无法通过邮递员使用不记名令牌访问nodejs中的受保护路由
Can't access protected routes in nodejs using bearer token through postman
我正在尝试使用 bearer token 和它 returns unautorized 将 get request 设为我的受保护路由,即使在通过 header 发送令牌之后也是如此。
我在 nodejs 上使用不记名令牌,expressjs 应用程序使用 mlab 远程数据库
我注册了新用户,然后我用那封电子邮件登录,它给我发回了一个令牌(如预期的那样)。
当我通过 header 其他路由发送此令牌时未登录 returns Unautorized.
我的步骤是
1) 使用新邮箱注册
2) 登录请求成功
3) get request 路由 localhost:5000/api/users/current 失败,returns 未自动化。
user.js 文件有
// users.js for authentication and authorization
const express = require("express");
const router = express.Router();
const gravatar = require("gravatar");
const bcrypt = require("bcryptjs");
const keys = require("../../config/keys");
const jwt = require("jsonwebtoken");
const passport = require("passport");
// Load User Model to check existing email is used for registration or not?
const User = require("../../models/User");
// @route GET request to api/users/test
// @description Tests users route
// @access Public, without login
router.get("/test", (req, res) => res.json({ msg: "Users Works" }));
// @route GET request to api/users/register
// @description new registration of user.
// @access Public, without login first register
router.post("/register", (req, res) => {
User.findOne({ email: req.body.email }).then(user => {
if (user) {
return res.status(400).json({ email: "Email value exists already." });
} else {
console.log("no user found of this email in DB");
const avatar = gravatar.url(req.body.email, {
s: "200", //Size of gravatar in pixels
r: "pg", //rating,
d: "mm" //default value= 'mm'
});
// create user
const newUser = new User({
name: req.body.name,
email: req.body.email,
avatar,
password: req.body.password
});
// gensalt(noOfSalts_of_Iterations,(err,salt_result)=>{})
bcrypt.genSalt(10, (err, salt) => {
// hash(plaintext,salt,callback(err,resultant ciphertext))
bcrypt.hash(newUser.password, salt, (err, hash) => {
if (err) {
console.log("error in bcrypt.hash()");
throw err;
}
//assign salted hash to password
newUser.password = hash;
// Save new password in datebase, overriding plaintext;
newUser
.save()
.then(user => res.json(user)) // if yes,then send it as argument in brackets.
.catch(err =>
console.log("Error occured in saving hash password in DB\n")
);
});
});
}
});
});
// @route GET request to api/users/login
// @description Login/signing-in registered user. return JWT token
// @access Public
router.post("/login", (req, res) => {
const email = req.body.email;
const password = req.body.password;
// find user to match it's password
User.findOne({ email: req.body.email }).then(user => {
//check if no user
if (!user) {
return res.status(404).json({ email: "User's email found." });
}
// else if do this..
// if user's email-id is found then match it's password-hash with local-database
bcrypt.compare(password, user.password).then(isMatch => {
if (isMatch) {
// user pswd matched => then return JWT token back for authentication
// res.json({ msg: "Success" });
const payload = { it: user.id, name: user.name, avatar: user.avatar };
// created JWT token
// now sign token
// jwt.sign(payload, secretKey, expire-time, callback );
// jwt.sign
jwt.sign(
payload,
keys.secretOrKey,
{ expiresIn: 3600 },
(err, token) => {
res.json({
success: true,
token: "bearer " + token
});
}
);
} else {
// pswd doesn't matched
return res.status(400).json({ password: "Password didn't match" });
}
});
});
});
// @route GET request to api/users/current - current user with token
// @description Return current user
// @access Private, can't go without login
router.get(
"/current",
passport.authenticate("jwt", { session: false }),
(req, res) => {
res.json({ msg: "Success" });
}
);
module.exports = router;
数据已成功存储在远程数据库 mlab,但我无法找出问题所在。
我的 Github 这个项目的回购是 this
请查看你的代码行Users.js第88行有效负载id存储在'it'
const payload = { it: user.id, name: user.name, avatar: user.avatar };
但是在你的 passport.js
User.findById(jwt_payload.id)
你是通过 id 提取它的,所以如果你在这里使用 jwt_payload.it,你将收到消息 success
我正在尝试使用 bearer token 和它 returns unautorized 将 get request 设为我的受保护路由,即使在通过 header 发送令牌之后也是如此。
我在 nodejs 上使用不记名令牌,expressjs 应用程序使用 mlab 远程数据库 我注册了新用户,然后我用那封电子邮件登录,它给我发回了一个令牌(如预期的那样)。
当我通过 header 其他路由发送此令牌时未登录 returns Unautorized.
我的步骤是
1) 使用新邮箱注册
2) 登录请求成功
3) get request 路由 localhost:5000/api/users/current 失败,returns 未自动化。
user.js 文件有
// users.js for authentication and authorization
const express = require("express");
const router = express.Router();
const gravatar = require("gravatar");
const bcrypt = require("bcryptjs");
const keys = require("../../config/keys");
const jwt = require("jsonwebtoken");
const passport = require("passport");
// Load User Model to check existing email is used for registration or not?
const User = require("../../models/User");
// @route GET request to api/users/test
// @description Tests users route
// @access Public, without login
router.get("/test", (req, res) => res.json({ msg: "Users Works" }));
// @route GET request to api/users/register
// @description new registration of user.
// @access Public, without login first register
router.post("/register", (req, res) => {
User.findOne({ email: req.body.email }).then(user => {
if (user) {
return res.status(400).json({ email: "Email value exists already." });
} else {
console.log("no user found of this email in DB");
const avatar = gravatar.url(req.body.email, {
s: "200", //Size of gravatar in pixels
r: "pg", //rating,
d: "mm" //default value= 'mm'
});
// create user
const newUser = new User({
name: req.body.name,
email: req.body.email,
avatar,
password: req.body.password
});
// gensalt(noOfSalts_of_Iterations,(err,salt_result)=>{})
bcrypt.genSalt(10, (err, salt) => {
// hash(plaintext,salt,callback(err,resultant ciphertext))
bcrypt.hash(newUser.password, salt, (err, hash) => {
if (err) {
console.log("error in bcrypt.hash()");
throw err;
}
//assign salted hash to password
newUser.password = hash;
// Save new password in datebase, overriding plaintext;
newUser
.save()
.then(user => res.json(user)) // if yes,then send it as argument in brackets.
.catch(err =>
console.log("Error occured in saving hash password in DB\n")
);
});
});
}
});
});
// @route GET request to api/users/login
// @description Login/signing-in registered user. return JWT token
// @access Public
router.post("/login", (req, res) => {
const email = req.body.email;
const password = req.body.password;
// find user to match it's password
User.findOne({ email: req.body.email }).then(user => {
//check if no user
if (!user) {
return res.status(404).json({ email: "User's email found." });
}
// else if do this..
// if user's email-id is found then match it's password-hash with local-database
bcrypt.compare(password, user.password).then(isMatch => {
if (isMatch) {
// user pswd matched => then return JWT token back for authentication
// res.json({ msg: "Success" });
const payload = { it: user.id, name: user.name, avatar: user.avatar };
// created JWT token
// now sign token
// jwt.sign(payload, secretKey, expire-time, callback );
// jwt.sign
jwt.sign(
payload,
keys.secretOrKey,
{ expiresIn: 3600 },
(err, token) => {
res.json({
success: true,
token: "bearer " + token
});
}
);
} else {
// pswd doesn't matched
return res.status(400).json({ password: "Password didn't match" });
}
});
});
});
// @route GET request to api/users/current - current user with token
// @description Return current user
// @access Private, can't go without login
router.get(
"/current",
passport.authenticate("jwt", { session: false }),
(req, res) => {
res.json({ msg: "Success" });
}
);
module.exports = router;
数据已成功存储在远程数据库 mlab,但我无法找出问题所在。
我的 Github 这个项目的回购是 this
请查看你的代码行Users.js第88行有效负载id存储在'it'
const payload = { it: user.id, name: user.name, avatar: user.avatar };
但是在你的 passport.js
User.findById(jwt_payload.id)
你是通过 id 提取它的,所以如果你在这里使用 jwt_payload.it,你将收到消息 success