如何解决Passport-jwt令牌未授权错误?

时间:2019-02-11 06:10:48

标签: node.js jwt

使用JWT进行身份验证时,我始终遇到“未经授权”错误。下面是我的控制器代码:

exports.loginPost = async (req, res) => {
  winston.info('Calling loginPost()...');

  passport.authenticate('local', { session: false }, (err, user, info) => {
    if (err) {
      return utils.errorHandler(res, err);
    } else if (!user) {
      return utils.errorHandler(res, {
        statusCode: 403,
        message: 'Incorrect username or password.'
      });
    } 
    const token = jwt.sign(user, sharedSecret, { expiresIn: '24h' });
    //req.user = user;
    return res.json({ user, token });
    // req.login(user, { session: false }, (err) => {
    //   if (err) {
    //     res.send(err);
    //   }
    //   // generate a signed json web token with the contents of user object and return it in the response
    //   const token = jwt.sign(user, sharedSecret, { expiresIn: '24h' });
    //   //req.user = user;
    //   return res.json({ user, token });
    // });
  })(req, res);
};

exports.isUserLoggedIn = async (req, res) => {
  let login  = {"message": "all good !"}
  console.log(req)
  return res.status(200).json(login);
  //return res.status(200).json(req.user);
};

和passport.js策略脚本如下:

passport.use(new LocalStrategy({
  usernameField: 'username',
  passwordField: 'password'
}, async function (username, password, cb) {
  //this one is typically a DB call. Assume that the returned user object is pre-formatted and ready for storing in JWT
  try {
    let user = await userService.getUserWithPassword(username, password);
    console.log("passport.js: ",user);

    if (!user || user.walletKey !== password) {
      throw { statusCode: 403, message: 'Incorrect username or password.' };
    }
    
    // // purge password field
    // delete user.currentPassword;

    return cb(null, user, { message: 'Logged In Successfully' });
  } catch (err) {
    cb(err);
  }
}));

passport.use(new JWTStrategy({
  jwtFromRequest: ExtractJWT.fromAuthHeaderAsBearerToken(),
  secretOrKey: sharedSecret,
  passReqToCallback: true
},
  async function (req, jwtPayload, cb) {
    // Return user object from the JWTPayload
    try {
      let user = await userService.getUserWithPassword(jwtPayload.walletName, jwtPayload.walletKey);
      console.log("passport.js: ",user);
      req.user = user
      return cb(null, user); //jwtPayload
    } catch(err){
      return cb(err,false);
    }
    
  }
));

我能够成功生成令牌,但是,使用Bearer Token调用isUserLoggedIn方法时,提示我unauthorized错误。我不是在进行传统的db调用来登录,而是在Hyperledger-Indy池节点中创建帐户。在Node.js应用程序上使用swagger Express中间件。 在下面添加isUserLoggedIn方法脚本:

exports.isUserLoggedIn = async (req, res) => {
  //let login  = {"message": "all good !"}
  console.log(req)
  return res.status(200).json(req.user);
  //return res.status(200).json(req.user);
};

0 个答案:

没有答案
相关问题
最新问题