尝试使用passport-JWT实现登录。注册和登录工作都很好,令牌在登录时生成并发送到存储并返回的客户端。
登录验证请求到达app后没有任何反应..帮助? :)
JWT战略
var JwtStrategy = require('passport-jwt').Strategy,
ExtractJwt = require('passport-jwt').ExtractJwt;
var opts = {}
opts.jwtFromRequest = ExtractJwt.fromAuthHeader();
opts.secretOrKey = 'secret';
opts.issuer = "http://localhost:3000";
opts.audience = "http://localhost:3000";
passport.use('jwt', new JwtStrategy(opts, function(jwt_payload, done) {
console.log(1)
return User
.findOne({where : {username : jwt_payload.email } })
.then(function (user) {
if(user === null){
return TempUser
.findOne({where : {username : jwt_payload.email } })
.then(function(user){
return user === null ?
done(null, false, 'login error, please try again') :
done(null, false, 'email verification needed');
});
} else {
if (bcrypt.compareSync(password, user.dataValues.password)){
done(null, user);
} else {
done(null, false, 'login error, please try again');
}
}
});
}));
路线
router.get('/login/check', function(req, res, next) {
passport.authenticate('jwt', function(err, user, info) {
console.log(err)
res.json({'success' : true});
})
})
客户端返回的req.query
GET /login/check?%22eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJzaGFpLmthcGx1bkBnbWFpbC5jb20iLCJwYXN
zd29yZCI6IiQyYSQxMCQ0YXpvSlVLMkltUkl3YWo0Uzlqd1RPVXh0RWIwYWphNW92UjRvUnV1QUFRdnJ5Z3g5cWttNiIsImNyZWF0ZWRBdCI6IjIwMTYtMDg
tMDdUMTM6MjI6NDYuMzUyWiIsInVwZGF0ZWRBdCI6IjIwMTYtMDgtMDdUMTM6MjI6NTkuOTExWiIsImlhdCI6MTQ3MDY1NzY0MCwiZXhwIjoxNDcwNzU3NjQ
wfQ.hyHDcmzJne-d6roRXBgC9aQDeZzQPgpkWWOZicQNc8c%22 - - ms - -
答案 0 :(得分:1)
您告诉Passport-JWT查看JWT的授权标头,但您似乎正在尝试将JWT作为查询字符串传递。
尝试发送标头: 身份验证:“JWT”+令牌
我实际上为此编写了一个前端和后端的教程,您可能会觉得有用。
http://blog.slatepeak.com/refactoring-a-basic-authenticated-api-with-node-express-and-mongo/
http://blog.slatepeak.com/build-a-react-redux-app-with-json-web-token-jwt-authentication/