【发布时间】:2020-06-16 03:46:00
【问题描述】:
我确实可以登录,创建令牌并在我发送请求帖子时从标题中看到它
router.post('/login', (req, res, next) => {
const email = req.body.email
const password = req.body.password
connection.query(
`SELECT * FROM ETB.users WHERE email = ?;`, email,
(err, result) => {
console.log(result[0]);
if (err) {
return res.status(500).send(err)
} else if (!result[0]){
return res.status(409).send('Unknown user')
}
// check password
const passwordIsValid = bcrypt.compareSync(password, result[0].password);
console.log(passwordIsValid);
if(!passwordIsValid){
console.log('wrong password');
return res.status(401).send({ auth: false, token: null })
}
// Token creation
console.log('1', result[0].id);
const token = jwt.sign(
{id : result[0].id, email: result[0].email, type : result[0].type},
secret,
{
expiresIn: '24h'
},
{ algorithm: 'RS256' }
);
console.log(token);
res.header("Access-Control-Expose-Headers", "x-access-token")
console.log(res.header());
res.set("x-access-token", token);
res.status(200).send({ auth: true })
connection.query(`UPDATE ETB.users SET last_login = now() WHERE id = '${result[0].id}'` )
});
})
但是,当我尝试获取“记录”路线时;我不断收到“拒绝访问”,并且令牌没有出现在标题中
router.get('/secret-route', userMiddleware.isLoggedIn, (req, res, next) => {
res.json({
posts: {
title: "my first post",
description: 'blabla'
}
});
});
中间件
isLoggedIn: (req, res, next) => {
const token = req.header('x-access-token')
if (!token) return res.status(401).send('Acess Denied');
try {
const verified = jwt.verify(token, process.env.JWT_SECRET);
req.user = verified;
} catch (err) {
res.status(400).send('Invalid Token')
}
next();
}
enter image description here 谢谢你的帮助
【问题讨论】:
标签: jwt