我有一个带令牌的登录系统。登录时,它将检查该用户是否存在,并且在登录会话期间不了解有关当前用户的信息。检查它并将响应发送到前端的最简单方法是什么?
路线:
function verifyToken(req, res, next) {
if (!req.headers.authorization) {
return res.status(401).send('Unauthorized request');
}
let token = req.headers.authorization.split(' ')[1];
if (token === 'null') {
return res.status(401).send('Unauthorized request');
}
let payload = jwt.verify(token, 'secretKey');
if (!payload) {
return res.status(401).send('Unauthorized request');
}
req.userId = payload.subject;
next();
}
router.post('/register', (req, res) => {
let userData = req.body;
let user = new User(userData);
user.save((error, registeredUser) => {
if (error) {
console.log(error);
} else {
let payload = { subject: registeredUser._id };
let token = jwt.sign(payload, 'secretKey');
res.status(200).send({ token });
}
})
})
router.post('/login', (req, res) => {
let userData = req.body;
User.findOne({ email: userData.email }, (error, user) => {
if (error) {
console.log(error);
} else {
if (!user) {
res.status(401).send('Invalid email');
} else
if (user.password !== userData.password) {
res.status(401).send('Invalid password')
} else {
let payload = { subject: user._id };
let token = jwt.sign(payload, 'secretKey');
res.status(200).send({ token });
}
}
})
})
您可以尝试使用中间件从Authorization标头中检索令牌并从那里检索userId,中间件可能看起来像这样:
const decodeToken = (token) => {
return jwt.verify(token, 'secretKey', (err, decoded) => {
if (err) {
return undefined;
}
return decoded;
});
};
const authorize = (req, res, next) => {
if (!req.headers.authorization) {
return res.status(401).send({message: 'UNAUTHORIZED'});
}
const token = req.headers.authorization.split(' ')[1];
if (!token) {
return res.status(401).send({message: 'UNAUTHORIZED'});
}
const decodedToken = decodeToken(token);
if (!decodedToken) {
return res.status(401).send({message: 'UNAUTHORIZED'});
}
req.userId = decodedToken.subject;
next();
};
module.exports = authorize;
希望这对您有所帮助,如果没有,希望您找到答案:)
编辑
要使用中间件,您只需要将其添加到路由中,我将为您提供一个带有get请求的示例:
const authorize = require('../middleware/authorize');
router.get('/someroute', authorize, (req, res) => {
// authorize will verify the token and attach the userId to your request
// so to use it you'll only need to call req.userId
// something like this
console.log('current logged user id', req.userId);
// YOUR CODE HERE
});
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句