Question

我正在使用Adonis JS开发一个应用程序，我的身份验证问题。我打算为这个应用程序使用两种身份验证方案：basic和jwt。在auth.js文件中使用jwt设置authenticator字段

'use strict'

module.exports = {
  /*
  |--------------------------------------------------------------------------
  | Authenticator
  |--------------------------------------------------------------------------
  |
  | Authentication is a combination of serializer and scheme with extra
  | config to define on how to authenticate a user.
  |
  | Available Schemes - basic, session, jwt, api
  | Available Serializers - lucid, database
  |
  */
  authenticator: 'jwt',

  /*
  |--------------------------------------------------------------------------
  | Session
  |--------------------------------------------------------------------------
  |
  | Session authenticator makes use of sessions to authenticate a user.
  | Session authentication is always persistent.
  |
  */
  session: {
    serializer: 'lucid',
    model: 'App/Models/User',
    scheme: 'session',
    uid: 'email',
    password: 'password'
  },

  /*
  |--------------------------------------------------------------------------
  | Basic Auth
  |--------------------------------------------------------------------------
  |
  | The basic auth authenticator uses basic auth header to authenticate a
  | user.
  |
  | NOTE:
  | This scheme is not persistent and users are supposed to pass
  | login credentials on each request.
  |
  */
  basic: {
    serializer: 'mongoose',
    model: 'App/Models/User',
    token: 'App/Models/Token',
    scheme: 'basic',
    uid: 'email',
    password: 'password'
  },

  /*
  |--------------------------------------------------------------------------
  | Jwt
  |--------------------------------------------------------------------------
  |
  | The jwt authenticator works by passing a jwt token on each HTTP request
  | via HTTP `Authorization` header.
  |
  */
  jwt: {
    serializer: 'mongoose',
    model: 'App/Models/User',
    token: 'App/Models/Token',
    scheme: 'jwt',
    uid: 'email',
    password: 'password',
    options: {
      secret: 'self::app.appKey'
    }
  },

  /*
  |--------------------------------------------------------------------------
  | Api
  |--------------------------------------------------------------------------
  |
  | The Api scheme makes use of API personal tokens to authenticate a user.
  |
  */
  api: {
    serializer: 'lucid',
    model: 'App/Models/User',
    scheme: 'api',
    uid: 'email',
    password: 'password'
  }
}

路线定义如下：

'use strict'

const Route = use('Route')

Route.post('/login', 'UserController.login').middleware('auth:basic')
Route.post('/register', 'UserController.register')
// Route.post('/logout', 'UserController.logout').middleware('auth')
Route.get('/users/me', 'UserController.me').middleware('auth')

如您所见，/ login使用基本身份验证，/ me使用jwt

控制器是：

'use strict'

const User = use('App/Models/User')
const Logger = use('Logger')

class UserController {

  async login({ request, auth, response }) {
    const { email, password } = await auth.getUser()
    Logger.info(email, password)
    const { token } = await auth.attempt(email, password)
    response.status(200).send({ token })
  }

  async register({ request, auth, response }) {
    const { email, password, fullName } = request.post()
    const user = await User.create({ email, password, fullName })
    response.status(201).send('ok')
  }

  async me({ request, auth, response }) {
    response.status(200).send(auth.user)
  }

}

module.exports = UserController

当我使用Postman进行测试时，我收到此错误：

显然即使基本身份验证有效，当我尝试获取auth对象的用户时，它告诉我没有jwt。由于我可以解决这个问题，目的是通过登录为其他路由生成jwt。谢谢。

Answer 1

您应该在中间件中传递“ guest”以验证用户是否未通过身份验证

https://adonisjs.com/docs/4.1/authentication#_guest_middleware

使用Adonis JS在不同路由中使用basic和jwt身份验证

1 个答案: