我正在尝试使用express-jwt-permissions保护API路由,但无法使用保护语法“ guard.check('user')”。我已经成功使用了{-{3}},它是express-jwt-permissions的基础。
一个有趣的事实是express-jwt需要将JWT_SECRET分配给它,而express-jwt文档上却没有说明来理解这种相互作用,或者也许缺少一些示例?
我当前的代码如下:
print('''You will have to enter a file name
Once the file name has been entered, the program will then print out your ASCII art''')
file_name = input('Enter file name: ')
with open(file_name) as file_handle:
for line in file_handle:
print(line)
我成功地从“ api / auth”端点检索了JWT令牌。
/////////////////////////////////////////////
// auth.ts - Auth and set user permissions
/////////////////////////////////////////////
router.post('/', async (request, response, next) => {
const {email, password} = request.body
try {
// Authenticate
const user = await authenticate(email, password)
user.permissions = ['user'] // set the express-jwt-permissions here
// Create JWT token
let token = jwt.sign(user.toJSON(), process.env.JWT_SECRET, {
expiresIn: '60m'
})
let {iat, exp} = jwtDecode(token)
// Respond with token
response.status(HttpStatus.OK).send({iat, exp, token})
...
然后,我尝试使用Bearer Token,OAuth2,带/不带'jwt'等前缀的令牌进行授权,但是似乎没有任何东西可以绕过'api / registry'上的路由防护。
{
"iat": 1559650778,
"exp": 1559654378,
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwZXJtaXNzaW9ucyI6WyJ1c2VyIl0sIl9pZCI6IjVjZjUyZjc1NDA4MTk0YWI1MGZlMWNkNiIsIm5hbWUiOiJHYXJ5IFBhbHVrIiwiZW1haWwiOiJnYXJ5QHBsdWdpbi5pbyIsInVzZXJuYW1lIjoiZ2FyeSIsInBhc3N3b3JkIjoiJDJhJDEwJEt1U1NUQXowd1MxNU5tRjRVQjZQb2VMTC5Ya1phZkc5Sm9xVkVRWnZZcHFkTFNrZXliTU1lIiwidXBkYXRlZEF0IjoiMjAxOS0wNi0wM1QxNDozMjoyMS4zMDlaIiwiY3JlYXRlZEF0IjoiMjAxOS0wNi0wM1QxNDozMjoyMS4zMDlaIiwiX192IjowLCJpYXQiOjE1NTk2NTA3NzgsImV4cCI6MTU1OTY1NDM3OH0.qnfH_OHq2YqaKCRIbwtw788SQC51F8PJESRCf3Nlrak"
}
结果:
/////////////////////////////////////////////
// server.ts - API auth routes
/////////////////////////////////////////////
server.use(
'/api/registry',
guard.check('user'),
require('./api/v1/registry')
)
server.use('/api/auth', require('./api/v1/auth'))
...
预期结果是我可以使用JWT令牌作为承载令牌/ OAuth2对'/ api / registry'进行API调用?那应该让我通过路线守卫。
谢谢