如何使用shelf_auth库验证已建立的会话?

时间:2015-02-06 21:16:03

标签: dart dart-shelf

我一直在尝试编写一个接受用户名/密码凭据的简单服务器,验证它们,然后为客户端创建一个JWT令牌,然后用它们来访问某些路由。我能够做到一切,直到在服务器端接收和验证客户端的JWT。

void main() {
//use Jwt based sessions and create the secret using a UUID
JwtSessionHandler sessionHandler = 
    new JwtSessionHandler('ffl_sales_server', new Uuid().v4(), 
    auth.lookupByUsername);

  //allow http for testing with curl, do not use in production
  bool allowHttp = true;

  final Map<String, String> headers = 
    {'Access-Control-Allow-Origin': 'http://192.168.100.83:3030',
     "Access-Control-Expose-Headers": "Authorization",
     "Access-Control-Allow-Credentials" : "true",
     "Access-Control-Allow-Headers" : "Authorization"};

  //fix the cors headers 
  Response options(Request request) => (request.method == 'OPTIONS') ?
      new Response.ok(null, headers: headers) : null;
  Response cors(Response response) => 
      response.change(headers: headers);
  Middleware fixCors = createMiddleware(requestHandler: options, 
      responseHandler: cors);

  // authentication middleware for a login handler (post)
  Middleware loginMiddleware = authenticate(
      [new UsernamePasswordAuthenticator(lookupByUsernamePassword)],
      sessionHandler: sessionHandler, allowHttp: allowHttp, 
      allowAnonymousAccess: false);

  // authentication middleware for routes other than login that 
  // require a logged in user
  // here we are relying solely on users with a session established  
  // via the login route
  Middleware defaultAuthMiddleware = authenticate(
      [],sessionHandler: sessionHandler, allowHttp: true, 
      allowAnonymousAccess: false);

  Router rootRouter = router(handlerAdapter: handlerAdapter()); 

  //the route where the login credentials are posted
  rootRouter.post('/login', (Request request) => new Response.ok('SUCCESS'), middleware: loginMiddleware);

  //the routes which require an authenticated user
  rootRouter.child('/authenticated', 
      middleware: defaultAuthMiddleware)
    ..add('/users', ALL_METHODS, new Users(_connection).handle)
    ..add('/stores', ALL_METHODS, new Stores(_connection).handle)
    ..add('/departments', ALL_METHODS, new Departments(_connection).handle)
    ..add('/invoices', ALL_METHODS, new Invoices(_connection).handle)
    ..add('/reports', ALL_METHODS, new Reports(_connection).handle)
    ..add('/imports', ALL_METHODS, new Imports(_connection).handle)
    ..add('/vendors', ALL_METHODS, new Vendors(_connection).handle)
    ..get('/foo', (Request request) => 
         new Response.ok("Doing foo as ${loggedInUsername(request)}\n"));

  printRoutes(rootRouter);

  Handler handler = const Pipeline()
      .addMiddleware(fixCors)
      .addMiddleware(logRequests())
      .addMiddleware(exceptionResponse())
      .addHandler(rootRouter.handler);

  shelf_io.serve(handler, '127.0.0.1', '8080').then((server){
    print('Serving as http://${server.address.host}:${server.port}');
  });
}

我知道我可能遗漏了一些简单的东西,但似乎我应该在authenticate()函数的第一个参数中创建一些处理程序来创建defaultAuthMiddleware。我错过了什么?

2 个答案:

答案 0 :(得分:1)

看起来这个问题出现在我的Auth课程中。 lookupByUsername函数根本找不到经过身份验证的用户,因为lookupByUsernamePassword函数将其存储在函数作用域而不是类作用域中,因为我的疏忽。

感谢您的帮助!

答案 1 :(得分:0)

我认为您需要将sessionMiddleware传递给其他路由,例如

 ..add('/invoices', ALL_METHODS, new Invoices(_connection).handle, 
     middleware: defaultAuthMiddleware)

也许有更好的方法,但这是我发现我的设置的主要区别,它可以正常工作。