我在Node JS中进行了登录。在邮递员中进行了测试。完美运作。 现在,我需要使用界面将其集成到客户端。在POST API中发送jwt令牌后,如何获取令牌并在客户端将其设置为标头? 还是可以在服务器端设置标头?这就是我尝试过的。我只是不知道该怎么做。
app.post('/auth', function(request, response) {
var username = request.body.username;
var password = request.body.pass;
if (username && password) {
db.query('SELECT * FROM user WHERE username = ?', [username], function(error, results, fields) {
if (results.length > 0) {
bcrypt.compare(password, results[0].password, function(err, res) {
if(res) {
jwt.sign({id: results[0].id}, 'sdfghwertyhbvcsdfghjk', (err, token) => {
response.json({token});
response.setHeader('Set-Cookie', ['item1=value1']);
});
// response.render(__dirname + "/views/bearer.html", {sessionToken: results3[0].token});
response.end();
} else {
response.send('Неправильно введены данные')
response.end();
}
})
} else {
response.send('Неправильно введены данные');
response.end();
}
});
} else {
response.send('Введите имя пользователя и пароль');
response.end();
}
});
function checkRights(request, result, next, rights) {
try {
var id = jwt.verify(request.headers.authorization, 'sdfghwertyhbvcsdfghjk').id;
db.query('SELECT * FROM user WHERE id = ?', [id] , function(error, results, fields) {
if (error) throw error;
if(results.length == 0) return false;
if(rights.indexOf(results[0].username) !== -1) {
request.user = results[0];
next()
} else
result.json({
error: "You are not allowed!!!"
});
});
} catch(e) {
result.json({
error: "Not authorized!!!"
});
}
}
function Authorized (request, res, next) {
checkRights(request, res, next, ['admin']);
}
app.get('/dashboard', [Authorized], function (req, res) {
res.send("OK");
res.end();
});