[英]Node-Express What's the process in JWT authentication?
我目前正在使用jet來驗證用戶身份。 在我的user.routes中,我還有一個router.param()來加載用戶並將其附加到請求中。 GET user /:userId上的jet控件是否還在保護router.param()負載(檢查是否在以前進行?),或者還應該保護router.param()?
問題是JWT將req.user設置為:
{ username: 'johndoe', iat: 1496329757 }
並且router.param()正在搜索,並且也應該將用戶加載到req.user中! 但這不...
如果我在addRole函數的開頭調試req?user,我仍然會得到
{ username: 'johndoe', iat: 1496329757 }
注意:不確定標題是否正確反映了我的問題...建議歡迎
user.route.js
import express from 'express';
import expressJwt from 'express-jwt';
import validate from 'express-validation';
import paramValidation from '../../../config/param-validation';
import userCtrl from '../controllers/user.controller';
import config from '../../../config/config';
const router = express.Router(); // eslint-disable-line new-cap
...
/** GET /api/users/:userId - Get user */
router.route('/:userId')
/** GET /api/users/:userId - Get user */
.get(expressJwt({ secret: config.jwtSecret }), userCtrl.get);
...
/** Load user when API with userId route parameter is hit */
router.param('userId', userCtrl.load);
user.controller.js
import httpStatus from 'http-status';
import APIError from '../../helpers/APIError';
import User from '../../models/user.model';
/**
* Load user and append to req.
*/
function load(req, res, next, id) {
User.get(id)
.then((user) => {
req.user = user; // eslint-disable-line no-param-reassign
next();
})
.catch((e) => {
if (e.name === 'CastError') {
const err = new APIError('Cast Error', httpStatus.BAD_REQUEST, true);
next(err);
} else {
const err = new APIError('User not found', httpStatus.NOT_FOUND, true);
next(err);
}
});
}
我解決了這個問題,修改了控制器中的load()函數:
function load(req, res, next, id) {
User.get(id)
.then((user) => {
req.userData = user; // eslint-disable-line no-param-reassign
next();
})
使用Passport與Node-Express和MongoDB進行套接字IO身份驗證的案例
[英]A Case of Socket IO authentication using Passport with Node-Express and MongoDB
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.