发布到/ refresh api返回“未经授权”

时间:2020-01-09 06:43:09

标签: javascript angular jwt interceptor

我是刷新令牌的新手,但是我无法使我的应用程序正常工作。一旦JWT_TOKEN过期,我将无法连接到刷新api路由来刷新令牌。我收到错误消息:

加载资源失败:服务器响应状态为401(未经授权)

我不知道怎么了。

这是我的一些代码:

  refreshToken() {
    return this.http.post<any>(environment.apiBaseUrl + '/refresh', {
      'refreshToken': this.getRefreshToken()
    }).pipe(tap((tokens: Tokens) => {
      console.log('token', tokens);
      this.storeJwtToken(tokens.jwt);
    }));
  }

module.exports.refresh = (req, res, next) => {
  const refreshToken = req.body.refreshToken;

  if (refreshToken in refreshTokens) {
    /* Possible error in assignment */
    const user = {
      'email': refreshTokens[refreshToken].email,
      'fullName': refreshTokens[refreshToken].fullName
    }
    const token = jwt.sign(user, 'anything', {expiresIn: 2000});
    res.json({jwt: token})
  }
  else {
    res.sendStatus(401);
  }
}

  private handle401Error(request: HttpRequest<any>, next: HttpHandler) {
    if (!this.isRefreshing) {
      this.isRefreshing = true;
      this.refreshTokenSubject.next(null);
      console.log('good');
      return this.authService.refreshToken().pipe(
        switchMap((token: any) => {
          console.log('token', token);
          this.isRefreshing = false;
          this.refreshTokenSubject.next(token.jwt);
          return next.handle(this.addToken(request, token.jwt));
        }));

    } else {
      return this.refreshTokenSubject.pipe(
        filter(token => token != null),
        take(1),
        switchMap(jwt => {
          return next.handle(this.addToken(request, jwt));
        }));
    }
  }

  intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {

    if (this.authService.getJwtToken()) {
      request = this.addToken(request, this.authService.getJwtToken());
      console.log("Request:", this.addToken(request, this.authService.getJwtToken()));
      console.log("Request:", request, this.authService.getJwtToken());
    }

    return next.handle(request).pipe(catchError(error => {
      if (error instanceof HttpErrorResponse && error.status === 401) {
        console.log('TM Error 401', error);
        return this.handle401Error(request, next);
      } else {
        console.log('TM Error else', error);
        return throwError(error);
      }
    }));
  }

exports.verifyJwtToken = (req, res, next) => {
  if ('authorization' in req.headers) {
    const token = req.headers['authorization'].split(' ')[1];
    console.log('token', token);
    jwt.verify(token, '*****',
      (err, decoded) => {
        if (err) {
          console.log(err);
          res.status(401).send({ auth: false, message: 'Token authentication failed.' });
        }
        else {
          console.log(decoded);
          req.user = decoded;
          console.log("req.user", req.user);
          next();
        }
      })
  } else {
    res.status(403).send({ auth: false, message: 'No token provided.' });
  }
}

1 个答案:

答案 0 :(得分:1)

必须打开刷新令牌服务,因为您检查了过期的令牌和未授权错误。

刷新令牌服务只需获取旧令牌并返回新的有效令牌即可。并且应该跳过对过期令牌的检查。

检查this以获得更多信息

相关问题
最新问题