Node Js 将角色作为字符串传递给 JWT 验证函数

Node Js pass the role as a string to the JWT verification function

JWT 验证函数接受 req、res 和 next 作为其参数。我需要传递一个额外的字符串 'Admin' 以便只有管理员用户可以访问此 API

我的jwtVerification.js代码:

module.exports = async function (req, res, next) { //I need to be able to add role to this call
    try {       
        const token = req.header("Authorization");

        if (!token) return res.status(401).send('Invalid access token.');

        const _token = token.substring(7, token.length);

        const decoded = jwt.verify(_token, process.env.JWT_PRIVATE_KEY)

        const user = await prisma.user.findFirst({ where: { id: decoded.id } });

        if (!user) return res.status(401).send('Invalid access token.');
     
        //I need to be able to read the role so that I can do the following verifications
        //if(!role) next();
        //else{
        //   if(user.role !== role || decode.role !== role) return res.status(403).send('Forbidden!')
        //   else next();
        //}
        next();

    } catch (error) {
        res.status(401).send(error.message);
    }
};

最后,API 调用自身: //例如使用verifyJWT('Admin')

router.post('/test', verifyJWT, async (req, res) => {
    res.send('hi');
})

你猫用这样的东西:

module.exports = function (myParam) => {
    
         return async function (req, res, next) { 
            //use myParam here
            try {       
                const token = req.header("Authorization");

                if (!token) return res.status(401).send('Invalid access token.');

                const _token = token.substring(7, token.length);

                const decoded = jwt.verify(_token, process.env.JWT_PRIVATE_KEY)

                const user = await prisma.user.findFirst({ where: { id: decoded.id } });

                if (!user) return res.status(401).send('Invalid access token.');
             
                //I need to be able to read the role so that I can do the following verifications
                //if(!role) next();
                //else{
                //   if(user.role !== role || decode.role !== role) return res.status(403).send('Forbidden!')
                //}
                next();

            } catch (error) {
                res.status(401).send(error.message);
            }
    }
};

然后这样使用中间件:

router.post('/test', verifyJWT(someParam), async (req, res) => {
    res.send('hi');
})