我想我已经在编写过程中解决了这个问题,基本上解决的方法是:
将静态文件处理程序移至use()的另一个实例上方
尽管可以肯定这是一种可接受的方法,但在类似情况下可能会帮助其他人。
期望的行为
将use()实例应用于除以下处理的路由之外的所有路由:
app.use(express.static("dist"));
实际行为
use()应用于所有路线,包括由以下路线处理的路线:
app.use(express.static("dist"));
场景
为了保护对API的访问,我使用的是此Lynda.com教程中描述的模型:
Node.js: Securing RESTful APIs
在伪代码中,该模型实质上包括:
use()实例,用于检查是否已发送jwt令牌req.user属性设置为undefined req.user属性设置为解码的jwt值req.user的值执行条件行为此模型对于所有意图和目的均适用。
但是,我最近添加了一些控制台日志记录,可以看到两者都在进行验证:
app.use(express.static("dist")) per this convention投放的静态文件(异常行为)问题
如何将验证use()实例应用于除app.use(express.static("dist"))处理的路由之外的所有路由。
我尝试过的事情
我认为我已通过将代码2下方的代码部分1移至此位置来解决此问题。
// 01. verification use() called on all requests
app.use((req, res, next) => {
// if jwt authorisation has been sent in headers, verify it
if (req.headers && req.headers.authorization && req.headers.authorization.split(' ')[0] === 'JWT') {
console.log("jwt verification sent, verifying...");
try {
// this is synchronous as it has no callback
req.user = jsonwebtoken.verify(req.headers.authorization.split(' ')[1], 'RESTFULAPIs');
console.log("jwt verified, will return decoded value");
} catch (err) {
req.user = undefined;
console.log("jwt verification failed, user will remain undefined: " + err);
}
// move to the next piece of middleware
next();
}
// if jwt authorisation has not been sent in headers
else {
console.log("jwt verification not sent, leaving user as undefined");
console.log(req.originalUrl);
req.user = undefined;
// move to the next piece of middleware
next();
}
});
// 02. use() for serving static files
app.use(express.static("dist"));
// 03. middleware to check if login has been verified
const api_login_required = (req, res, next) => {
// if token verification was successful and the user property exists
if (req.user) {
// move to the next piece of middleware
next();
}
// otherwise, return unauthorised user message
else {
res.json({ verification: 0 });
}
}
// 04. middleware called in route handlers
app.route("/api/:api_version/users/private_data")
.get(api_login_required, api_users_private_data_get)
.post(api_login_required, api_users_private_data_post);
答案 0 :(得分:0)
中间件始终控制他们编写的顺序,从“开始”到“按钮”。喜欢
if (example 1)code like
app.use((req,res, next)=>{// middleware 1; next()} )
app.get('/rot1', (req, res)=> res.status(200).send('route 1'));
app.get('/rot2', (req, res)=> res.status(200).send('route 2'));
In this case, middleware appears in both route1, route because of middleware set at the top of the route.
If (example 2)code like
app.use((req,res, next)=>{// middleware 1; next()} )
app.get('/rot1', (req, res)=> res.status(200).send('route 1'));
app.use((req,res, next)=>{// middleware 2; next()} )
app.get('/rot2', (req, res)=> res.status(200).send('route 2'));
Here middleware1 applied in both route1 and route 2
But middleware2 applied only on route2.
But you can also define specific middleware for each route
function middleware1(req, res, next){
next();
}
function middleware2(req, res, next){
next();
}
app.get('/rot1', middleware1, (req, res)=> res.status(200).send('route 1'));
app.get('/rot2', middleware2, (req, res)=> res.status(200).send('route 2'));
Here middleware1 only applied on route1 and middleware2 only applied on route2.
也许上面的解释对您有帮助!