passport.js
module.exports = (passport) => {
passport.use(new LocalStrategy({
usernameField: 'username',
passwordField: 'password'
},
(username, password, done) => {
user.findOne(({ username: username }), async (err, user) => {
if (err) { return done(err); }
if (!user) { return done(null, false); }
const cpassword = await bcrypt.compare(password, user.password);
if (!cpassword) { return done(null, false); }
console.log(user._id)
const token = jwt.sign(
{
id: user._id,
username: user.username
},
"shubham"
);
adminRecords = {
token: token
}
return done(null, user, adminRecords);
});
}
));
passport.use(new JwtStrategy({
jwtFromRequest: ExtractJWT.fromAuthHeaderAsBearerToken(),
secretOrKey : 'key'
}, function(jwt_payload, done) {
console.log('1')
user.findOne({id: jwt_payload.sub}, function(err, user) {
if (err) {
return done(err, false);
}
if (user) {
return done(null, user);
} else {
return done(null, false);
// or you could create a new account
}
});
}));
};
passport.serializeUser(function (user, done) {
done(null, user)
})
passport.deserializeUser(function (id, done) {
user.find(id, function (err, user) {
done(err, user)
});
});
route.js
router.post('/profile', passport.authenticate('jwt', { session: false }),
function(req, res) {
console.log('1')
res.send(req.user.profile);
}
);
我正在尝试passport-jwt策略,并且在生成令牌的同时,它返回未经授权的状态码401。我正在使用令牌x-acccess-token = jwtToken,但是它返回未经授权的内容。
该如何调试?
答案 0 :(得分:0)
尝试在标题中设置
授权:不记名令牌
令牌和载体之间应该有空格
答案 1 :(得分:0)
如下所示替换jwtFromRequest:并尝试
cipher.init(Cipher.ENCRYPT_MODE, key.getPublic());
byte[] cipherText = cipher.doFinal(plainText);