发送后无法设置标头

时间:2016-10-29 22:41:32

标签: javascript node.js http-headers httpresponse

我在这里看了其他解决方案无济于事。我希望有人可以帮助我。

基本上我正在使用本教程实现JWT - https://scotch.io/tutorials/authenticate-a-node-js-api-with-json-web-tokens

我有一个Angular2前端,然后是后面的节点服务器。我需要在前端登录,这将调用节点服务,该服务将查询我的活动目录,然后返回用户是否有效。然后我想将令牌传递到前面,然后将该令牌用于每个后续请求。由于这个错误,我还没有达到我再次传回令牌的那一点。

这是我的loginRoutes.js:

module.exports = function (app) {
var service = require('../services/authService');
var constants = require('../constants');
var jwt    = require('jsonwebtoken'); // used to create, sign, and verify tokens
var config = require('../config'); // get our config file
var bodyParser     = require('body-parser');
var express = require('express');

var apiRoutes = express.Router();

app.use(function(req, res, next) {
    res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,PATCH');
    res.header('Access-Control-Allow-Credentials', true);
    res.header("Access-Control-Allow-Origin", "*");
    res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, x-access-token,");
    if ('OPTIONS' === req.method) {
        res.send(200);
    } else {
        next();
    }
    next();
});

function login(user, callback) {
        service.login(user.username, user.password, function(response) {
            if(response) {
                return callback(true);
            }
            else {
                return callback(false);
            }
        });
}

apiRoutes.post(constants.API_ROOT+ '/authenticate', function(req, res) {


    // find the user
    var userToAuth = req.body;

    login(userToAuth, function(authStatus) {
        if (!authStatus) {
            res.json({ success: false, message: 'Authentication failed. User not found or invalid credentials.' });
        } else {
            var token = jwt.sign(userToAuth, app.get('ourSecret'), {
                expiresIn: 86400 // expires in 24 hours
            });

            // return the information including token as JSON
            res.json({
                success: true,
                token: token
            });
        }

    } );

});

apiRoutes.use(function(req, res, next) {

    // check header or url parameters or post parameters for token
    var token = req.body.token || req.query.token || req.headers['x-access-token'];

    // decode token
    if (token) {

        jwt.verify(token, app.get('ourSecret'), function(err, decoded) {
            if (err) {
                return res.json({ success: false, message: 'Failed to authenticate token.' });
            } else {
                // if everything is good, save to request for use in other routes
                req.decoded = decoded;
                next();
            }
        });

    } else {
        // if there is no token
        // return an error
        return res.status(403).send({
            success: false,
            message: 'No token provided.'
        });

    }
});

//need token for all routes below this
app.get(constants.API_ROOT + '/test', function(req, res) {
    res.json({ message: 'Token valid' });
});






app.use('/api', apiRoutes);


}

我的服务(可能稍微多余,但稍后会重构):

var ActiveDirectory = require('activedirectory');
var config = require('../config'); // get our config file

var ad = new ActiveDirectory(config);

module.exports = {
    login : login
}


function login(username,password, callbackFunc) {
    ad.authenticate(username, password, function(err, auth) {
            if (auth) {
                return callbackFunc(auth);
            }
            else {
                return callbackFunc(auth);
            }
    });

}

登录路由中的此行正在抛出错误:

 return res.status(403).send({
            success: false,
            message: 'No token provided.'
        });

非常感谢任何帮助!

编辑:可能是相关的 - 据我所知,验证路由的教程不应该由检查令牌的方法覆盖,但它是造成问题的方法。

0 个答案:

没有答案