如何使用 shelf_auth 库验证已建立的会话?
How do I validate an established session using the shelf_auth library?
我一直在尝试编写一个简单的服务器来接受 username/password 凭据,验证它们,然后为客户端创建一个 JWT 令牌,然后他们使用该令牌来访问某些路由。我能够做所有事情,直到在服务器端接收和验证客户端的 JWT。
void main() {
//use Jwt based sessions and create the secret using a UUID
JwtSessionHandler sessionHandler =
new JwtSessionHandler('ffl_sales_server', new Uuid().v4(),
auth.lookupByUsername);
//allow http for testing with curl, do not use in production
bool allowHttp = true;
final Map<String, String> headers =
{'Access-Control-Allow-Origin': 'http://192.168.100.83:3030',
"Access-Control-Expose-Headers": "Authorization",
"Access-Control-Allow-Credentials" : "true",
"Access-Control-Allow-Headers" : "Authorization"};
//fix the cors headers
Response options(Request request) => (request.method == 'OPTIONS') ?
new Response.ok(null, headers: headers) : null;
Response cors(Response response) =>
response.change(headers: headers);
Middleware fixCors = createMiddleware(requestHandler: options,
responseHandler: cors);
// authentication middleware for a login handler (post)
Middleware loginMiddleware = authenticate(
[new UsernamePasswordAuthenticator(lookupByUsernamePassword)],
sessionHandler: sessionHandler, allowHttp: allowHttp,
allowAnonymousAccess: false);
// authentication middleware for routes other than login that
// require a logged in user
// here we are relying solely on users with a session established
// via the login route
Middleware defaultAuthMiddleware = authenticate(
[],sessionHandler: sessionHandler, allowHttp: true,
allowAnonymousAccess: false);
Router rootRouter = router(handlerAdapter: handlerAdapter());
//the route where the login credentials are posted
rootRouter.post('/login', (Request request) => new Response.ok('SUCCESS'), middleware: loginMiddleware);
//the routes which require an authenticated user
rootRouter.child('/authenticated',
middleware: defaultAuthMiddleware)
..add('/users', ALL_METHODS, new Users(_connection).handle)
..add('/stores', ALL_METHODS, new Stores(_connection).handle)
..add('/departments', ALL_METHODS, new Departments(_connection).handle)
..add('/invoices', ALL_METHODS, new Invoices(_connection).handle)
..add('/reports', ALL_METHODS, new Reports(_connection).handle)
..add('/imports', ALL_METHODS, new Imports(_connection).handle)
..add('/vendors', ALL_METHODS, new Vendors(_connection).handle)
..get('/foo', (Request request) =>
new Response.ok("Doing foo as ${loggedInUsername(request)}\n"));
printRoutes(rootRouter);
Handler handler = const Pipeline()
.addMiddleware(fixCors)
.addMiddleware(logRequests())
.addMiddleware(exceptionResponse())
.addHandler(rootRouter.handler);
shelf_io.serve(handler, '127.0.0.1', '8080').then((server){
print('Serving as http://${server.address.host}:${server.port}');
});
}
我知道我可能遗漏了一些简单的东西,但似乎我应该在创建 defaultAuthMiddleware 的 authenticate() 函数的第一个参数中有某种处理程序。我错过了什么?
我认为你需要将 sessionMiddleware 传递给其他路由,例如
..add('/invoices', ALL_METHODS, new Invoices(_connection).handle,
middleware: defaultAuthMiddleware)
也许有更好的方法,但这是我发现我的设置工作正常的主要区别。
看来问题出在我的 Auth class 中。 lookupByUsername 函数根本找不到经过身份验证的用户,因为由于我的疏忽,lookupByUsernamePassword 函数将其存储在函数范围而不是 class 范围中。
感谢您的帮助!
我一直在尝试编写一个简单的服务器来接受 username/password 凭据,验证它们,然后为客户端创建一个 JWT 令牌,然后他们使用该令牌来访问某些路由。我能够做所有事情,直到在服务器端接收和验证客户端的 JWT。
void main() {
//use Jwt based sessions and create the secret using a UUID
JwtSessionHandler sessionHandler =
new JwtSessionHandler('ffl_sales_server', new Uuid().v4(),
auth.lookupByUsername);
//allow http for testing with curl, do not use in production
bool allowHttp = true;
final Map<String, String> headers =
{'Access-Control-Allow-Origin': 'http://192.168.100.83:3030',
"Access-Control-Expose-Headers": "Authorization",
"Access-Control-Allow-Credentials" : "true",
"Access-Control-Allow-Headers" : "Authorization"};
//fix the cors headers
Response options(Request request) => (request.method == 'OPTIONS') ?
new Response.ok(null, headers: headers) : null;
Response cors(Response response) =>
response.change(headers: headers);
Middleware fixCors = createMiddleware(requestHandler: options,
responseHandler: cors);
// authentication middleware for a login handler (post)
Middleware loginMiddleware = authenticate(
[new UsernamePasswordAuthenticator(lookupByUsernamePassword)],
sessionHandler: sessionHandler, allowHttp: allowHttp,
allowAnonymousAccess: false);
// authentication middleware for routes other than login that
// require a logged in user
// here we are relying solely on users with a session established
// via the login route
Middleware defaultAuthMiddleware = authenticate(
[],sessionHandler: sessionHandler, allowHttp: true,
allowAnonymousAccess: false);
Router rootRouter = router(handlerAdapter: handlerAdapter());
//the route where the login credentials are posted
rootRouter.post('/login', (Request request) => new Response.ok('SUCCESS'), middleware: loginMiddleware);
//the routes which require an authenticated user
rootRouter.child('/authenticated',
middleware: defaultAuthMiddleware)
..add('/users', ALL_METHODS, new Users(_connection).handle)
..add('/stores', ALL_METHODS, new Stores(_connection).handle)
..add('/departments', ALL_METHODS, new Departments(_connection).handle)
..add('/invoices', ALL_METHODS, new Invoices(_connection).handle)
..add('/reports', ALL_METHODS, new Reports(_connection).handle)
..add('/imports', ALL_METHODS, new Imports(_connection).handle)
..add('/vendors', ALL_METHODS, new Vendors(_connection).handle)
..get('/foo', (Request request) =>
new Response.ok("Doing foo as ${loggedInUsername(request)}\n"));
printRoutes(rootRouter);
Handler handler = const Pipeline()
.addMiddleware(fixCors)
.addMiddleware(logRequests())
.addMiddleware(exceptionResponse())
.addHandler(rootRouter.handler);
shelf_io.serve(handler, '127.0.0.1', '8080').then((server){
print('Serving as http://${server.address.host}:${server.port}');
});
}
我知道我可能遗漏了一些简单的东西,但似乎我应该在创建 defaultAuthMiddleware 的 authenticate() 函数的第一个参数中有某种处理程序。我错过了什么?
我认为你需要将 sessionMiddleware 传递给其他路由,例如
..add('/invoices', ALL_METHODS, new Invoices(_connection).handle,
middleware: defaultAuthMiddleware)
也许有更好的方法,但这是我发现我的设置工作正常的主要区别。
看来问题出在我的 Auth class 中。 lookupByUsername 函数根本找不到经过身份验证的用户,因为由于我的疏忽,lookupByUsernamePassword 函数将其存储在函数范围而不是 class 范围中。
感谢您的帮助!