1. 首页
  2. 问答
  3. JWT角认证上的刷新

JWT角认证上的刷新

2014-12-06 36 views
0

所以我遵循以下Egghead.io指南: https://egghead.io/lessons/angularjs-finalizing-jwt-authentication-with-angularjsJWT角认证上的刷新

与一捻,我试图将一个MongoDB的检索我的用户。到目前为止,我的所有工作都已完成,除了最后一部分,他声明/ me路由应该返回req.user并且刷新时应该没问题。我不明白。我得到的是从我的服务器返回的空白用户。

我的服务器代码的设置是这样的:

var jwtSecret = 'fjkdlsajfoew239053/3uk'; 

app.use(cors()); 
app.use(bodyParser.json()); 
app.use(expressJwt({ secret: jwtSecret }).unless({ path: [ '/login' ]})); 
app.use(compression()); 
app.use(express.static(__dirname + '/client')); 
app.get('/', function(req, res){ 
    res.render(__dirname + '/client/bundle.js'); 
}); 

app.get('/me', function (req, res) { 
    res.send(req.user); 
}); 

... setup for user schema and other boring stuff ... 

    function authenticate(req, res, next) { 
    var body = req.body; 
    if (!body.username || !body.password) { 
     res.status(400).end('Must provide username or password'); 
    } 

    //do salting, hashing, etc here yo 
    User.findOne({ username: body.username }, function(err, user){ 
     if (user === null || body.password !== user.password) { 
     res.status(401).end('Username or password incorrect'); 
     }else{ 
     req.user = user; 
     next(); 
     } 
    }); 
    } 

    // ROUTES 
    app.post('/login', authenticate, function (req, res, next) { 
    var token = jwt.sign({ 
     username: req.user.username 
    }, jwtSecret); 
    res.send({ 
     token: token, 
     user: req.user 
    }); 
    }); 

app.listen(process.env.PORT || 5000);

我的控制器(客户端)处理的基本身份验证:

module.exports = function($scope, $state, $modal, UserFactory) { 
    var vm = this; 

    $scope.$state = $state; 
    $scope.sign_in = false; 

    $scope.open = function() { 
    var $modalInstance = $modal.open({ 
     templateUrl: 'suggestion-modal.html', 
     controller: 'modalCtrl' 
    }); 
    }; 

    // initialization 
    UserFactory.getUser().then(function success(response) { 
    vm.user = response.data; 
    }); 

    function login(username, password) { 
    UserFactory.login(username, password).then(function success(response) { 
     vm.user = response.data.user; 
    }, handleError); 
    } 

    function logout() { 
    UserFactory.logout(); 
    vm.user = null; 
    } 

    function handleError(response) { 
    alert('Error: ' + response.data); 
    } 

    vm.login = login; 
    vm.logout = logout; 
};

谁能赶上我没有看到的bug这里?基本上,当我登录时,客户端上有一个JWT,但我在客户端控制器上的初始化没有意识到我已登录(它不会将用户对象设置为任何内容)。这有点奇怪。

来源

2014-12-06 noname

+1

'req.user'的值由express-jwt设置。它是解码的标记。您的验证方法不应该设置用户,如果用户验证正确,它只会调用下一个中间件。然后,下一个中间件将返回该令牌,该令牌将由express-jwt在将来的请求中解码为req.user对象。如果由于某种原因需要查找使用情况,可以使用req.user中的信息来查找使用情况并将其设置为req.resolvedUser(或任何您喜欢的)。祝你好运! – kentcdodds 2014-12-07 19:55:06

+1

你是上帝,谢谢你的帮助! Egghead应该为你付出更多! – noname 2014-12-11 03:05:44

回答

0

所以我的解决方案最终考虑到了肯特的帮助和一点头脑风暴。它看起来像以下。请注意,显然中间件在express中的排序很重要,因为在更改Express-jwt的加载后,在客户端的初始目录加载时是否检查身份验证头是否存在巨大差异(如果角度不会加载,整个应用程序崩溃了)。干杯!

'use strict'; 
var faker = require('faker'); 
var cors = require('cors'); 
var bodyParser = require('body-parser'); 
var jwt = require('jsonwebtoken'); 
var expressJwt = require('express-jwt'); 
var compression = require('compression'); 
var express = require('express'); 
var bcrypt = require('bcrypt'); 
var connectLiveReload = require('connect-livereload'); 
var jwt = require('jsonwebtoken'); 
var app = express(); 

var jwtSecret = 'fjkdlsajfoew239053/3uk'; 

app.use(cors()); 
app.use(bodyParser.json()); 
app.use(compression()); 
app.use(express.static(__dirname + '/client')); 
// app.get('/', function(req, res){ 
// res.render(__dirname + '/client/bundle.js'); 
// }); 
app.use(expressJwt({ secret: jwtSecret }).unless({ path: ['/login']})); 

app.get('/me', function (req, res) { 
    res.send(req.user); 
}); 


...schema stuff... 

    // UTIL FUNCTIONS 

    function authenticate(req, res, next) { 
    var body = req.body; 
    if (!body.username || !body.password) { 
     res.status(400).end('Must provide username or password'); 
    } 

    //do salting, hashing, etc here yo 
    User.findOne({ username: body.username }, function(err, user){ 
     if (user === null || body.password !== user.password) { 
     res.status(401).end('Username or password incorrect'); 
     }else{ 
     req.user = user; 
     next(); 
     } 
    }); 
    } 

    // ROUTES 
    app.post('/login', authenticate, function (req, res, next) { 
    var token = jwt.sign({ 
     username: req.body.username 
    }, jwtSecret); 
    res.send({ 
     token: token, 
     user: req.user 
    }); 
    }); 

// app.use(connectLiveReload()); figure out whats wrong with this later and get livereload working 

app.listen(process.env.PORT || 5000);

来源

2014-12-11 03:08:07 noname

相关问题

 相关问题