【发布时间】:2019-08-12 15:05:19
【问题描述】:
我在 hapi.js 中使用访问令牌时遇到问题。我无法理解如何使用该令牌进行身份验证。我正在关注这篇文章dwyl/hapi-auth-jwt2。我使用 mongodb 作为我的数据库。但是,在我像这样http://localhost:8000/restricted?token=mycreatedtoken 发送请求之前,我无法登录 {auth: 'jwt'} 页面。但是这样发送请求似乎不对。那么我该如何使用该令牌?我不必将其保存在本地存储或数据库中即可访问吗?这是我的代码:
app.js
const jwt = require('jsonwebtoken');
await server.register(require('hapi-auth-jwt2'));
server.auth.strategy('jwt', 'jwt', {
key: 'NeverShareYourSecret',
validate: validate,
verifyOptions: { algorithms: ['HS256'] }
});
server.auth.default('jwt');
验证函数:
const validate = async (decoded, req) => {
let user = await User.findOne({ _id: decoded.id });
if (user) {
req.user = user;
return { isValid: true };
} else {
return { isValid: false };
}
};
用于登录:
method: 'POST',
path: '/login',
config: { auth: false },
handler: async function(req, h) {
try {
let { username, password } = req.payload;
let student = await student.findOne({
username
});
let validUser = student && (await bcrypt.compareSync(password,student.password));
if (validUser) {
let token = jwt.sign({ id: user.id }, 'mysecretkey');
console.log('tpken'+token);
// return h.view('welcome');
return { token };
} else {
return boom.unauthorized('incorrect pass');
}
}
}
注册
method: 'POST',
path: '/student',
config: { auth: false },
handler: async function(req, h) {
try {
let salt = bcrypt.genSaltSync(10);
req.payload.password = bcrypt.hashSync(req.payload.password, salt);
let student = new User(req.payload);
let result = await student.save();
const expiresIn = 24 * 60 * 60;
let token = jwt.sign({ id: result.id }, 'mysecretkey',{ expiresIn: expiresIn
});
return {token} ;
}
}
此路径正在使用 jwt 令牌。
{
method: 'GET',
path: '/register',
config: { auth: 'jwt' },
handler: async (request, h) => {
try {
return h.view('student');
} catch(err){
return h.response(err).code(500);
}
}
}
【问题讨论】:
标签: javascript node.js jwt hapijs