JWT战略总是返回Unauthorized

时间:2017-02-22 17:51:13

标签: node.js passport.js jwt

我一直在尝试使用JWT和护照为我的应用添加授权。当地战略似乎没有任何问题,但JWT战略似乎并没有奏效。

我的 Passport.js 文件

import passport from 'passport';
import User from '../models/regusers.model';
import config from '../config';
import jwtstrategy from 'passport-jwt';
import extractjwt from 'passport-jwt';
import LocalStrategy from 'passport-local';

const JwtStrategy = jwtstrategy.Strategy;
const ExtractJwt = extractjwt.ExtractJwt;

const localOption = {usernameField:'email'};

// create local Strategy
const localLogin = new LocalStrategy(localOption,(email,password,done)=>{
    //verify this username and password, call done true if true or false
    User.findOne({email:email},(err,user)=>{
       if(err){ return done(err);}
       if(!user){ return done(null,false);}

       // compare Password - is 'password' equal to user.password
       user.comparePassword(password,function(err,isMatch){
          if(err){ return done(err); }
          if(!isMatch) { return done(null,false); }

          return done(null,user);
       });
    });
});

// setup options for JWT Strategy
const jwtOptions = {
  jwtFromRequest:ExtractJwt.fromHeader('Authorization'),
  secretOrKey:config.secret
};

// Create JWT Strategy
const jwtLogin = new JwtStrategy(jwtOptions,function(payload,done){
   // see if user id in payload exists in our db
   //if it does, call done with that other
   //otherwise, call done without a user obejct
   User.findById(payload.sub,(err,user)=>{
      if(err){ return done(err,false); }

      if(user){
        done(null,user);
      }else{
        done(null,false);
      }

   });
});

passport.use(jwtLogin);
passport.use(localLogin);

我的 authentication.js 文件

import User from '../models/regusers.model';
import jwt from 'jwt-simple';
import config from '../config';
import bcrypt from 'bcrypt-nodejs';

let tokenForUser = (user) =>{
    const timpestamp = new Date().getTime();
    return jwt.encode({sub:user.id,iat:timpestamp},config.secret);
}


let login = (req,res,next) => {
      //User has already had their email and password auth'd
      //We just need to give them a token
      res.send({token:tokenForUser(req.user),unu:req.user.uname});
}

let signup = (req,res,next) => {

    const fname = req.body.fname;
    const lname = req.body.lname;
    const uname = req.body.uname;
    const email = req.body.email;
    const password =req.body.password;

    if(!email || !password){
       return res.status(422).send({error:'You must provide email and password'});
    }

    // See if a user with the given email exists
    User.findOne({email: email },(err,user)=>{
        if(err){
          return next(err);
        }
        //If a user with email does exists, return an erorr
        if(user){
          return res.status(422).send({error:'Email is in use'});
        }
        //if user with email does not exists,create and save user
        const newuser = new User({
          fname:fname,
          lname:lname,
          uname:uname,
          email:email,
          password:password
        });


        newuser.save((err)=>{
            if(err){ return next(err);}
            res.json({token:tokenForUser(newuser)});
            // res.json({success:'true'});
        });


    });
}

module.exports.signup = signup;
module.exports.login = login;

我使用认证中间件的路线

import Authentication from '../auth/auth';
import passportService from '../services/passport';
import passport from 'passport';


const requireAuth = passport.authenticate('jwt',{session:false});
const requireLogin = passport.authenticate('local',{session:false});

const user = (app) => {

    app.get('/user',requireAuth,function (req,res){
        res.json({hi:'there'});
    });

    app.post('/login',requireLogin,Authentication.login);

    app.post('/signup',Authentication.signup);
}

export default user;

当我向用户路线发出获取请求时,我将其作为未经授权的任何原因。

0 个答案:

没有答案