How to get express route to go through passport for authentification
I'm recently changing a boilerplate I made in es6 to a slightly older version es5. I had to recreate the export, require instead of using imports and the routing is functional now.
I have a structure like this:
index.js (app)
api/index.js (/api endpoint)
api/auth.js (/api/auth endpoint)
api/protected.js (/api/protected endpoint)
In my auth route I have the login and register functionning and generating a token:
const token = jwt.sign({id: req.body.username}, config.jwtSecret)
In my protected.js I have the following:
const express = require('express');
const router = express.Router();
const passport = require('../config/passport');
router.use(passport.initialize({ session: false }));
router.use(passport.session());
router.get('/test', passport.authenticate('jwt') , (req, res) => {
res.status(200).json({ message: 'Hello sweetie', auth: req.isAuthenticated(), user: req.session.passport.user})
});
module.exports = router;
And in my passport.js
const
passport = require('passport'),
config = require('./../config'),
passportJwt = require('passport-jwt'),
JwtStrategy = passportJwt.Strategy,
ExtractJwt = passportJwt.ExtractJwt,
userSchema = require('./../schemas/userSchema');
passport.serializeUser(function(user, done) {
console.log(JSON.stringify(user));
done(null, user[0].username);
});
passport.deserializeUser(function(username, done) {
console.log('DESER -- '+username);
userSchema.checkUsername(username)
.then(user => {
console.log(user[0]);
done(null, user[0]);
})
.catch(err =>{
console.log(JSON.stringify(err));
});
});
const jwtOptions = {
secretOrKey: config.jwtSecret,
jwtFromRequest: ExtractJwt.fromHeader('authorization'),
}
passport.use('jwt', new JwtStrategy(jwtOptions, function(jwt_payload, done) {
console.log('Strategy: '+ jwt_payload.id);
userSchema.checkUsername(jwt_payload.id)
.then(user => {
console.log(user[0].username);
if(user[0]) return done(null, user)
else return done(null, false)
})
.catch(err =>{
console.log(JSON.stringify(err));
});
}));
module.exports = passport;
The problem is when I try to access: 127.0.0.1:8080/api/protected/test
with the token I got on login it give me a: Unauthorized
Furthermore the console.log inside the:
- serializeUser
- deserializeUser
- jwt Strategy
Are never shown and thus I think the passport middleware isn't used.
How could I get the /protected routes to use the passport middleware?
Edit: I have tried printing the passport object and I can see my jwt strategy is indeed defined. So I don't see why it doesn't want to go through it.
1 个答案:
答案 0 :(得分:5)
问题是您的护照正在寻找authorization标题而不是Authorization标题。
更改您的
jwtFromRequest: ExtractJwt.fromHeader('authorization')
到
ExtractJwt.fromAuthHeaderAsBearerToken()
所以您的选择看起来像
const jwtOptions = {
secretOrKey: config.jwtSecret,
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
}
现在这是护照的操作,将查找具有值Authorization的{{1}}标题。
https://www.npmjs.com/package/passport-jwt
- Nodejs - 使用redis DB为express应用程序提供护照oauth2身份验证
- Node.js通过Apache-Redirect代理进行Passport身份验证
- Passport无法为本地身份验证添加参数
- 如何使用Passport保护路由端点?
- 如何用passport-jwt验证路由?
- 针对特定路由的特殊Passport身份验证
- 在API上使用哈希密码对护照进行简单身份验证
- How to get express route to go through passport for authentification
- 一条路线的多种护照策略
- 如何在ExpressJS路由中使用Laravel护照中间件?
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?