hapi-auth-bearer-token 仅适用于查询字符串中的 access_token 而不是 header
hapi-auth-bearer-token only works for an access_token in query string not as a header
如何让 hapi-auth-bearer-token 将 access_token 用作 http headers 而不是将其传递到查询字符串中?文档非常清楚这应该有效,但正如您从下面的屏幕截图中看到的那样,它并没有起作用。
const Hapi = require('hapi');
const AuthBearer = require('hapi-auth-bearer-token');
const server = Hapi.server({ port: 8080 });
const start = async () => {
await server.register(AuthBearer)
server.auth.strategy('simple', 'bearer-access-token', {
allowQueryToken: true, // optional, false by default
validate: async (request, token, h) => {
// here is where you validate your token
// comparing with token from your database for example
const isValid = token === '1234';
const credentials = { token };
const artifacts = { test: 'info' };
return { isValid, credentials, artifacts };
}
});
server.auth.default('simple');
server.route({
method: 'GET',
path: '/',
handler: async function (request, h) {
return { info: 'success!' };
}
});
await server.start();
return server;
}
start()
.then((server) => console.log(`Server listening on ${server.info.uri}`))
.catch(err => {
console.error(err);
process.exit(1);
})
查询字符串 access_token 有效:
Header access_token 不:
hapi-auth-bearer-token 需要不记名令牌,这意味着值需要 Bearer 1234 而不仅仅是 1234。在我的例子中,我不得不在没有单词 Bearer 的情况下使用它,所以我深入研究了插件源代码并推出了我自己的实现。
如何让 hapi-auth-bearer-token 将 access_token 用作 http headers 而不是将其传递到查询字符串中?文档非常清楚这应该有效,但正如您从下面的屏幕截图中看到的那样,它并没有起作用。
const Hapi = require('hapi');
const AuthBearer = require('hapi-auth-bearer-token');
const server = Hapi.server({ port: 8080 });
const start = async () => {
await server.register(AuthBearer)
server.auth.strategy('simple', 'bearer-access-token', {
allowQueryToken: true, // optional, false by default
validate: async (request, token, h) => {
// here is where you validate your token
// comparing with token from your database for example
const isValid = token === '1234';
const credentials = { token };
const artifacts = { test: 'info' };
return { isValid, credentials, artifacts };
}
});
server.auth.default('simple');
server.route({
method: 'GET',
path: '/',
handler: async function (request, h) {
return { info: 'success!' };
}
});
await server.start();
return server;
}
start()
.then((server) => console.log(`Server listening on ${server.info.uri}`))
.catch(err => {
console.error(err);
process.exit(1);
})
查询字符串 access_token 有效:
Header access_token 不:
hapi-auth-bearer-token 需要不记名令牌,这意味着值需要 Bearer 1234 而不仅仅是 1234。在我的例子中,我不得不在没有单词 Bearer 的情况下使用它,所以我深入研究了插件源代码并推出了我自己的实现。