【发布时间】:2021-12-06 23:08:05
【问题描述】:
我正在尝试使用 JWT 对用户进行身份验证。我在登录时分配了一个令牌。
if (client) {
// Check if Client does exist, then compare password provided by Client
if (!req.body.password) {
res.json({ success: false, message: "No password provided" }); // Password was not provided
} else {
var validPassword = client.password === req.body.password; // Check if password matches password provided by Client
if (!validPassword) {
res.json({ success: false, message: {password: {message: "Incorrect Password"}} }); // Password does not match password in database
} else {
if (!client.active) {
res.json({ success: false, message: {active: {message: "Account is not activated"}} }); // Account is not activated
} else {
var token = jwt.sign(
{ username: client.username, email: client.email },
secret,
{ expiresIn: "24h" }
); // Logged in: Give Client token
res.json({
success: true,
message: "Client authenticated!",
token: token
}); // Return token in JSON object to controller
}
}
}
}
登录后,我正在检查请求中的令牌使我成为用户。
router.use(function(req, res, next) {
var token = req.body.token || req.body.query || req.headers['x-access-token']; // Check for token in body, URL, or headers
// Check if token is valid and not expired
if (token) {
// Function to verify token
jwt.verify(token, secret, (err, decoded) => {
if (err) {
res.json({ success: false, message: 'Token invalid' }); // Token has expired or is invalid
} else {
req.decoded = decoded; // Assign to req. variable to be able to use it in next() route ('/me' route)
next(); // Required to leave middleware
}
});
} else {
res.json({ success: false, message: 'No token provided' }); // Return error if no token was provided in the request
}
});
我将所有受保护的路由放在检查令牌之后。用户可以访问个人资料页面/me
router.post('/me', function(req, res) {
res.send(req.decoded); // Return the token acquired from middleware
});
如何在 Angular 11 中检查 req.body 中的令牌?我曾尝试使用 localStorage 设置令牌,但似乎我做得不对。
localStorage.setItem('userToken', response.token);
通过在正文中传递令牌访问 /me 路由时,它似乎在 Postman 中工作正常。它显示是否找到令牌。如果找到则显示结果
{ “电子邮件”:“example@gmail.com”, "iat": 1634704834, “exp”:1634791234 }
【问题讨论】:
标签: node.js angular express authentication jwt