我在这里看了其他解决方案无济于事。我希望有人可以帮助我。
基本上我正在使用本教程实现JWT - https://scotch.io/tutorials/authenticate-a-node-js-api-with-json-web-tokens
我有一个Angular2前端,然后是后面的节点服务器。我需要在前端登录,这将调用节点服务,该服务将查询我的活动目录,然后返回用户是否有效。然后我想将令牌传递到前面,然后将该令牌用于每个后续请求。由于这个错误,我还没有达到我再次传回令牌的那一点。
这是我的loginRoutes.js:
module.exports = function (app) {
var service = require('../services/authService');
var constants = require('../constants');
var jwt = require('jsonwebtoken'); // used to create, sign, and verify tokens
var config = require('../config'); // get our config file
var bodyParser = require('body-parser');
var express = require('express');
var apiRoutes = express.Router();
app.use(function(req, res, next) {
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,PATCH');
res.header('Access-Control-Allow-Credentials', true);
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, x-access-token,");
if ('OPTIONS' === req.method) {
res.send(200);
} else {
next();
}
next();
});
function login(user, callback) {
service.login(user.username, user.password, function(response) {
if(response) {
return callback(true);
}
else {
return callback(false);
}
});
}
apiRoutes.post(constants.API_ROOT+ '/authenticate', function(req, res) {
// find the user
var userToAuth = req.body;
login(userToAuth, function(authStatus) {
if (!authStatus) {
res.json({ success: false, message: 'Authentication failed. User not found or invalid credentials.' });
} else {
var token = jwt.sign(userToAuth, app.get('ourSecret'), {
expiresIn: 86400 // expires in 24 hours
});
// return the information including token as JSON
res.json({
success: true,
token: token
});
}
} );
});
apiRoutes.use(function(req, res, next) {
// check header or url parameters or post parameters for token
var token = req.body.token || req.query.token || req.headers['x-access-token'];
// decode token
if (token) {
jwt.verify(token, app.get('ourSecret'), function(err, decoded) {
if (err) {
return res.json({ success: false, message: 'Failed to authenticate token.' });
} else {
// if everything is good, save to request for use in other routes
req.decoded = decoded;
next();
}
});
} else {
// if there is no token
// return an error
return res.status(403).send({
success: false,
message: 'No token provided.'
});
}
});
//need token for all routes below this
app.get(constants.API_ROOT + '/test', function(req, res) {
res.json({ message: 'Token valid' });
});
app.use('/api', apiRoutes);
}
我的服务(可能稍微多余,但稍后会重构):
var ActiveDirectory = require('activedirectory');
var config = require('../config'); // get our config file
var ad = new ActiveDirectory(config);
module.exports = {
login : login
}
function login(username,password, callbackFunc) {
ad.authenticate(username, password, function(err, auth) {
if (auth) {
return callbackFunc(auth);
}
else {
return callbackFunc(auth);
}
});
}
登录路由中的此行正在抛出错误:
return res.status(403).send({
success: false,
message: 'No token provided.'
});
非常感谢任何帮助!
编辑:可能是相关的 - 据我所知,验证路由的教程不应该由检查令牌的方法覆盖,但它是造成问题的方法。