserValue;
if (currentUser && currentUser.accessToken) {
return request.clone({
setHeaders: {
Authorization: `Bearer ${token}`
}
});
}
return request;
}
private async handle401Error(request: HttpRequest<any>, next: HttpHandler) {
// check if it is currently refreshing or not
if (!this.isRefreshing) {
this.isRefreshing = true;
this.refreshTokenSubject.next(null);
// send refresh request
const token = await this.authenticationService.getRefresh();
// update bearer token
const newRequest = await this.addToken(request, token);
// update values for next request
this.isRefreshing = false;
this.refreshTokenSubject.next(token);
return next.handle(newRequest).toPromise();
} else {
const token = this.refreshTokenSubject.value();
const newRequest = await this.addToken(request, token);
return next.handle(newRequest).toPromise();
}
}
}
1 个解决方案
解决方案1
0 已采纳 2020-02-19 09:06:20
I solved it with the following approach:我用以下方法解决了它:
- Modified the header of the outgoing, changed request (added a retry header so that I could identify it later).修改了传出的、更改的请求的标头(添加了重试标头,以便我以后可以识别它)。
- Created a new interceptor for logout为注销创建了一个新的拦截器
- Looked for a request with the retry header.寻找带有重试标头的请求。 Signed that request out.签署了该请求。
Refresh token interceptor刷新令牌拦截器
if (currentUser && currentUser.accessToken) {
return request.clone({
setHeaders: {
Authorization: `Bearer ${token}`,
Retry: "true"
}
});
}
Logout interceptor注销拦截器
@Injectable()
export class LogoutInterceptor implements HttpInterceptor {
constructor(private authenticationService: AuthenticationService) {}
intercept(
request: HttpRequest<any>,
next: HttpHandler
): Observable<HttpEvent<any>> {
return next.handle(request).pipe(
catchError(error => {
// handle only 401 error
if (error instanceof HttpErrorResponse && error.status === 401) {
from(this.handleRequest(request));
return throwError(error);
}
return next.handle(request);
})
);
}
private async handleRequest(request: HttpRequest<any>) {
const isRetriedRequest = request.headers.get("retry");
if (isRetriedRequest) {
await this.authenticationService.logout();
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.