我一直在尝试编写一个接受用户名/密码凭据的简单服务器,验证它们,然后为客户端创建一个JWT令牌,然后用它们来访问某些路由。我能够做到一切,直到在服务器端接收和验证客户端的JWT。
void main() {
//use Jwt based sessions and create the secret using a UUID
JwtSessionHandler sessionHandler =
new JwtSessionHandler('ffl_sales_server', new Uuid().v4(),
auth.lookupByUsername);
//allow http for testing with curl, do not use in production
bool allowHttp = true;
final Map<String, String> headers =
{'Access-Control-Allow-Origin': 'http://192.168.100.83:3030',
"Access-Control-Expose-Headers": "Authorization",
"Access-Control-Allow-Credentials" : "true",
"Access-Control-Allow-Headers" : "Authorization"};
//fix the cors headers
Response options(Request request) => (request.method == 'OPTIONS') ?
new Response.ok(null, headers: headers) : null;
Response cors(Response response) =>
response.change(headers: headers);
Middleware fixCors = createMiddleware(requestHandler: options,
responseHandler: cors);
// authentication middleware for a login handler (post)
Middleware loginMiddleware = authenticate(
[new UsernamePasswordAuthenticator(lookupByUsernamePassword)],
sessionHandler: sessionHandler, allowHttp: allowHttp,
allowAnonymousAccess: false);
// authentication middleware for routes other than login that
// require a logged in user
// here we are relying solely on users with a session established
// via the login route
Middleware defaultAuthMiddleware = authenticate(
[],sessionHandler: sessionHandler, allowHttp: true,
allowAnonymousAccess: false);
Router rootRouter = router(handlerAdapter: handlerAdapter());
//the route where the login credentials are posted
rootRouter.post('/login', (Request request) => new Response.ok('SUCCESS'), middleware: loginMiddleware);
//the routes which require an authenticated user
rootRouter.child('/authenticated',
middleware: defaultAuthMiddleware)
..add('/users', ALL_METHODS, new Users(_connection).handle)
..add('/stores', ALL_METHODS, new Stores(_connection).handle)
..add('/departments', ALL_METHODS, new Departments(_connection).handle)
..add('/invoices', ALL_METHODS, new Invoices(_connection).handle)
..add('/reports', ALL_METHODS, new Reports(_connection).handle)
..add('/imports', ALL_METHODS, new Imports(_connection).handle)
..add('/vendors', ALL_METHODS, new Vendors(_connection).handle)
..get('/foo', (Request request) =>
new Response.ok("Doing foo as ${loggedInUsername(request)}\n"));
printRoutes(rootRouter);
Handler handler = const Pipeline()
.addMiddleware(fixCors)
.addMiddleware(logRequests())
.addMiddleware(exceptionResponse())
.addHandler(rootRouter.handler);
shelf_io.serve(handler, '127.0.0.1', '8080').then((server){
print('Serving as http://${server.address.host}:${server.port}');
});
}
我知道我可能遗漏了一些简单的东西,但似乎我应该在authenticate()函数的第一个参数中创建一些处理程序来创建defaultAuthMiddleware。我错过了什么?
答案 0 :(得分:1)
看起来这个问题出现在我的Auth课程中。 lookupByUsername函数根本找不到经过身份验证的用户,因为lookupByUsernamePassword函数将其存储在函数作用域而不是类作用域中,因为我的疏忽。
感谢您的帮助!
答案 1 :(得分:0)
我认为您需要将sessionMiddleware传递给其他路由,例如
..add('/invoices', ALL_METHODS, new Invoices(_connection).handle,
middleware: defaultAuthMiddleware)
也许有更好的方法,但这是我发现我的设置的主要区别,它可以正常工作。