我创建了这个简单的插件:
import bcrypt from 'bcrypt';
import Joi from 'joi';
import DynamoDBClient from '../lib/DynamoDBClient';
exports.register = (server, options, next) => {
server.auth.strategy('simple', 'basic', {
validateFunc: (request, email, password, callback) => {
DynamoDBClient.findUserByEmail(email)
.then(user => {
if (!user) {
return callback(null, false);
}
bcrypt.compare(password, user.password, (err, isValid) => {
return callback(err, isValid, { id: user.id });
});
});
}
});
server.route({
method: 'POST',
path: '/api/login',
config: {
auth: 'simple',
validate: {
payload: {
email: Joi.string().required(),
password: Joi.string().required()
}
}
},
handler: (request, reply) => reply(request.auth.credentials.id)
});
next();
};
exports.register.attributes = {
name: 'login',
};
并在此处加载清单:
import Glue from 'glue';
const manifest = {
server: {},
connections: [
{
port: process.env.PORT || 3001,
labels: ['api']
}
],
plugins: {
'hapi-auth-basic': {},
'./api/signup': {},
'./api/login': {},
'./api/products': {},
}
};
const options = {
relativeTo: __dirname
};
Glue.compose(manifest, options, (err, server) => {
if (err) {
throw err;
}
server.start(() => console.log(`Listening to ${server.info.uri}`));
});
但是我得到这个错误
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Missing authentication"
}
当我尝试通过传递带有电子邮件和密码作为身体参数的POST请求进行登录时。
我认为您的/api/login
路由不应受到身份验证方案的保护,否则,您必须经过身份验证才能进行身份验证。鸡肉和鸡蛋问题...您所有其他路线都应该如此。
换句话说,不应确保登录(和注销一样)路由。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句