我只是使用JSON令牌构建一个身份验证平台来创建只有在发送正确的身份验证后才能访问的中间件。这是server.js:
// dependancies
var express = require('express');
var app = express();
var bodyParser = require('body-parser');
var morgan = require('morgan');
var mongoose = require('mongoose');
var passwordHash = require('password-hash');
var jwt = require('jsonwebtoken');
var config = require('./config');
var User = require('./app/models/user');
// config
var port = process.env.PORT || 8080;
mongoose.connect(config.database);
app.set('superSecret', config.secret);
// body parser
app.use(bodyParser.urlencoded({ extended: false}));
app.use(bodyParser.json());
// morgan
app.use(morgan('dev'));
//routes
app.get('/', function(req, res) {
res.send('Hello! The API is at http://localhost:' + port + '/api');
});
app.get('/setup', function(req, res){
var hashedPassword = passwordHash.generate('catsanddogs');
var tommy = new User({
user: 'Tommy Birt',
password: hashedPassword,
admin: false,
MP: true,
Position: true
});
// save
tommy.save(function(err){
if(err) throw err;
console.log('Saved');
res.json({ success: true });
});
});
// API routes
var apiRoutes = express.Router();
apiRoutes.get('/', function(req, res){
res.json({ message: 'Welcome to this api.'});
});
apiRoutes.post('/authenticate', function(req, res){
// Fine user
User.findOne({
user : req.body.user
}, function(err, user) {
// general error...
if (err) throw err;
// incorrect
if(!user) {
res.json({ success: false, message: 'Authentication failed: No user'});
} else if(user) {
if(!passwordHash.verify(req.body.password, user.password)) {
res.json({ success: false, message: 'Authentication failed: Incorrect Password'});
} else {
// token!
var token = jwt.sign(user, app.get('superSecret'), {});
res.json({
success: true,
message: 'Enjoy your token!',
token: token
});
}
}
})
});
app.use('/api', apiRoutes);
apiRoutes.use(function(req, res, next){
// Lets find our token!
var token = req.body.token || req.query.token || req.headers['x-access-token'];
// Have we found it?
if(token) {
// Verify! No crackers please
jwt.verify(token, app.get('superSecret'), function(err, decoded){
if(err) {
// Somethings gone wrong...
return res.json({ sucess: false, message: 'Failed to authenticate token'});
} else {
// No errors! Yay :)
req.decoded = decoded
next();
}
});
} else {
// No token Sir! Get off this train!
return res.status(403).send({
success: false,
message: 'Stop cheating'
});
}
});
apiRoutes.get('/balance', function(req, res){
res.send("Welcome to your balance!");
});
// lets roll
app.listen(port);
console.log('We have taken off at http://localhost' + port);
但是,每当它运行时,我都会使用Postman将身份验证详细信息发送到/ api / authenticate,它会给我一个令牌。但是,无论何时转到/ api / balance,它都会给我一个没有令牌的错误。