CSRF 令牌和 Nuxt-auth
[英]CSRF token and Nuxt-auth
问题描述
I'm now trying to code a login functionality using nuxt-auth .
我现在正在尝试使用nuxt-auth编写登录功能。
I've got a FastAPI server that is set to work with HTTPOnly cookies, thus it needs a csrf token for throwing a user to my client.我有一个 FastAPI 服务器,它设置为与 HTTPOnly cookies 一起使用,因此它需要一个 csrf 令牌来将用户扔给我的客户端。 I can't handle the token because it's HTTPOnly so no LocalStorage我无法处理令牌,因为它是 HTTPOnly 所以没有 LocalStorage
Login works fine but I can't manage to get the stored user.登录工作正常,但我无法获得存储的用户。 I made that after request to my /login endpoint, Nuxt also requests a user on /me endpoint.我在向我的/login端点发出请求后,Nuxt 还请求/me端点上的用户。 But I'm getting the 401 response and但是我收到了 401 响应
Missing cookie access_token_cookie
error on /me . /me上的错误。 I don't know how to handle it.我不知道如何处理它。
my login request method我的登录请求方法
async userLogin() {
await this.$auth.loginWith('cookie', {
data: `grant_type=&username=${this.emailInput}&password=${this.passwordInput}&scope=&client_id=&client_secret=&`,
method: 'POST',
headers: {'Content-Type': 'application/x-www-form-urlencoded'},
})
await this.$router.push('/account')
}
I read that nuxt-auth is bad at cookie patterns but the post was from 2018 and we have a 'cookie' strategy now.我读到 nuxt-auth 不擅长 cookie 模式,但该帖子来自 2018 年,我们现在有一个“cookie”策略。 So is there a workaround of it's better to handle authentication manually?那么有没有更好的手动处理身份验证的解决方法?
my auth key in nuxt.config.js我在nuxt.config.js中的auth密钥
auth: {
strategies: {
cookie: {
endpoints: {
login: {
url: "/api/v1/login/login",
method: "post",
withCredentials: true
},
logout: { url: "/api/v1/login/logout", method: "post" },
user: {
url: "/api/v1/users/me",
method: "get"
}
},
tokenType: "bearer"
}
}
}
1 个解决方案
解决方案1
0 2021-12-28 08:53:53
I have a working http-only cookie based setup on Nuxt + Django.我在 Nuxt + Django 上有一个基于 http-only cookie 的工作。
My Nuxt application reverse proxies API requests to backend.我的 Nuxt 应用程序反向代理 API 请求到后端。 So, it can read cookies on server side.因此,它可以在服务器端读取 cookies。
So, I create auth-ssr.ts middleware to check is user loggedIn所以,我创建了auth-ssr.ts中间件来检查用户是否登录
import { Context, Middleware } from '@nuxt/types'
import { parse as parseCookie } from 'cookie' // this is lib https://github.com/jshttp/cookie
/**
* This middleware is needed when running with SSR
* it checks if the token in cookie is set and injects it into the nuxtjs/auth module
* otherwise it will redirect to login
* @param context
*/
const authMiddleware: Middleware = async (context: Context) => {
if (process.server && context.req.headers.cookie != null) {
const cookies = parseCookie(context.req.headers.cookie)
const token = cookies['session'] || '' // here your cookie name
if (token) {
context.$auth.$state.loggedIn = true
}
}
}
export default authMiddleware
And here my nuxt.config.js这里是我的nuxt.config.js
auth: {
strategies: {
cookie: {
user: {
property: 'user',
},
endpoints: {
login: {
url: '/api/v2/auth/login/',
method: 'post',
},
user: {
url: '/api/v2/auth/user/',
method: 'get',
},
logout: {
url: '/api/v2/auth/logout/',
method: 'post',
},
},
},
},
redirect: {
login: '/login',
},
plugins: ['@plugins/axios.ts'],
},
router: {
middleware: ['auth-ssr', 'auth'],
},
// Axios module configuration: https://go.nuxtjs.dev/config-axios
axios: {
proxy: true,
},
proxy: {
'/api': {
target: 'https://backend.com/',
},
},
...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.