JsonWebTokenError: jwt 格式錯誤

Question

我想制作一個中間件來檢查用戶。 我為此使用 JWT 和 cookies 。 我檢索了 cookie 並對其進行了解密（它已在登錄 controller 函數中加密）。 然后我使用了 jwt.verify()。 但我收到此錯誤消息：JsonWebTokenError: jwt 格式錯誤。 我已經看到這可能意味着令牌不是“正確格式”的令牌。 但我無法弄清楚。

檢查用戶 function：

exports.checkUser = async(req, res, next) => {
    const cryptedToken = req.cookies.snToken;
    console.log("cryptedToken01", cryptedToken); //displays a string consists of 3 parts, separated by / 
    const token = cryptojs.AES.decrypt(cryptedToken, process.env.COOKIE_KEY).toString();
    console.log("token01", token); // displays a longer monolithic string

    if (token) {
        jwt.verify(token, process.env.COOKIE_KEY, async(err, verifiedJwt) => {
            if (err) { 
                console.log("err inside jwt verify", err); // displays an error mesassage (JsonWebTokenError: jwt malformed)
                console.log("res.locals", res.locals); //displays res.locals [Object: null prototype] {}
                res.locals.user = null;
                res.cookie("snToken", "", { maxAge: 1 });
                next();
            } else {
                let user = await User.findByPk(verifiedJwt.userId);
                res.locals.user = user;
                next();
            }
        });
    } else { 
        res.locals.user = null;
        next();
    }
};

我的登錄 function：

exports.login = async(req, res) => {
    try {
        const user = await User.findOne({ where: { email: req.body.email } });
        if (!user) {
            return res.status(403).send({ error: 'The login information (email) is incorrect!' });
        }
        bcrypt
            .compare(req.body.password, user.password)
            .then((isPasswordValid) => {
                if (!isPasswordValid) {
                    return res.status(403).send({ error: 'The login information (pwd) is incorrect!' });
                } else {
                    const newToken = jwt.sign(
                        { userId: user.id },
                        process.env.COOKIE_KEY, { expiresIn: "24h" }
                    );
                    const newCookie = { token: newToken, userId: user.id };
                    const cryptedToken = cryptojs.AES.encrypt(JSON.stringify(newCookie), process.env.COOKIE_KEY).toString();
                        res.cookie('snToken', cryptedToken, {
                        httpOnly: true,
                        maxAge: 86400000
                    });

                    //res.status(200).send({ message: 'The user is successfully connected!', data: user });
                    res.status(200).send({ message: 'The user is successfully connected!', data: user, cryptedToken: cryptedToken });
                }
            });
    } catch (error) {
        res.send({ error: 'An error has occured while trying to log in!' });
    }
}

在我的 app.js 中調用這些中間件：

app.get('*', checkUser);

Answer 1

In your current code, you get a Hex encoded ASCII string after decryption 7b22746f6b656e223a2265794a68624763694f694a49557a49314e694973496e523563434936496b705856434a392e65794a3163325679535751694f6a45314c434a70595851694f6a45324e4445314e6a45324d545173496d5634634349364d5459304d5459304f4441784e48302e693670564f486443473456445154362d3749644545536f326251467765394d4b34554a316f363676564334222c22757365724964223a31357d , which contains your cookie as a stringified JSON.

解密后不要使用toString() ，而是執行以下操作，這將恢復您的 cookie object：

const bytes = cryptojs.AES.decrypt(cryptedToken, process.env.COOKIE_KEY)

const cookie = JSON.parse(bytes.toString(cryptojs.enc.Utf8));

console.log("token", cookie.token); 

結果是正確的 JWT：

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOjE1LCJpYXQiOjE2NDE1NjE2MTQsImV4cCI6MTY0MTY0ODAxNH0.i6pVOHdCG4VDQT6-7IdEESo2bQFwe9MK4UJ1o66vVC4