如何从jsonwebtoken中排除router / api url

时间:2017-09-11 10:10:48

标签: node.js express json-web-token

我正在使用node.js express app。 jsonwebtoken 用于身份验证。我想从jsonwebtoken验证中排除一些api url。以下是我试过的和我的代码

router.use('/authentication', mountAllRoutes(authenticationModule));


// route middleware to verify a token
router.use((req, res, next) => {
const r = req;
const token = req.body.token || req.query.token || req.headers.authorization;
// decode token
if (token) {
    // verifies secret and checks exp
    jwt.verify(token, (req.app.get('superSecret')), (err, decoded) => {
        if (err) {
            // res.json({ success: false, message: 'Failed to authenticate token.' });
            res.status(401).send({
                success: false,
                message: 'Failed to authenticate token.'
            });
        } else {
            // if everything is good, save to request for use in other routes
            r.decoded = decoded;
            next();
            // console.log(decoded);
        }
        return {};
    });
} else {
    // if there is no token
    // return an error
    return res.status(403).send({
        success: false,
        message: 'No token provided.'
    });
}
return {};
});


router.use('/test', mountAllRoutes(testModule));
router.use('/other', mountAllRoutes(otherModule));
router.use('/data', mountAllRoutes(dataModule));

在这里,我已将路线放置在我不想保护的中间件之上。我已经放置了我想要保护的中间件。但它受到保护,我置于中间件之上。在 authenticationModule 中,登录和用户注册api到来。所以对于用户注册,它会给出响应没有提供令牌 postman request

注意:我已经重新注明了这个链接How-to-ignore-some-request-type-in-Jsonwebtoken

1 个答案:

答案 0 :(得分:0)

为您要排除的API创建单独的路径文件。

//Routes

  var users = require('./routes/users');
  var api = require('./routes/publicApi');

App.js:

//路由中间件以验证令牌

router.use((req, res, next) => {
const r = req;
const token = req.body.token || req.query.token || req.headers.authorization;
// decode token
if (token) {
    // verifies secret and checks exp
    jwt.verify(token, (req.app.get('superSecret')), (err, decoded) => {
        if (err) {
            // res.json({ success: false, message: 'Failed to authenticate token.' });
            res.status(401).send({
                success: false,
                message: 'Failed to authenticate token.'
            });
        } else {
            // if everything is good, save to request for use in other routes
            r.decoded = decoded;
            next();
            // console.log(decoded);
        }
        return {};
    });
} else {
    // if there is no token
    // return an error
    return res.status(403).send({
        success: false,
        message: 'No token provided.'
    });
}
return {};
});


app.use('/users', router);//will use Token Authentican
app.use('/publicApi', router);//Dont do this.
相关问题
最新问题