查看用户是否已登录

时间:2019-08-27 18:50:44

标签: reactjs authentication jwt

我正在使用一些继承的代码,并且对JWT auth的工作方式不完全了解,所以请耐心等待。

我有一个登录页面,用户在其中输入密码以查看受保护的内容。然后将其定向到另一个页面。那部分很好。

如果其他页面输入了密码,我现在想做的就是在其他页面上显示内容。我尝试检查令牌,并使其显示在登录重定向的console.log中,但是当我查看其他页面时却没有显示。我知道它在那里,因为我可以在Cookie设置中看到它。

那么...如何检查它,以便可以有条件地在其他页面上显示内容?预先感谢。

    const jwt = require('jsonwebtoken');
    const exjwt = require('express-jwt');

    module.exports = {
      // INstantiating the express-jwt middleware
      loginPost: function(req, res) {
        const jwtMW = exjwt({
          secret: 'keyboard cat 4 ever'
        });
        let users = [
          {
              id: 1,
              username: 'test1'

          },
          {
              id: 2,
              username: 'test2',
              password: 'asdf12345'
          }
        ];
        const { username, password } = req.body;
        // console.log("user" , username);
        // Use your DB ORM logic here to find user and compare password

        // Finds first username and password match in users array (assumes usernames are unique)
        var user = users.find(u => username == u.username );
        if (user) { // User credentials matched (are valid)
            let token = jwt.sign({ id: user.id, username: user.username }, 'keyboard cat 4 ever', { expiresIn: 129600 }); // Sigining the token
            res.json({
                sucess: true,
                err: null,
                token
            });
        } else { // User credentials did not match (are not valid) or no user with this username/password exists
            res.status(401).json({
                sucess: false,
                token: null,
                err: 'Username or password is incorrect'
            });
        }
      }
    };

    class Login extends Component {
        constructor() {
            super();
            this.handleChange = this.handleChange.bind(this);
            this.handleFormSubmit = this.handleFormSubmit.bind(this);
            this.decode = this.decode.bind(this);
            this.Auth = new AuthService();
        }
        render() {
            // console.log('this login', this);

            return (
                <Fragment>
                    <Grid textAlign='center' style={{ height: '475px', marginBottom: '300px' }} verticalAlign='middle'>
                        <Grid.Column style={{ maxWidth: 450}}>
                            <Header as='h3' textAlign='center' style={{ marginBottom: '30px', marginTop: '190px'}}>
                                {/* <Image src='/logo.png' />  */}
                                Please enter the password to view this content.
                            </Header>
                            <Form size='large' onSubmit={this.handleFormSubmit}>
                                <Segment raised>
                                    <Form.Input fluid icon='lock' type='password' name="username" iconPosition='left' placeholder='password' onChange={this.handleChange} />
                                    {/* <Form.Input
                                        fluid
                                        name="password"
                                        icon='lock'
                                        iconPosition='left'
                                        placeholder='Password'
                                        type='password'
                                        onChange={this.handleChange}
                                    /> */}

                                    <Button className="seeAllWinesBtn" size='small'>
                                        <p className="seeAllWinesText" fluid size='large'>
                                            Login
                                </p></Button>
                                </Segment>
                            </Form>
                            <Header as='h5' textAlign='center' style={{ marginTop: '50px', marginBottom: '100px'}}>
                                This section is for clients only. To gain access, contact your sales rep or the order desk at orders@winewise.biz.
                            </Header>
                            <Link to='/'>
                            <Button> Back to Home
                                </Button>
                                </Link>
                        </Grid.Column>
                    </Grid>
                </Fragment>
            );
        }

        handleChange(e) {
            this.setState(
                {
                    [e.target.name]: e.target.value
                }
            )
            // console.log(this);
        }

        handleFormSubmit(e) {
            e.preventDefault();

            this.Auth.login(this.state.username,this.state.password)
                .then(res =>{

                    // console.log('referrer', document.referrer);
                    // const redirRoute = document.referrer.split('://')[1].split('/');
                    // console.log("route:" , redirRoute);
                    const newLocation = sessionStorage.getItem('referrer');
                    sessionStorage.removeItem('referrer');
                this.props.history.replace(newLocation);
                //window.history.back();

                })
                .catch(err => {
                    alert(err);
                })
        }

        decode(e) {
            e.preventDefault();
            this.Auth.loggedIn()
        }
    }

    export default Login;

import decode from 'jwt-decode';
export default class AuthService {
    // Initializing important variables
    constructor() {
        this.fetch = this.fetch.bind(this) // React binding stuff
        this.login = this.login.bind(this)
        this.getProfile = this.getProfile.bind(this)
    }

    login(username, password) {
        // Get a token from api server using the fetch api
        // console.log('logindomain', this.domain);
        return this.fetch(`/api/login`, {
            method: 'POST',
            body: JSON.stringify({
                username,
                password
            })
        }).then(res => {
            this.setToken(res.token) // Setting the token in localStorage
            return Promise.resolve(res);
        })
    }

    loggedIn() {
        // Checks if there is a saved token and it's still valid
        const token = this.getToken() // GEtting token from localstorage
        // console.log('token', token);
        const loggedIn = !!token && !this.isTokenExpired(token);
        !loggedIn && !sessionStorage.getItem('referrer') && sessionStorage.setItem('referrer', window.location.pathname);
        return loggedIn; // handwaiving here
    }

    isTokenExpired(token) {
        try {
            const decoded = decode(token);
            // console.log("decoded", decoded);
            if (decoded.exp < Date.now() / 1000) { // Checking if token is expired. N
                return true;
            }
            else
                return false;
        }
        catch (err) {
            return false;
        }
    }

    setToken(idToken) {
        // Saves user token to localStorage
        localStorage.setItem('id_token', idToken)
    }

    getToken() {
        // Retrieves the user token from localStorage
        return localStorage.getItem('id_token')
    }

    logout() {
        // Clear user token and profile data from localStorage
        localStorage.removeItem('id_token');
    }

    getProfile() {
        // Using jwt-decode npm package to decode the token
        return decode(this.getToken());
    }


    fetch(url, options) {
        // performs api calls sending the required authentication headers
        const headers = {
            'Accept': 'application/json',
            'Content-Type': 'application/json'
        }

        // Setting Authorization header
        // Authorization: Bearer xxxxxxx.xxxxxxxx.xxxxxx
        if (this.loggedIn()) {
            headers['Authorization'] = 'Bearer ' + this.getToken()
        }

        return fetch(url, {
            headers,
            ...options
        })
            .then(this._checkStatus)
            .then(response => response.json())
    }

    _checkStatus(response) {
        // raises an error in case response status is not a success
        if (response.status >= 200 && response.status < 300) { // Success status lies between 200 to 300
            return response
        } else {
            var error = new Error(response.statusText)
            error.response = response
            throw error
        }
    }
}

1 个答案:

答案 0 :(得分:0)

正如您在评论中提到的那样,最常见的解决方案之一是将令牌存储在浏览器的localStorage中,然后可以使用localStorage.getItem(item-name)进行访问。但是,您必须在服务器上验证该令牌,以确保该令牌尚未过期并且是有效的令牌,因此您需要在后端使用某种服务来接受该令牌,然后对其进行验证并返回其状态,以便您可以决定前端的渲染/访问。