[英]How to persist authentication in Next.js using firebase after token expiration and or refreshing the page
[英]How to send and verify refresh token after expiration of jwt token without refreshing page
我必須做的:當用戶登錄時,頁面應該保持原樣,直到並且除非用戶注銷
問題:我生成了 JWT 令牌,有效期為 30 秒。 我可以訪問安全頁面,但在刷新頁面 30 秒后關閉,因為 JWT 過期。 I have created a function for refresh token which produces and set cookie to JWT token, but how do I fire the endpoint automatically without touching URL bar or refresh button What I mean is the refresh token should keep setting new cookie JWT without hitting other endpoint of刷新按鈕
我看到了相關的教程,但我沒有使用反應,所以沒用。 我正在使用車把
Controller代碼
const {Registeration}=require('../database/model');
const bcrypt=require('bcryptjs') ;
const jwt = require('jsonwebtoken');
exports.signUp=async(req,res)=>{
const User=new Registeration();
User.name=req.body.name,
User.email=req.body.email
if(req.body.password===req.body.confirmPassword){
User.password=req.body.password;
}
else{
throw new Error('ircorrect password');
}
try{
await User.save();
res.redirect('/login');
// res.status(201).send({message:"usser data saved"});
}
catch(err){
console.log(err);
res.send(err);
}
}
exports.login=async(req,res)=>{
const User=new Registeration();
const userData=await Registeration.findOne({email:req.body.email});
console.log(userData);
// console.log("isMatcch = "+isMatch);
if(userData==={}){
res.status(404).send({message:"user not found"});
}
else{
const isMatch=await bcrypt.compare(req.body.password,userData.password);
if(!isMatch){
res.status(400).send({message:"wrong password"});
}
else{
const token=await userData.generateAuthToken()
console.log(token);
res.cookie("jwt",token,{
path:'/',
expires:new Date(Date.now()+1000*30),
httpOnly:true,
sameSite:"lax"
});
res.redirect('/user');
// res.status(201).send({message:"user logged in",user:userData,token:token});
}
}
}
exports.verifyToken=async(req,res,next)=>{
// const token=req.header('Authorization').replace('Bearer ','');
const token =req.cookies.jwt;
console.log(token);
const user=jwt.verify(token,"helloworld");
if(!user){
res.status(404).send({message:'invalid token'});
}
else{
console.log(user)
req.id=user._id
// res.status(201).send({message:"token matched"});
}
next();
}
exports.getUser=async(req,res)=>{
const user= await Registeration.findOne({_id:req.id});
if(!user){
res.status(404).send({message:"user not found"});
}
else{
res.render('user',{
data:user
})
// res.status(201).send({message:"user found",user:user});
}
}
exports.refreshToken=async(req,res)=>{
const token =req.cookies.jwt;
if(!token){
res.status(404).send({message:"couldnt find token"});
}
else{
const user=jwt.verify(token,"helloworld");
if(!user){
res.status(404).send({message:'invalid token'});
}
else{
res.clearCookie('jwt');
req.cookie.jwt=" ";
const token=jwt.sign({_id:user._id.toString()},'helloworld',{
expiresIn:"30s"
});
res.cookie("jwt",token,{
path:'/',
expires:new Date(Date.now()+1000*30),
httpOnly:true,
sameSite:"lax"
});
req.id=user.id
next();
}
}
}
exports.renderIndexPage=(req,res)=>{
res.render('index');
}
exports.renderLoginPage=(req,res)=>{
res.render('login');
}
exports.renderRegisterPage=(req,res)=>{
res.render('register');
}
路線
const express=require('express');
const router=express.Router();
const {signUp, login, verifyToken, getUser, renderIndexPage,renderLoginPage,renderRegisterPage,refreshToken}=require('../controller/signup and login controller');
const cookieParser=require('cookie-parser');
router.use(express.urlencoded({extended: true}));
router.use(express.json())
router.use(cookieParser());
router.get('/',(req,res)=>{
res.send('homepage');
})
router.post('/register/data/recorded',signUp);
router.post('/login/data/recorded',login);
router.get('/user',verifyToken,getUser);
router.get('/index',renderIndexPage);
router.get('/register',renderRegisterPage);
router.get('/login',renderLoginPage);
//router.get('/refresh',refreshToken,verifyToken,getUser);// not working showing error
module.exports=router
根據我對這個問題的理解,您所描述的是不可能的。
HTTP(S) 通信在用戶登錄/注冊后關閉,這意味着您的用戶不再連接到您的服務器,並且無法觸發另一個請求處理程序。
您可以做什么但是將邏輯添加到您的前端代碼中,該代碼執行另一個請求以刷新令牌(您在頁面加載和登錄延遲后執行另一個請求(大概是直到令牌過期的延遲時間))
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.