固定REST-API JWT-Auth插件不作为preHandler触发

时间:2019-01-13 23:44:07

标签: javascript jwt fastify

我建立了Fastify Rest-Api并编写了一个插件来封装我基于JWT的身份验证逻辑。我在我想保护的每条路由上使用了preHandler Hook,但是由于我可以在没有令牌的情况下发出请求并获取数据,因此preHandler或我的插件似乎被忽略了。

我查阅了所有文档,但仍然无法运行。如果我只是console.log()我的函数fastify.authenticate,我将得到一个未定义的信息。

这是我的插件customJwtAuth: 

Large Parcel

我将这样的插件注册到我的主server.js文件中: 

const fp = require('fastify-plugin')

async function customJwtAuth(fastify, opts, next) {

//register jwt 
 await fastify.register(require('fastify-jwt'),
    {secret: 'asecretthatsverylongandimportedfromanenvfile'})

fastify.decorate('authenticate', async function(request, reply) {
 try {
   const tokenFromRequest = request.cookies.jwt

  await fastify.jwt.verify(tokenFromRequest, (err, decoded) => {
     if (err) {
       fastify.log.error(err)
       reply.send(err)
    }
     fastify.log.info(`Token verified: ${decoded}`)
  })
  } catch (err) {
  reply.send(err)
  fastify.log.error(err)
  }
 })
next()
}

module.exports = fp(customJwtAuth, {fastify: '>=1.0.0'})

然后我将这样的功能应用于路由: 

  const customJwtAuth = require('./plugin/auth')
  fastify.register(customJwtAuth).after(err => {if (err) throw err})

如果请求中不包含签名的jwt或根本没有jwt,则api不应该返回任何数据。

2 个答案:

答案 0 :(得分:0)

这里有一个工作示例。

请注意,您在注册错误的装饰器时正在调用next()

您的主要错误归因于[fastify.authenticate]行,因为该Fastify实例中没有装饰器。

//### customAuthJwt.js

const fastifyJwt = require('fastify-jwt')
const fp = require('fastify-plugin')

async function customJwtAuth(fastify, opts, next) {
  fastify.register(fastifyJwt, { secret: 'asecretthatsverylongandimportedfromanenvfile' })
  fastify.decorate('authenticate', async function (request, reply) {
    try {
      // to whatever you want, read the token from cookies for example..
      const token = request.headers.authorization
      await request.jwtVerify()
    } catch (err) {
      reply.send(err)
    }
  })
}

module.exports = fp(customJwtAuth, { fastify: '>=1.0.0' })

//### server.js
const fastify = require('fastify')({ logger: true })
const customJwtAuth = require('./customAuthJwt')

fastify.register(customJwtAuth)

fastify.get('/signup', (req, reply) => {
  // authenticate the user.. are valid the credentials?
  const token = fastify.jwt.sign({ hello: 'world' })
  reply.send({ token })
})


fastify.register(async function (fastify, opts) {
  fastify.addHook('onRequest', fastify.authenticate)
  fastify.get('/', async function (request) {
    return 'hi'
  })
})

fastify.listen(3000)

您得到:

curl http://localhost:3000/
{"statusCode":401,"error":"Unauthorized","message":"No Authorization was found in request.headers"}

curl http://localhost:3000/signup
{"token": "eyJhbGciOiJIUzI1NiI..."}

curl 'http://localhost:3000/' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiI...'
hi

答案 1 :(得分:0)

如果使用的是fastify版本2,则可以使用PreHandler,如果不需要,则需要使用beforeHandler 而且,您需要为这样的路线更改路线

//routes/products.js
const fastify = require('fastify')
const productHandler = require('../handler/productHandler')

module.exports = function (fastify, opts, next) {
    fastify.route({
     method: 'GET',
     url: 'api/product',
     beforeHandler: fastify.auth([
      fastify.authenticate
     ]),
     handler: productHandler.getProducts
    })
    ......
  next()
}

//server.js
....
fastify.register(require('fastify-auth'))
       .register(customJwtAuth)

const customJwtAuth = require('./customAuthJwt')

....
fastify.register(
 require('./routes/products')
)
相关问题
最新问题