将 Auth0 API 受保护的路由与 Express 路由处理程序一起使用
Use Auth0 API protected route with Express route handlers
我使用 Auth0 quick start. Protected routes are handled with a middleware function called checkJwt, provided by Auth0 在 Express 中实现了受保护的 API 路由。只要调用其中一个 GET 方法,它就会运行。如果我在 server.js.
中管理我的所有路线,这个过程会很有效
如何分离路由处理并仍然保留受保护的 API 路由?
server.js 具有受保护路由的工作代码。
import colors from 'colors'
import cors from 'cors'
import express from 'express'
import morgan from 'morgan'
import dotenv from 'dotenv'
import connectDB from './db.js'
import checkJwt from './middleware/auth.middleware.js'
import { getStudents, getStudent } from './controllers/students.controller.js'
dotenv.config()
connectDB()
export const app = express()
app.use(cors())
app.use(express.json({ limit: '50mb' }))
if (process.env.NODE_ENV === 'development') {
app.use(morgan('dev'))
}
//handle routing internally
app.get('/api/students/:id', checkJwt, getStudent)
app.get('/api/students', checkJwt, getStudents)
const PORT = process.env.PORT || 6000
app.listen(PORT, () =>
console.log(
`Server running in ${process.env.NODE_ENV} mode on port ${PORT}`.yellow.bold
)
)
随着代码的增长,我想脱离路由处理。一旦我分离出路由,我就不知道把checkJwt放在哪里。
server.js 想要的代码结构是:
import colors from 'colors'
import cors from 'cors'
import express from 'express'
import morgan from 'morgan'
import dotenv from 'dotenv'
import connectDB from './db.js'
import studentsRouter from './routes/students.routes.js'
dotenv.config()
connectDB()
const app = express()
app.use(cors())
app.use(express.json({ limit: '50mb' }))
if (process.env.NODE_ENV === 'development') {
app.use(morgan('dev'))
}
// handle routing externally
const apiRouter = express.Router()
app.use('/api', apiRouter)
apiRouter.use('/students', studentsRouter)
const PORT = process.env.PORT || 6000
app.listen(PORT, () =>
console.log(
`Server running in ${process.env.NODE_ENV} mode on port ${PORT}`.yellow.bold
)
)
路由在 students.routes.js 路由处理程序中实现。
import express from 'express'
import { getStudent, getStudents } from '../controllers/students.controller.js'
const router = express.Router()
// where can I implement checkJwt?
router.route('/').get(getStudents)
router.route('/:id').get(getStudent)
export default router
是否可以通过移动路由来简化代码,同时仍然保护我的路由?
您可以在您的路由器中使用任何像这样的中间件:
const router = express.Router();
router.route('/').get([checkJwt, secondMiddleware, ...] , getStudents);
基于文档:
express-routing
You can provide multiple callback functions that behave like middleware to handle a request. The only exception is that these callbacks might invoke next('route') to bypass the remaining route callbacks. You can use this mechanism to impose pre-conditions on a route, then pass control to subsequent routes if there’s no reason to proceed with the current route.
我使用 Auth0 quick start. Protected routes are handled with a middleware function called checkJwt, provided by Auth0 在 Express 中实现了受保护的 API 路由。只要调用其中一个 GET 方法,它就会运行。如果我在 server.js.
如何分离路由处理并仍然保留受保护的 API 路由?
server.js 具有受保护路由的工作代码。
import colors from 'colors'
import cors from 'cors'
import express from 'express'
import morgan from 'morgan'
import dotenv from 'dotenv'
import connectDB from './db.js'
import checkJwt from './middleware/auth.middleware.js'
import { getStudents, getStudent } from './controllers/students.controller.js'
dotenv.config()
connectDB()
export const app = express()
app.use(cors())
app.use(express.json({ limit: '50mb' }))
if (process.env.NODE_ENV === 'development') {
app.use(morgan('dev'))
}
//handle routing internally
app.get('/api/students/:id', checkJwt, getStudent)
app.get('/api/students', checkJwt, getStudents)
const PORT = process.env.PORT || 6000
app.listen(PORT, () =>
console.log(
`Server running in ${process.env.NODE_ENV} mode on port ${PORT}`.yellow.bold
)
)
随着代码的增长,我想脱离路由处理。一旦我分离出路由,我就不知道把checkJwt放在哪里。
server.js 想要的代码结构是:
import colors from 'colors'
import cors from 'cors'
import express from 'express'
import morgan from 'morgan'
import dotenv from 'dotenv'
import connectDB from './db.js'
import studentsRouter from './routes/students.routes.js'
dotenv.config()
connectDB()
const app = express()
app.use(cors())
app.use(express.json({ limit: '50mb' }))
if (process.env.NODE_ENV === 'development') {
app.use(morgan('dev'))
}
// handle routing externally
const apiRouter = express.Router()
app.use('/api', apiRouter)
apiRouter.use('/students', studentsRouter)
const PORT = process.env.PORT || 6000
app.listen(PORT, () =>
console.log(
`Server running in ${process.env.NODE_ENV} mode on port ${PORT}`.yellow.bold
)
)
路由在 students.routes.js 路由处理程序中实现。
import express from 'express'
import { getStudent, getStudents } from '../controllers/students.controller.js'
const router = express.Router()
// where can I implement checkJwt?
router.route('/').get(getStudents)
router.route('/:id').get(getStudent)
export default router
是否可以通过移动路由来简化代码,同时仍然保护我的路由?
您可以在您的路由器中使用任何像这样的中间件:
const router = express.Router();
router.route('/').get([checkJwt, secondMiddleware, ...] , getStudents);
基于文档: express-routing
You can provide multiple callback functions that behave like middleware to handle a request. The only exception is that these callbacks might invoke next('route') to bypass the remaining route callbacks. You can use this mechanism to impose pre-conditions on a route, then pass control to subsequent routes if there’s no reason to proceed with the current route.