使用json文件在nodejs中进行自定义身份验证

时间:2017-12-04 12:11:18

标签: javascript json node.js authentication

我有一些api,我需要为管理员和用户进行自定义身份验证。 Json文件将拥有用户和admin的权限。这些是代码文件。我正在做的是正确的方式吗?这里没有进入getUSers函数,因为它在authAdminauthUser中被触及。 请帮助

router.js
router.get('/getUsers',testAuth, getUsers);

data.json
{
    "data": {
    admin": {
            "read": true,
            "write": true
    },
    "user": {
            "read": true,
            "write": false
    }
}
}

authentication.js
exports.testAuth = function(req, res, next) {
    var token = req.query.token;
    if (!token) {
        return res.status(401).send({
            error: 'please give token'
        });
    } else {
        db.query('select * from users where token = $1 AND "tokenExpires" > $2', [token, moment().utc().toDate()], function(err, user) {
            if (err) return next(err);
            if (user.rows.length == 0) {
                return res.status(401).send({
                    error: "User not found"
                })
            } else {
                if(user.rows[0].name == 'admin'){
                    exports.authAdmin();
                }
                if(user.rows[0].name == 'user'){
                    exports.authUser();
                }

            }
        })
    }
}

var authAdmin = function(req, res, next) {
    if(data.admin.read != true && data.admin.write != true){
        return res.status(401).send({
                error: "Please Login"
            })
    }else{
         next(); 
    }             
}

var authUser = function(req, res, next) {
    if(data.user.read != true && data.user.write != true){
        return res.status(401).send({
                error: "Please Login"
            })
    }else{
        return next(); 
    }  
}

exports.authAdmin = authAdmin;
exports.authUser = authUser;

1 个答案:

答案 0 :(得分:-1)

router.js
router.get('/getUsers',testAuth, getUsers);

data.json
{
    "data": {
    admin": {
            "read": true,
            "write": true
    },
    "user": {
            "read": true,
            "write": false
    }
}
}

authentication.js
exports.testAuth = function(req, res, next) {
    var token = req.query.token;
    if (!token) {
        return res.status(401).send({
            error: 'please give token'
        });
    } else {
        db.query('select * from users where token = $1 AND "tokenExpires" > $2', [token, moment().utc().toDate()], function(err, user) {
            if (err) return next(err);
            if (user.rows.length == 0) {
                return res.status(401).send({
                    error: "User not found"
                })
            } else {
                if(user.rows[0].name == 'admin'){
                    authAdmin(req,res,next);
                }
                if(user.rows[0].name == 'user'){
                    authUser(req,res,next);
                }

            }
        })
    }
}

var authAdmin = function(req, res, next) {
    if(data.admin.read != true && data.admin.write != true){
        return res.status(401).send({
                error: "Please Login"
            })
    }else{
         next(); 
    }             
}

var authUser = function(req, res, next) {
    if(data.user.read != true && data.user.write != true){
        return res.status(401).send({
                error: "Please Login"
            })
    }else{
        return next(); 
    }  
}

exports.authAdmin = authAdmin;
exports.authUser = authUser;
相关问题
最新问题