使用 HapiJS 获取身份验证错误
Getting authentication error with HapiJS
我创建了这个简单的插件:
import bcrypt from 'bcrypt';
import Joi from 'joi';
import DynamoDBClient from '../lib/DynamoDBClient';
exports.register = (server, options, next) => {
server.auth.strategy('simple', 'basic', {
validateFunc: (request, email, password, callback) => {
DynamoDBClient.findUserByEmail(email)
.then(user => {
if (!user) {
return callback(null, false);
}
bcrypt.compare(password, user.password, (err, isValid) => {
return callback(err, isValid, { id: user.id });
});
});
}
});
server.route({
method: 'POST',
path: '/api/login',
config: {
auth: 'simple',
validate: {
payload: {
email: Joi.string().required(),
password: Joi.string().required()
}
}
},
handler: (request, reply) => reply(request.auth.credentials.id)
});
next();
};
exports.register.attributes = {
name: 'login',
};
并在此处加载清单:
import Glue from 'glue';
const manifest = {
server: {},
connections: [
{
port: process.env.PORT || 3001,
labels: ['api']
}
],
plugins: {
'hapi-auth-basic': {},
'./api/signup': {},
'./api/login': {},
'./api/products': {},
}
};
const options = {
relativeTo: __dirname
};
Glue.compose(manifest, options, (err, server) => {
if (err) {
throw err;
}
server.start(() => console.log(`Listening to ${server.info.uri}`));
});
但是我收到这个错误
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Missing authentication"
}
当我尝试通过 POST 请求登录时,将电子邮件和密码作为正文参数。
我认为您的 /api/login 路由不应受到身份验证方案的保护,否则,您必须通过身份验证才能进行身份验证。先有鸡还是先有蛋的问题。。。你其他的路线应该都是。
换句话说,登录(以及注销之类的?)路由不应受到保护。
我创建了这个简单的插件:
import bcrypt from 'bcrypt';
import Joi from 'joi';
import DynamoDBClient from '../lib/DynamoDBClient';
exports.register = (server, options, next) => {
server.auth.strategy('simple', 'basic', {
validateFunc: (request, email, password, callback) => {
DynamoDBClient.findUserByEmail(email)
.then(user => {
if (!user) {
return callback(null, false);
}
bcrypt.compare(password, user.password, (err, isValid) => {
return callback(err, isValid, { id: user.id });
});
});
}
});
server.route({
method: 'POST',
path: '/api/login',
config: {
auth: 'simple',
validate: {
payload: {
email: Joi.string().required(),
password: Joi.string().required()
}
}
},
handler: (request, reply) => reply(request.auth.credentials.id)
});
next();
};
exports.register.attributes = {
name: 'login',
};
并在此处加载清单:
import Glue from 'glue';
const manifest = {
server: {},
connections: [
{
port: process.env.PORT || 3001,
labels: ['api']
}
],
plugins: {
'hapi-auth-basic': {},
'./api/signup': {},
'./api/login': {},
'./api/products': {},
}
};
const options = {
relativeTo: __dirname
};
Glue.compose(manifest, options, (err, server) => {
if (err) {
throw err;
}
server.start(() => console.log(`Listening to ${server.info.uri}`));
});
但是我收到这个错误
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Missing authentication"
}
当我尝试通过 POST 请求登录时,将电子邮件和密码作为正文参数。
我认为您的 /api/login 路由不应受到身份验证方案的保护,否则,您必须通过身份验证才能进行身份验证。先有鸡还是先有蛋的问题。。。你其他的路线应该都是。
换句话说,登录(以及注销之类的?)路由不应受到保护。